Packages changed:
apparmor (3.0.1 -> 3.0.3)
audit (3.0.2 -> 3.0.3)
audit-secondary (3.0.2 -> 3.0.3)
avahi
busybox-links
c-ares (1.17.1 -> 1.17.2)
ceph (16.2.5.111+ga5b472dfcf8 -> 16.2.5.113+g8b5bda7684e)
cloud-init
container-selinux (2.160.1 -> 2.164.2)
cri-tools (1.21.0 -> 1.22.0)
dhcp
diffutils (3.7 -> 3.8)
dracut (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b)
e2fsprogs (1.46.2 -> 1.46.3)
etcd
freetype2 (2.10.4 -> 2.11.0)
gdbm (1.19 -> 1.20)
glib2
gpgme
grep
grub2
gtk3
ipset (7.14 -> 7.15)
irqbalance (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148)
kernel-firmware (20210719 -> 20210812)
kernel-source (5.13.6 -> 5.13.8)
keyutils
krb5 (1.19.1 -> 1.19.2)
libXft (2.3.3 -> 2.3.4)
libapparmor (3.0.1 -> 3.0.3)
libesmtp
lvm2
lvm2-device-mapper
mozjs78 (78.11.0 -> 78.13.0)
ncurses (6.2.20210718 -> 6.2.20210724)
nfs-utils
pam
patterns-microos
pcre (8.44 -> 8.45)
python-distro (1.5.0 -> 1.6.0)
python-gobject
python-networkx (2.5.1 -> 2.6.1)
python-python-gnupg (0.4.6 -> 0.4.7)
python-pyzmq (22.1.0 -> 22.2.1)
python-tornado6
python38 (3.8.10 -> 3.8.11)
python38-core (3.8.10 -> 3.8.11)
qemu
rpcbind
snappy (1.1.8 -> 1.1.9)
systemd
transactional-update (3.4.0 -> 3.5.1)
u-boot-rpiarm64
=== Details ===
==== apparmor ====
Version update (3.0.1 -> 3.0.3)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add profiles-python-3.10-mr783.diff: update abstractions/python and
profiles for python 3.10
- update to AppArmor 3.0.3
- fix a failure in the parser tests
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
for the detailed upstream changelog
- update to AppArmor 3.0.2
- add missing permissions to several profiles and abstractions
(including boo#1188296)
- bugfixes in utils and parser (including boo#1180766 and boo#1184779)
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
for the detailed upstream changelog
- remove upstreamed patches:
- apparmor-dovecot-stats-metrics.diff
- abstractions-php8.diff
- crypto-policies-mr720.diff
==== audit ====
Version update (3.0.2 -> 3.0.3)
Subpackages: libaudit1 libauparse0
- Update to version 3.0.3:
* Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
* Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
* Change auparse_feed_has_data in auparse to include incomplete events
* Auditd, stop linking against -lrt
* Add ProtectHome and RestrictRealtime to auditd.service
* In auditd, read up to 3 netlink packets in a row
* In auditd, do not validate path to plugin unless active
* In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
- use https source urls
==== audit-secondary ====
Version update (3.0.2 -> 3.0.3)
Subpackages: audit python3-audit system-group-audit
- Update to version 3.0.3:
* Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
* Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
* Change auparse_feed_has_data in auparse to include incomplete events
* Auditd, stop linking against -lrt
* Add ProtectHome and RestrictRealtime to auditd.service
* In auditd, read up to 3 netlink packets in a row
* In auditd, do not validate path to plugin unless active
* In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
- use https source urls
==== avahi ====
Subpackages: libavahi-client3 libavahi-common3
- Obsolete the same version of mDNSResponder-lib and mDNSResponder
in baselib.conf and spec.
==== busybox-links ====
Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz
- Add shadow as BuildRequires
==== c-ares ====
Version update (1.17.1 -> 1.17.2)
- update to 1.17.2:
Security:
* When building c-ares with CMake, the RANDOM_FILE would not be set
and therefore downgrade to the less secure random number generator
* If ares_getaddrinfo() was terminated by an ares_destroy(),
it would cause a crash
* Crash in sortaddrinfo() if the list size equals 0 due to
an unexpected DNS response
* Expand number of escaped characters in DNS replies as per
RFC1035 5.1 to prevent spoofing follow-up
(bsc#1188881, CVE-2021-3672)
* Perform validation on hostnames to prevent possible XSS
due to applications not performing valiation themselves
Changes:
* ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
* Building tests should not force building of static libraries except on Windows
* Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2
==== ceph ====
Version update (16.2.5.111+ga5b472dfcf8 -> 16.2.5.113+g8b5bda7684e)
Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw
- Update to 16.2.5-113-g8b5bda7684e:
+ (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9
improved version of patch that did not work as intended
==== cloud-init ====
- Add cloud-init-update-test-characters-in-substitution-unit-test.patch
to fix unit test fail in TestGetPackageMirrorInfo::test_substitution.
==== container-selinux ====
Version update (2.160.1 -> 2.164.2)
- Update to version 2.164.2
* Don't setup users for writing to pid_sockets
* Allow container engines to be started from the staff user.
* Allow spc_t domains to set bpf rules on any domain
* Add support for k3s
==== cri-tools ====
Version update (1.21.0 -> 1.22.0)
- Update to version 1.22.0:
* Bump Kubernetes to v1.22.0
* Bump k8s.io/api from 0.21.3 to 0.22.0
* Bump k8s.io/cri-api from 0.21.3 to 0.22.0
* Bump k8s.io/kubectl from 0.21.3 to 0.22.0
* Bump k8s.io/apimachinery from 0.21.3 to 0.22.0
* Bump github.com/docker/docker
* Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
- Update to version 1.21.0:
* Bump README versions to v1.21.0
* Update dependencies
* Add dependabot config file
* Simplify test image build process for user images
* Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools
* Fix UID/GID and username values for test images
* Bump gcb-docker-gcloud image to v20210331-c732583
* Fix CRI-O master installation in GitHub actions
==== dhcp ====
Subpackages: dhcp-client
- bsc#1186249: Remove remaining references to /etc/init.d from
dhclient-script and if-up.d.dhcpd-restart-hook .
- Use , instead of - or / as a separator in sed when dealing with
path names.
==== diffutils ====
Version update (3.7 -> 3.8)
- diffutils 3.8:
* diff no longer treats a closed stdin as representing an absent
file in usage like 'diff --new-file - foo <&-'
* diff and related programs no longer get confused if stdin,
stdout, or stderr are closed
* cmp, diff and sdiff no longer treat negative command-line
option-arguments as if they were large positive numbers
- drop gnulib-test-avoid-FP-perror-strerror.patch, upstream
- drop gnulib-c-stack.patch, equivalent change in c-stack
- remove deprecated texinfo packaging macros
==== dracut ====
Version update (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b)
Subpackages: dracut-ima dracut-mkinitrd-deprecated
- Update to version 055+suse.115.gf65e559b:
* fix(suse-initrd): find links of usrmerged kernels (boo#1184804)
* fix(tpm2-tss): typo in depends()
* fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
- use manual mode in _service file
==== e2fsprogs ====
Version update (1.46.2 -> 1.46.3)
Subpackages: libcom_err2 libext2fs2
- Update to 1.46.3:
* Add -V and -VV options to filefrag
* Fix fs corruption cause by resize2fs on filesystems with MMP blocks
* Fast commit portability fixes
* Fix direct IO support in Unix IO manager
* Avoid calling EXT2_IOC_[GS]ETFLAGS for block devices
* Fix mke2fs to not discard blocks beyond end of filesystem
* Make e2fsck set filetype of '.' and '..' entries
* Fix QCOW image generation in e2image for very large filesystems
* Update translations
==== etcd ====
- Don't require systemd (works without, too)
- Change to sysuser-tools to create system user
==== freetype2 ====
Version update (2.10.4 -> 2.11.0)
- Update to version 2.11.0
* A new rendering module has been added to create 8-bit Signed
Distance Field (SDF) bitmaps for both outline and bitmap glyphs.
* A new, experimental API is now available for surfacing properties
of 'COLR' v1 color fonts.
* A new function `FT_Get_Transform` returns the values set by
FT_Set_Transform.
* The legacy Type 1 and CFF engines are further demoted due to lack
of CFF2 charstring support.
* The experimental 'warp' mode (AF_CONFIG_OPTION_USE_WARPER) for the
auto-hinter has been removed.
* The smooth rasterizer performance has been improved by >10%.
* PCF bitmap fonts compressed with LZW (these are usually files with
the extension .pcf.Z) are now handled correctly.
==== gdbm ====
Version update (1.19 -> 1.20)
Subpackages: libgdbm6 libgdbm_compat4
- version update to 1.20
* New bucket cache
The bucket cache support has been rewritten from scratch. The new
bucket cache code provides for significant speed up of search
operations.
* Change mmap prereading strategy
Pre-reading of the memory mapper regions, introduced in version 1.19
can be advantageous only when doing intensive look-ups on a read-only
database. It degrades performance otherwise, especially if doing
multiple inserts. Therefore, this version introduces a new flag
to gdbm_open: GDBM_PREREAD. When given, it enables pre-reading of
memory mapped regions.
- modified patches
% gdbm-no-build-date.patch (refreshed)
==== glib2 ====
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Add 63e7864.patch: Fix build with glibc 2.34: use 3 parameters
for close_range (boo#1189088).
- Drop patches fixed upstream on SLE and Leap 15.4:
+ glib2-add-support-for-slim-timezone-format.patch
+ glib2-fix-6-days-until-the-end-of-the-month.patch
+ glib2-CVE-2021-27218.patch
+ glib2-CVE-2021-27219-add-g_memdup2.patch
==== gpgme ====
- Fix build with glibc 2.34: [bsc#1189089]
* Use glibc's closefrom.
* Add gpgme-use-glibc-closefrom.patch
==== grep ====
- gnulib-c-stack.patch: Fix AC_SYS_XSI_STACK_OVERFLOW_HEURISTIC configure
check
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and
fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
with upstream backport:
0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and
0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch.
==== gtk3 ====
Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0
- Drop patch fixed upstream on SLE and Leap 15.4:
gtk3-x11-fix-menu-touch-by-pointer-emulation.patch
==== ipset ====
Version update (7.14 -> 7.15)
Subpackages: libipset13
- Update to release 7.15
* netfilter: ipset: Fix maximal range check in
hash_ipportnet4_uadt()
==== irqbalance ====
Version update (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148)
- Update to version 1.8.0.14.ga7f8148:
* irqbalance: Check validity of numa_node
* configure.ac: use pkg-config to find numa
* Disable the communication socket when UI is disabled
- Use %{?systemd_ordering} instead of %{?systemd_requires}
==== kernel-firmware ====
Version update (20210719 -> 20210812)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20210812 (git commit 24c4a85d8514):
* amdgpu: revert back to older raven2 sdma firmware
* amdgpu: revert back to older raven sdma firmware
* amdgpu: revert back to older picasso sdma firmware
* amdgpu: add initial vangogh support
* amdgpu: update vega20 firmware from 21.30
* amdgpu: update vega12 firmware from 21.30
* amdgpu: update vega10 firmware from 21.30
* amdgpu: update renoir firmware from 21.30
* amdgpu: update raven2 firmware from 21.30
* amdgpu: update raven firmware from 21.30
* amdgpu: update polaris12 firmware from 21.30
* amdgpu: update picasso firmware from 21.30
* amdgpu: update dimgrey cavefish firmware from 21.30
* amdgpu: update navy flounder firmware from 21.30
* amdgpu: update sienna cichlid firmware from 21.30
* amdgpu: update navi14 firmware from 21.30
* amdgpu: update navi12 firmware from 21.30
* amdgpu: update navi10 firmware from 21.30
* amdgpu: update green sardine firmware from 21.30
* amdgpu: update arcturus firmware from 21.30
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: update frimware for mediatek bluetooth chip (MT7921)
* linux-firmware: add firmware for MT7922
* QCA : Updated firmware files for WCN3991
* i915: Add v2.03 DMC for RKL
* i915: Add v2.12 DMC for TGL
* qca: Add firmware files for BT chip WCN6750.
==== kernel-source ====
Version update (5.13.6 -> 5.13.8)
- rpm/kernel-binary.spec.in: avoid high suse-release requirements
Not provided in stagings.
- commit 967c6a8
- net: usb: lan78xx: don't modify phy_device state concurrently (bsc#1188270).
- commit 79524ad
- Linux 5.13.8 (bsc#1012628).
- octeontx2-af: Remove unnecessary devm_kfree (bsc#1012628).
- perf pmu: Fix alias matching (bsc#1012628).
- can: j1939: j1939_session_deactivate(): clarify lifetime of
session object (bsc#1012628).
- i40e: Add additional info to PHY type error (bsc#1012628).
- io_uring: fix race in unified task_work running (bsc#1012628).
- Revert "perf map: Fix dso->nsinfo refcounting" (bsc#1012628).
- powerpc/pseries: Fix regression while building external modules
(bsc#1012628).
- powerpc/vdso: Don't use r30 to avoid breaking Go lang
(bsc#1012628).
- SMB3: fix readpage for large swap cache (bsc#1012628).
- bpf: Fix pointer arithmetic mask tightening under state pruning
(bsc#1012628).
- bpf: verifier: Allocate idmap scratch in verifier env
(bsc#1012628).
- bpf: Remove superfluous aux sanitation on subprog rejection
(bsc#1012628).
- bpf: Fix leakage due to insufficient speculative store bypass
mitigation (bsc#1012628).
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
(bsc#1012628).
- can: hi311x: fix a signedness bug in hi3110_cmd() (bsc#1012628).
- sis900: Fix missing pci_disable_device() in probe and remove
(bsc#1012628).
- tulip: windbond-840: Fix missing pci_disable_device() in probe
and remove (bsc#1012628).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
(bsc#1012628).
- block: delay freeing the gendisk (bsc#1012628).
- net/mlx5: Fix mlx5_vport_tbl_attr chain from u16 to u32
(bsc#1012628).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
(bsc#1012628).
- net/mlx5: Unload device upon firmware fatal error (bsc#1012628).
- net/mlx5e: Fix page allocation failure for ptp-RQ over SF
(bsc#1012628).
- net/mlx5e: Fix page allocation failure for trap-RQ over SF
(bsc#1012628).
- net/mlx5e: Add NETIF_F_HW_TC to hw_features when HTB offload
is available (bsc#1012628).
- net/mlx5e: RX, Avoid possible data corruption when relaxed
ordering and LRO combined (bsc#1012628).
- net/mlx5: E-Switch, handle devcom events only for ports on
the same device (bsc#1012628).
- net/mlx5: E-Switch, Set destination vport vhca id only when
merged eswitch is supported (bsc#1012628).
- net/mlx5e: Disable Rx ntuple offload for uplink representor
(bsc#1012628).
- net/mlx5: Fix flow table chaining (bsc#1012628).
- bpf, sockmap: Zap ingress queues after stopping strparser
(bsc#1012628).
- KVM: selftests: Fix missing break in dirty_log_perf_test arg
parsing (bsc#1012628).
- drm/msm/dp: Initialize the INTF_CONFIG register (bsc#1012628).
- drm/msm/dp: use dp_ctrl_off_link_stream during PHY compliance
test run (bsc#1012628).
- drm/msm/dpu: Fix sm8250_mdp register length (bsc#1012628).
- net: llc: fix skb_over_panic (bsc#1012628).
- KVM: x86: Check the right feature bit for MSR_KVM_ASYNC_PF_ACK
access (bsc#1012628).
- drm/i915/bios: Fix ports mask (bsc#1012628).
- drm/panel: panel-simple: Fix proper bpc for ytc700tlag_05_201c
(bsc#1012628).
- mlx4: Fix missing error code in mlx4_load_one() (bsc#1012628).
- net: phy: broadcom: re-add check for PHY_BRCM_DIS_TXCRXC_NOENRGY
on the BCM54811 PHY (bsc#1012628).
- octeontx2-pf: Dont enable backpressure on LBK links
(bsc#1012628).
- octeontx2-pf: Fix interface down flag on error (bsc#1012628).
- tipc: do not write skb_shinfo frags when doing decrytion
(bsc#1012628).
- can: mcp251xfd: mcp251xfd_irq(): stop timestamping worker in
case error in IRQ (bsc#1012628).
- ionic: count csum_none when offload enabled (bsc#1012628).
- ionic: fix up dim accounting for tx and rx (bsc#1012628).
- ionic: remove intr coalesce update from napi (bsc#1012628).
- ionic: catch no ptp support earlier (bsc#1012628).
- ionic: make all rx_mode work threadsafe (bsc#1012628).
- net: qrtr: fix memory leaks (bsc#1012628).
- loop: reintroduce global lock for safe loop_validate_file()
traversal (bsc#1012628).
- net: dsa: mv88e6xxx: silently accept the deletion of VID 0 too
(bsc#1012628).
- net: Set true network header for ECN decapsulation
(bsc#1012628).
- tipc: fix sleeping in tipc accept routine (bsc#1012628).
- tipc: fix implicit-connect for SYN+ (bsc#1012628).
- i40e: Fix log TC creation failure when max num of queues is
exceeded (bsc#1012628).
- i40e: Fix queue-to-TC mapping on Tx (bsc#1012628).
- i40e: Fix firmware LLDP agent related warning (bsc#1012628).
- i40e: Fix logic of disabling queues (bsc#1012628).
- netfilter: nft_nat: allow to specify layer 4 protocol NAT only
(bsc#1012628).
- netfilter: conntrack: adjust stop timestamp to real expiry value
(bsc#1012628).
- mac80211: fix enabling 4-address mode on a sta vif after assoc
(bsc#1012628).
- bpf: Fix OOB read when printing XDP link fdinfo (bsc#1012628).
- netfilter: nf_tables: fix audit memory leak in nf_tables_commit
(bsc#1012628).
- RDMA/rxe: Fix memory leak in error path code (bsc#1012628).
- platform/x86: amd-pmc: Fix missing unlock on error in
amd_pmc_send_cmd() (bsc#1012628).
- platform/x86: amd-pmc: Fix SMU firmware reporting mechanism
(bsc#1012628).
- platform/x86: amd-pmc: Fix command completion code
(bsc#1012628).
- RDMA/bnxt_re: Fix stats counters (bsc#1012628).
- cfg80211: Fix possible memory leak in function
cfg80211_bss_update (bsc#1012628).
- io_uring: fix poll requests leaking second poll entries
(bsc#1012628).
- io_uring: don't block level reissue off completion path
(bsc#1012628).
- io_uring: fix io_prep_async_link locking (bsc#1012628).
- nfc: nfcsim: fix use after free during module unload
(bsc#1012628).
- blk-iocost: fix operation ordering in iocg_wake_fn()
(bsc#1012628).
- drm/amdgpu: Fix resource leak on probe error path (bsc#1012628).
- drm/amdgpu: Avoid printing of stack contents on firmware load
error (bsc#1012628).
- drm/amdgpu: Check pmops for desired suspend state (bsc#1012628).
- drm/amd/display: ensure dentist display clock update finished
in DCN20 (bsc#1012628).
- NIU: fix incorrect error return, missed in previous revert
(bsc#1012628).
- net: stmmac: add est_irq_status callback function for GMAC
4.10 and 5.10 (bsc#1012628).
- HID: wacom: Re-enable touch by default for Cintiq 24HDT /
27QHDT (bsc#1012628).
- alpha: register early reserved memory in memblock (bsc#1012628).
- can: esd_usb2: fix memory leak (bsc#1012628).
- can: ems_usb: fix memory leak (bsc#1012628).
- can: usb_8dev: fix memory leak (bsc#1012628).
- can: mcba_usb_start(): add missing urb->transfer_dma
initialization (bsc#1012628).
- can: peak_usb: pcan_usb_handle_bus_evt(): fix reading
rxerr/txerr values (bsc#1012628).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
(bsc#1012628).
- can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between
consecutive TP.DT to 750ms (bsc#1012628).
- mm/memcg: fix NULL pointer dereference in memcg_slab_free_hook()
(bsc#1012628).
- mm: memcontrol: fix blocking rstat function called from atomic
cgroup1 thresholding code (bsc#1012628).
- ocfs2: issue zeroout to EOF blocks (bsc#1012628).
- ocfs2: fix zero out valid data (bsc#1012628).
- KVM: add missing compat KVM_CLEAR_DIRTY_LOG (bsc#1012628).
- x86/kvm: fix vcpu-id indexed array sizes (bsc#1012628).
- ACPI: DPTF: Fix reading of attributes (bsc#1012628).
- Revert "ACPI: resources: Add checks for ACPI IRQ override"
(bsc#1012628).
- btrfs: mark compressed range uptodate only if all bio succeed
(bsc#1012628).
- btrfs: fix rw device counting in __btrfs_free_extra_devids
(bsc#1012628).
- btrfs: fix lost inode on log replay after mix of fsync, rename
and inode eviction (bsc#1012628).
- fs/ext2: Avoid page_address on pages returned by ext2_get_page
(bsc#1012628).
- pipe: make pipe writes always wake up readers (bsc#1012628).
- selftest: fix build error in
tools/testing/selftests/vm/userfaultfd.c (bsc#1012628).
- commit 14162fe
- arm63: Update config files. (bsc#1188702)
- commit c97411a
- scsi: sr: Return correct event when media event code is 3
(bsc#1188767 bsc#1188728).
- commit 5794a07
- Linux 5.13.7 (bsc#1012628).
- ipv6: ip6_finish_output2: set sk into newly allocated nskb
(bsc#1012628).
- ARM: dts: versatile: Fix up interrupt controller node names
(bsc#1012628).
- iomap: remove the length variable in iomap_seek_hole
(bsc#1012628).
- iomap: remove the length variable in iomap_seek_data
(bsc#1012628).
- cifs: fix the out of range assignment to bit fields in
parse_server_interfaces (bsc#1012628).
- firmware: arm_scmi: Fix range check for the maximum number of
pending messages (bsc#1012628).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer
overflow (bsc#1012628).
- hfs: add lock nesting notation to hfs_find_init (bsc#1012628).
- hfs: fix high memory mapping in hfs_bnode_read (bsc#1012628).
- hfs: add missing clean-up in hfs_fill_super (bsc#1012628).
- drm/ttm: add a check against null pointer dereference
(bsc#1012628).
- nvme-pci: fix multiple races in nvme_setup_io_queues
(bsc#1012628).
- ipv6: allocate enough headroom in ip6_finish_output2()
(bsc#1012628).
- rcu-tasks: Don't delete holdouts within
trc_wait_for_one_reader() (bsc#1012628).
- rcu-tasks: Don't delete holdouts within trc_inspect_reader()
(bsc#1012628).
- sctp: move 198 addresses from unusable to private scope
(bsc#1012628).
- net: annotate data race around sk_ll_usec (bsc#1012628).
- net/802/garp: fix memleak in garp_request_join() (bsc#1012628).
- net/802/mrp: fix memleak in mrp_request_join() (bsc#1012628).
- cgroup1: fix leaked context root causing sporadic NULL deref
in LTP (bsc#1012628).
- workqueue: fix UAF in pwq_unbound_release_workfn()
(bsc#1012628).
- af_unix: fix garbage collect vs MSG_PEEK (bsc#1012628).
- commit b1bb2c4
==== keyutils ====
Subpackages: libkeyutils1
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
==== krb5 ====
Version update (1.19.1 -> 1.19.2)
- Update to 1.19.2
* Fix a denial of service attack against the KDC encrypted challenge
code; (CVE-2021-36222);
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
==== libXft ====
Version update (2.3.3 -> 2.3.4)
- Update to version 2.3.4
* This release handles the deprecation of the
FcNameRegisterObjectTypes API by fontconfig, and provides
minor cleanups for compiler warnings and man pages.
==== libapparmor ====
Version update (3.0.1 -> 3.0.3)
- add profiles-python-3.10-mr783.diff: update abstractions/python and
profiles for python 3.10
- update to AppArmor 3.0.3
- fix a failure in the parser tests
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
for the detailed upstream changelog
- update to AppArmor 3.0.2
- add missing permissions to several profiles and abstractions
(including boo#1188296)
- bugfixes in utils and parser (including boo#1180766 and boo#1184779)
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
for the detailed upstream changelog
- remove upstreamed patches:
- apparmor-dovecot-stats-metrics.diff
- abstractions-php8.diff
- crypto-policies-mr720.diff
==== libesmtp ====
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
==== lvm2 ====
Subpackages: liblvm2cmd2_03
- Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package
(bsc#1179047).
==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03
- Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package
(bsc#1179047).
==== mozjs78 ====
Version update (78.11.0 -> 78.13.0)
- Update to version 78.13.0esr.
MFSA 2021-34 (bsc#1188891)
* CVE-2021-29984 (bmo#1720031)
Incorrect instruction reordering during JIT optimization
==== ncurses ====
Version update (6.2.20210718 -> 6.2.20210724)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20210724
+ add workaround for Windows Terminal's problems with CR/LF mapping to
ms-terminal (patch by Juergen Pfeifer).
+ review/update current Windows Terminal vs ms-terminal -TD
- Correct offsets of patch ncurses-6.2.dif
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client
- Remove dependency on fedfs-utils-devel.
fedfs-utils was only ever a "technology preview" and is now
considered "end of life".
nfs-utils is not even built to use it as --enable-junction
isn't being passed to confgure
and fedfs-utils doesn't build wth glibc 2.34.
So remove the unnecessary dependency on fedfs-utils.
(bsc#1189085)
- Update to version 2.5.4
https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.4/2.5.4-Changelog
Notable changes:
* Handle failures in gssd better
* handle 'sloppy' option to mount better
* minor documentation improvements
- Drop 2.5.4-rc4 patches: nfs-utils-2-5-4-rc1.patch, nfs-utils-2-5-4-rc2.patch,
nfs-utils-2-5-4-rc3.patch, nfs-utils-2-5-4-rc4.patch.
==== pam ====
Subpackages: pam_unix
- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
explicit "usergroups" option and instead read it from login.def's
"USERGROUP_ENAB" option if umask is only defined there.
[bsc#1189139]
- package man5/motd.5 as a man-pages link to man8/pam_motd.8
[bsc#1188724]
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Switch from PulseAudio to PipeWire
==== pcre ====
Version update (8.44 -> 8.45)
- update to 8.45:
* This is the final PCRE1 release. A very few small issues have been fixed.
==== python-distro ====
Version update (1.5.0 -> 1.6.0)
- Update to version 1.6.0
* Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296]
* Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+
* Added type hints to distro module [#269]
* Added __version__ for checking distro version [#292]
* Added support for arbitrary rootfs via the root_dir parameter [#247]
* Added the --root-dir option to CLI [#161]
* Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262]
* Fixed subprocess.CalledProcessError when running lsb_release [#261]
* Ignore /etc/iredmail-release file while parsing distribution [#268]
* Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271]
==== python-gobject ====
- Adjust BuildRequires for python_module cairo to python-module
pycairo: the module was renamed 2 years ago.
- Skip build for python2: not supported anymore since 3.38.0.
==== python-networkx ====
Version update (2.5.1 -> 2.6.1)
- require pandas
- update to 2.6.2:
* This release is the result of 11 months of work with over 363 pull requests by
91 contributors. Highlights include:
* Dropped support for Python 3.6.
* NumPy, SciPy, Matplotlib, and pandas are now default requirements.
* NetworkX no longer depends on the library "decorator".
* Improved example gallery
* Removed code for supporting Jython/IronPython
* The __str__ method for graph objects is more informative and concise.
* Improved import time
* Improved test coverage
* New documentation theme
* Add functionality for drawing self-loop edges
* Add approximation algorithms for Traveling Salesman Problem
- drop 0001-Replace-hash-function-for-test-of-weighted-astar.patch,
yaml-loader.patch (merged upstream)
==== python-python-gnupg ====
Version update (0.4.6 -> 0.4.7)
- update to 0.4.7:
* Added support for no passphrase during key generation.
* Improved permission-denied test.
* Updated logging to only show partial results.
* Allowed a passphrase to be passed to import_keys().
==== python-pyzmq ====
Version update (22.1.0 -> 22.2.1)
- Update to 22.2.1
* Nicer reprs of contexts and sockets
* Memory allocated by recv(copy=False) is no longer read-only
* asyncio: Always reference current loop instead of attaching to
the current loop at instantiation time. This fixes e.g. contexts
and/or sockets instantiated prior to a call to asyncio.run.
==== python-tornado6 ====
- Remove exec bits from demos: fix boo#1189066
- Add python-tornado6-rpmlintrc for empty JS resource in demo
==== python38 ====
Version update (3.8.10 -> 3.8.11)
- Update to 3.8.11
* Security
- bpo-44022 (boo#1189241): mod:http.client now avoids
infinitely reading potential HTTP headers after a 100
Continue status response from the server.
- bpo-43882: The presence of newline or tab characters in parts
of a URL could allow some forms of attacks.
Following the controlling specification for URLs defined by
WHATWG urllib.parse() now removes ASCII newlines and tabs
from URLs, preventing such attacks.
- bpo-42800: Audit hooks are now fired for frame.f_code,
traceback.tb_frame, and generator code/frame attribute
access.
* Core and Builtins
- bpo-44070: No longer eagerly makes import filenames absolute,
except for extension modules, which was introduced in 3.8.10.
* Library
- bpo-44061: Fix regression in previous release when calling
pkgutil.iter_modules() with a list of pathlib.Path objects
- Use versioned python-Sphinx to avoid dependency on other
version of Python (bsc#1183858).
==== python38-core ====
Version update (3.8.10 -> 3.8.11)
Subpackages: libpython3_8-1_0 python38-base
- Update to 3.8.11
* Security
- bpo-44022 (boo#1189241): mod:http.client now avoids
infinitely reading potential HTTP headers after a 100
Continue status response from the server.
- bpo-43882: The presence of newline or tab characters in parts
of a URL could allow some forms of attacks.
Following the controlling specification for URLs defined by
WHATWG urllib.parse() now removes ASCII newlines and tabs
from URLs, preventing such attacks.
- bpo-42800: Audit hooks are now fired for frame.f_code,
traceback.tb_frame, and generator code/frame attribute
access.
* Core and Builtins
- bpo-44070: No longer eagerly makes import filenames absolute,
except for extension modules, which was introduced in 3.8.10.
* Library
- bpo-44061: Fix regression in previous release when calling
pkgutil.iter_modules() with a list of pathlib.Path objects
- Use versioned python-Sphinx to avoid dependency on other
version of Python (bsc#1183858).
==== qemu ====
- usb: unbounded stack allocation in usbredir
(bsc#1186012, CVE-2021-3527)
hw-usb-Do-not-build-USB-subsystem-if-not.patch
hw-usb-host-stub-Remove-unused-header.patch
usb-hid-avoid-dynamic-stack-allocation.patch
usb-limit-combined-packets-to-1-MiB-CVE-.patch
usb-mtp-avoid-dynamic-stack-allocation.patch
- usbredir: free call on invalid pointer in bufp_alloc
(bsc#1189145, CVE-2021-3682)
usbredir-fix-free-call.patch
- Add stable patches from upstream:
block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
hw-net-can-sja1000-fix-buff2frame_bas-an.patch
hw-pci-host-q35-Ignore-write-of-reserved.patch
==== rpcbind ====
- Add now working CONFIG parameter to sysusers generator
- UsrMerge changes
==== snappy ====
Version update (1.1.8 -> 1.1.9)
- Update to 1.1.9:
* Performance improvements
- Add fix-always-inline.patch
- Add use-system-test-libs.patch
- Add a hardcoded snappy.pc file
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev
- Avoid the error message when udev is updated due to udev being
already active when the sockets are started again (bsc#1188291)
==== transactional-update ====
Version update (3.4.0 -> 3.5.1)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.1
- t-u: Disable status file generation by default
The new experimental `status` command requires the availability of
/etc/YaST2/control.xml, which is not present on all systems. Hide the
creation of the corresponding status file behind a new EXPERIMENTAL_STATUS
option to try out this functionality.
- Increase library version
- Add tukit.conf to spec file
- Version 3.5.0
- Add alias setDiscardIfUnchanged for setDiscard. The old method name
wasn't really clear and will be removed if we should have an API break
in the future
- Replace mkinitrd with direct dracut call [boo#1186213]
- tukit: Add configuration file support (/etc/tukit.conf)
- Allow users to configure additional bind mounts (see /usr/etc/tukit.conf
for an example and limitations) [bsc#1188322]
- Add 'transactional-update status' call. This is a POC for obtaining a
hash of a system to verify its integrity. The functionality is still
experimental!
- Internal bugfixes / optimizations
==== u-boot-rpiarm64 ====
Subpackages: u-boot-rpiarm64-doc
- u-boot-bin.spl is used for UART or USB boot. Lets package it
for convinience.
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07
* Patches added:
0014-btrfs-Use-default-subvolume-as-file.patch - boo#1185656