Packages changed:
apparmor
cockpit (250 -> 251.3)
ethtool (5.15 -> 5.16)
fcoe-utils
fontconfig
glib2 (2.70.2 -> 2.70.3)
graphite2
installation-images-MicroOS (17.38 -> 17.39)
iputils
kernel-source (5.16.1 -> 5.16.2)
keylime (6.2.1 -> 6.3.0)
libapparmor
polkit
procps
python-py (1.10.0 -> 1.11.0)
qemu
raspberrypi-firmware (2021.12.01 -> 2022.01.24)
raspberrypi-firmware-config (2021.12.01 -> 2022.01.24)
raspberrypi-firmware-dt (2021.11.19 -> 2022.01.19)
salt (3003.3 -> 3004)
selinux-policy (20211111 -> 20220124)
snapper (0.9.0 -> 0.9.1)
suse-module-tools (16.0.18 -> 16.0.19)
toolbox
u-boot-rpiarm64
userspace-rcu (0.13.0 -> 0.13.1)
util-linux (2.37.2 -> 2.37.3)
vim (8.2.4063 -> 8.2.4186)
wpa_supplicant (2.9 -> 2.10)
yast2 (4.4.39 -> 4.4.43)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
MR 827)
==== cockpit ====
Version update (250 -> 251.3)
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system
- new version 251.3
* https://cockpit-project.org/blog/cockpit-251.html
with additional fixes
* Fix "Administrative Access" prompt for "Duo" MFA
==== ethtool ====
Version update (5.15 -> 5.16)
- update to upstream release 5.16
* Feature: use memory maps for module EEPROM parsing (-m)
* Feature: show CMIS diagnostic information (-m)
* Fix: fix dumping advertised FEC modes (--show-fec)
* Fix: ignore cable test notifications from other devices
(--cable-test)
* Fix: do not show duplicate options in help text (--help)
==== fcoe-utils ====
- Added upstream commit to fix gcc12 warning/errors:
* fcoe-utils-Fix-GCC-12-warning.patch
==== fontconfig ====
Subpackages: libfontconfig1
- adding bug reference to this changelog [bsc#1172301]
==== glib2 ====
Version update (2.70.2 -> 2.70.3)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Update to version 2.70.3:
+ Several important fixes to FD handling in gspawn.
+ Several important fixes to GDBus message and GVariant parsing
of invalid data.
+ Fix potential data loss due to missing fsync when saving files
on btrfs.
+ Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506,
glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572,
glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394,
glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437,
glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455.
+ Updated translations.
==== graphite2 ====
- Fix license header so that it corresponds to SPDX abbreviation
==== installation-images-MicroOS ====
Version update (17.38 -> 17.39)
- merge gh#openSUSE/installation-images#571
- use for build proper schema flavor (jsc#SLE-18820)
- 17.39
==== iputils ====
- temporarily reintroduce rarpd and rdisc tools to get them into
15sp4 [jsc#SLE-23521]
==== kernel-source ====
Version update (5.16.1 -> 5.16.2)
- Update
patches.kernel.org/5.16.2-005-vfs-fs_context-fix-up-param-length-parsing-in-.patch
(bsc#1012628 CVE-2022-0185 bsc#1194517).
Add CVE reference.
- commit 0d710a8
- s390/mm: fix 2KB pgtable release race (bsc#1188896).
- commit 6f62d73
- HID: wacom: Avoid using stale array indicies to read contact
count (bsc#1194667).
- HID: wacom: Ignore the confidence flag when a touch is removed
(bsc#1194667).
- HID: wacom: Reset expected and received contact counts at the
same time (bsc#1194667).
- commit 07a970c
- Linux 5.16.2 (bsc#1012628).
- ALSA: hda/realtek: Re-order quirk entries for Lenovo
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Legion Y9000X 2020
(bsc#1012628).
- ALSA: hda/tegra: Fix Tegra194 HDA reset failure (bsc#1012628).
- ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker
quirk (bsc#1012628).
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus
Master after reboot from Windows (bsc#1012628).
- ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP
laptop (bsc#1012628).
- ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5
devices (bsc#1012628).
- perf annotate: Avoid TUI crash when navigating in the annotation
of recursive functions (bsc#1012628).
- firmware: qemu_fw_cfg: fix kobject leak in probe error path
(bsc#1012628).
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate
entries (bsc#1012628).
- firmware: qemu_fw_cfg: fix sysfs information leak (bsc#1012628).
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore()
with interrupts enabled (bsc#1012628).
- media: uvcvideo: fix division by zero at stream start
(bsc#1012628).
- video: vga16fb: Only probe for EGA and VGA 16 color graphic
cards (bsc#1012628).
- 9p: fix enodata when reading growing file (bsc#1012628).
- 9p: only copy valid iattrs in 9P2000.L setattr implementation
(bsc#1012628).
- NFSD: Fix zero-length NFSv3 WRITEs (bsc#1012628).
- remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP
(bsc#1012628).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART
(bsc#1012628).
- KVM: x86: don't print when fail to read/write pv eoi memory
(bsc#1012628).
- KVM: x86: Register Processor Trace interrupt hook iff PT
enabled in guest (bsc#1012628).
- KVM: x86: Register perf callbacks after calling vendor's
hardware_setup() (bsc#1012628).
- perf: Protect perf_guest_cbs with RCU (bsc#1012628).
- vfs: fs_context: fix up param length parsing in
legacy_parse_param (bsc#1012628).
- remoteproc: qcom: pil_info: Don't memcpy_toio more than is
provided (bsc#1012628).
- orangefs: Fix the size of a memory allocation in
orangefs_bufmap_alloc() (bsc#1012628).
- drm/amd/display: explicitly set is_dsc_supported to false
before use (bsc#1012628).
- devtmpfs regression fix: reconfigure on each mount
(bsc#1012628).
- commit 6fa29ec
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
Using the the default path is broken since Linux 5.17
- commit 68b36f0
- disable the Bluetooth patch again
The kernel is currently tested whether the patch is needed at all. As
95655456e7ce in upstream might fix the issue too (but differently).
- commit c3bbaae
- series.conf: cleanup
- move mainline patches into sorted section:
- patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch
- patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch
- patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch
- update upstream references and move into sorted section:
- patches.suse/ALSA-usb-audio-Add-minimal-mute-notion-in-dB-mapping.patch
- patches.suse/ALSA-usb-audio-Fix-dB-level-of-Bose-Revolve-SoundLin.patch
- patches.suse/ALSA-usb-audio-Use-int-for-dB-map-values.patch
No effect on expanded tree.
- commit 607f978
- Refresh and reenable
patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch.
- commit a7b7c0d
- series.conf: Add sorted section header/footer
Even though we don't carry many patches in the stable or master
branches, having the sorted section header/footer allows the automated
tools to work.
- commit 05f8150
==== keylime ====
Version update (6.2.1 -> 6.3.0)
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime
- Drop patches beacuse merged upstream:
* 0001-Drop-dataclasses-module-usage.patch
* 0001-config-support-merge-multiple-config-files.patch
* 0001-ca-support-back-old-cyptography-API.patch
- Update to version v6.3.0:
* Coordinated update to fix:
+ bsc#1193997 (CVE-2022-23948)
+ bsc#1193998 (CVE-2021-43310)
+ bsc#1194000 (CVE-2022-23949)
+ bsc#1194002 (CVE-2022-23950)
+ bsc#1194004 (CVE-2022-23951)
+ bsc#1194005 (CVE-2022-23952)
* secure_mount: add umount function
* secure_mount: use /proc/self/mountinfo
* Validate user ID in all public interfaces
* validators: add uuid and agent_id validators
* validators: create validators module
* revocation_notifier: move zmq socket to /var/run/keylime
* Update API version from 1.0 to 2.0
* tpm: do not compress quote with zlib by default
* verifier: persist AK and mTLS certificate to DB
* verifier: use "supported_version" for agent connections
* tenant: add support for "supported_version" option for the verifier
* api_version: add the option for basic validation
* verifier: add supported_version field to DB and API
* agent: add /version to REST API
* verifier, tenant: allow agents to not use mTLS
* tenant, verifier: allow manual configuration of agent mTLS
* tests: migrate to mTLS
* tenant: connect to the agent via mTLS
* verifier: connect to the agent via mTLS
* tornado_requests: handle SSLError
* web_util: add mTLS context generation for agent
* agent: Enable mTLS for agent REST API
* crypto: add helper function for creating self signed certs
* registrar: Allow the agent to registrar with a mTLS certificate
* request_client: add workaround for handling certificates
* request_client: add the option to ignore hostname validation
* Better docs and errors about IMA hash mismatches
* tests: use JSON instead Python string for IMA tests
* verifier: use json.loads(..) instead of ast.literal_eval(..)
* Adding Nuvoton certificate for a post 2020 TPM device. The EK cert
of the device directs to the following download site:
'https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root
CA 1111.cer' (yes, including the spaces)
* Improve revocation notifier IP description in keylime.conf
* tornado_requests: set Content-Type header correctly for JSON
* tenant: post U key to agent with correct Content-Type header
* Explicitly set permissions on new keylime.conf files installed
* tpm_main: close file descriptor for aik handle
* verifier: do not call finish() twice
* agent: fix payload execution
* tests: add initial tests for web_util module
* config, web_util: move get_restful_params(..) to web_util
* verifier: Also retry on HTTP 500 status code
* agent: improve startup and shutdown
* registrar: cleanup start function
* web_util: move echo_json_response(..) out of config.py
* verifier: fix failure generation for V key
* tornado_requests: cleanup TornadoResponse class
* web_util, verifier: move mTLS SSLContext generation into separate module
* ca: support back old cyptography API
* Fix test branch reference in packit.yaml
* ci: disable DeprecationWarning from pylint in tox
* Enable new test in Packit CI
* tenant: fix reactivate command
* config: support merge multiple config files
* ci: use only fedora-stable for packit
* elchecking: harden example policy against event type manipulation
* elchecking: add new tests
* tests: fix stdout formatting for agent and verifier
* Drop dataclasses module usage
* revocation notifier: handle shutdown of process gracefully
* verifier: handle SIGINT and SIGTERM correctly
* ima_emulator: fix IMA hash validation and add more options
* ima_ast: fix handling ToMToU errors
* Remove leftovers of TPM 1.2 support
* agent: improved validation for post function
* agent: better validation for mask and nonce
* config: add function to validate hex strings
* agent: keys/verify check if challenge was provided
* tpm_main: do not append /usr/local/{bin,lib} to default env
* db: only set length on Text type if supported
* json: do not make sqlalchemy a hard requirement
* Enable functional testing with Packit CI
* ima_emulator: specify sys.argv as the named parameter argv in main()
* elchecking example policy: make it work with Fedora 34
* elchecking example policy: initrd* might be also called initramfs*
* scripts: add mb_refstate generator for example policy
* config: change tpm_hash_alg to SHA1 by default
* parse_mb_bootlog: specify the used hash algorithm used for PCRs
* agent: add warning that on kernels <5.10 IMA only works with SHA1
* tpm: explicitly pass hash alg to sim_extend(..)
* ima emulator: use IMA AST and support multiple hash algorithms
* tests: update IMA allowlist version number
* ima: add option 'log_hash_alg' to IMA allowlist
* ima: remove hard requirement for SHA1 PCR 10
* algorithms: extend Hash class to simplify computing hash values
* config, tpm_main: explicitly handle YAML load errors
* config: private_key must be set to -private.pem not -public.pem
* agent: add UUID option environment
* agent: drop openstack uuid option
- Set /var/lib/keylime under the same permissions expected by the code
==== libapparmor ====
- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
MR 827)
==== polkit ====
Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0
- Switch from mozjs to duktape:
* Add duktape-support.patch
- Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 bsc#1194568)
CVE-2021-4034-pkexec-fix.patch
==== procps ====
Subpackages: libprocps8
- Correct used URLs
==== python-py ====
Version update (1.10.0 -> 1.11.0)
- update to 1.11.0:
* Support Python 3.11
* Support ``NO_COLOR`` environment variable
* Update vendored apipkg: 1.5 => 2.0
==== qemu ====
- Enable modules for testsuite
* Patches added:
meson-build-all-modules-by-default.patch
==== raspberrypi-firmware ====
Version update (2021.12.01 -> 2022.01.24)
- Update to 9c04ed2c1a (2022-01-24):
* firmware: platform: Limit max clock-id to CLOCK_VEC for now
See: #1688
- Update to 827fdd0736 (2022-01-20):
* firmware: dtoverlay: Don't mix non-fatal errors and offsets
See: #1686
* firmware: arm_loader: Load vl805 overlay on CM4
See: https://forums.raspberrypi.com/viewtopic.php?t=326088
* firmware: gencmdserv: Add mailbox interface to gencmd
* firmware: improve firmware camera detection
* firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1
See: #1671
* firmware: ldconfig: Discard subsequent chunks from a truncated line
See: #1669
* firmware: cec: Fail set_passive_mode when running with kms
* firmware: Firmware: Remove PWM/audio traits for CM4
* firmware: usb: Fix non-BCM2711 MSD support
See: raspberrypi/usbboot#102
==== raspberrypi-firmware-config ====
Version update (2021.12.01 -> 2022.01.24)
- Update to 9c04ed2c1a (2022-01-24):
* firmware: platform: Limit max clock-id to CLOCK_VEC for now
See: #1688
- Update to 827fdd0736 (2022-01-20):
* firmware: dtoverlay: Don't mix non-fatal errors and offsets
See: #1686
* firmware: arm_loader: Load vl805 overlay on CM4
See: https://forums.raspberrypi.com/viewtopic.php?t=326088
* firmware: gencmdserv: Add mailbox interface to gencmd
* firmware: improve firmware camera detection
* firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1
See: #1671
* firmware: ldconfig: Discard subsequent chunks from a truncated line
See: #1669
* firmware: cec: Fail set_passive_mode when running with kms
* firmware: Firmware: Remove PWM/audio traits for CM4
* firmware: usb: Fix non-BCM2711 MSD support
See: raspberrypi/usbboot#102
==== raspberrypi-firmware-dt ====
Version update (2021.11.19 -> 2022.01.19)
- Switch to 5.16 branch - boo#1194423
- Update to ffd6c6dc4dbf (2022-01-19)
==== salt ====
Version update (3003.3 -> 3004)
Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration salt-transactional-update
- Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Added:
* state.apply-don-t-check-for-cached-pillar-errors.patch
- Modified:
* add-migrated-state-and-gpg-key-management-functions-.patch
* switch-firewalld-state-to-use-change_interface.patch
* include-aliases-in-the-fqdns-grains.patch
* debian-info_installed-compatibility-50453.patch
* info_installed-works-without-status-attr-now.patch
* fix-traceback.print_exc-calls-for-test_pip_state-432.patch
* add-custom-suse-capabilities-as-grains.patch
* add-rpm_vercmp-python-library-for-version-comparison.patch
* 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
* support-transactional-systems-microos.patch
* do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
* enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
* update-target-fix-for-salt-ssh-to-process-targets-li.patch
* fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
* enhance-openscap-module-add-xccdf_eval-call-386.patch
* add-environment-variable-to-know-if-yum-is-invoked-f.patch
* zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
* run-salt-master-as-dedicated-salt-user.patch
* 3003.3-postgresql-json-support-in-pillar-423.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
* early-feature-support-config.patch
* implementation-of-held-unheld-functions-for-state-pk.patch
* x509-fixes-111.patch
* fix-issues-with-salt-ssh-s-extra-filerefs.patch
* mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* refactor-and-improvements-for-transactional-updates-.patch
* improvements-on-ansiblegate-module-354.patch
* revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
- Removed:
* add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
* prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
* do-not-break-master_tops-for-minion-with-version-low.patch
* don-t-call-zypper-with-more-than-one-no-refresh.patch
* do-not-monkey-patch-yaml-bsc-1177474.patch
* add-missing-aarch64-to-rpm-package-architectures-405.patch
* figure-out-python-interpreter-to-use-inside-containe.patch
* parsing-epoch-out-of-version-provided-during-pkg-rem.patch
* fix-a-test-and-some-variable-names-229.patch
* add-astra-linux-common-edition-to-the-os-family-list.patch
* better-handling-of-bad-public-keys-from-minions-bsc-.patch
* templates-move-the-globals-up-to-the-environment-jin.patch
* virt-enhancements.patch
* fix-aptpkg.normalize_name-when-package-arch-is-all.patch
* adding-preliminary-support-for-rocky.-59682-391.patch
* fix-save-for-iptables-state-module-bsc-1185131-372.patch
==== selinux-policy ====
Version update (20211111 -> 20220124)
Subpackages: selinux-policy-targeted
- Update to version 20220124. Refreshed:
* fix_hadoop.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_systemd.patch
* fix_systemd_watch.patch
- Added fix_hypervkvp.patch to fix issues with hyperv labeling
(bsc#1193987)
==== snapper ====
Version update (0.9.0 -> 0.9.1)
Subpackages: libsnapper5
- added bash completion provided by community
- look for most configuration files in /etc/snapper and
/usr/share/snapper (bsc#1189601)
- version 0.9.1
==== suse-module-tools ====
Version update (16.0.18 -> 16.0.19)
- Update to version 16.0.19:
* Add /etc/modprobe.d/README on SLE/Leap (bsc#1195051)
* rpm-script: force-copy kernel to /boot (boo#1194501)
==== toolbox ====
- Allow docker as an alternative to podman in the package Requires. This was
supported since 2.2.
==== u-boot-rpiarm64 ====
Subpackages: u-boot-rpiarm64-doc
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2022.01
* Patches added:
0016-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch
0017-rockchip-sdhci-Fix-RK3399-eMMC-PHY-.patch
==== userspace-rcu ====
Version update (0.13.0 -> 0.13.1)
- update to 0.13.1:
* fix: properly detect 'cmpxchg' on x86-32
* fix: use urcu-tls compat with c++ compiler
* fix: remove autoconf features default value in help message
* fix: add missing pkgconfig file for memb flavour lib
* Make temporary variable in _rcu_dereference non-const
* Fix: x86 and s390: uatomic __hp() macro C++ support
* Fix: x86 and s390: uatomic __hp() macro clang support
* Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11
==== util-linux ====
Version update (2.37.2 -> 2.37.3)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- update to 2.37.3 (bsc#1194976):
This release fixes two security mount(8) and umount(8) issues:
* CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
* CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
==== vim ====
Version update (8.2.4063 -> 8.2.4186)
Subpackages: vim-data-common vim-small
- Updated to version 8.2.4186, fixes the following problems
* Vim9: exported function in autoload script not found. (Yegappan Lakshmanan)
* Foam files are not detected.
* Computation overflow with large count for :yank.
* Vim9: imported autoload script loaded again.
* Vim9: cannot call imported function with :call. (Drew Vogel)
* Vim9: import test fails.
* Vim9: import test fails on MS-Windows.
* Using uninitialized memory when reading empty file.
* Vim9: no detection of return in try/endtry. (Dominique Pell�)
* Vim9: compiling function fails when autoload script is not loaded yet.
* Coverity warns for using NULL pointer.
* Going over the end of NameBuff.
* Test failures.
* Memory leak in autoload import.
* Not all Libsensors files are recognized.
* Terminal test for current directory not used on FreeBSD.
* MS-Windows: "gvim --version" didn't work when build with VIMDLL.
* Not sufficient test coverage for xxd.
* CodeQL reports problem in if_cscope causing it to fail.
* Check for autoload file name and prefix fails. (Christian J. Robinson)
* Vim9: no test for "vim9script autoload' and using script variable in
the same script.
* Memory leak when looking for autoload prefixed variable.
* Vim9: no test for using import in legacy script.
* "cctx" argument of find_func_even_dead() is unused.
* Cannot test items from an autoload script easily.
* Xxd cannot output everything in one line.
* Terminal test for current directory fails on FreeBSD.
* After restoring a session buffer order can be quite different.
* Virtcol is recomputed for statusline unnecessarily.
* MacOS CI: unnecessarily doing "Install packages".
* Cached breakindent values not initialized properly.
* 'virtualedit' is window-local but using buffer-local enum.
* Sed script not recognized by the first line.
* Linux CI: unnecessarily installing packages
* Wrong number in error message on 32 bit system. (John Paul Adrian Glaubitz)
* Typing "interrupt" at debug prompt may keep exception around, causing
function calls to fail.
* Vim9: cannot use Vim9 syntax in mapping.
* Early return when getting the 'formatlistpat' value.
* Warning for unused argument in tiny version.
* Vim9: import cannot be used after method.
* Vim9: variable declared in for loop not initialzed.
* Vim9: lower casing the autoload prefix causes problems.
* Translation related comment in the wrong place.
* Going over the end of the w_lines array.
* Script context not restored after using <ScriptCmd>.
* Going over the end of the w_lines array.
* MS-Windows: high dpi support is outdated.
* Coverity warns for using NULL pointer.
* Potential proglem when map is deleted while executing.
* Function not deleted at end of test.
* Typo on DOCMD_RANGEOK results in not recognizing command.
* Vim9: type checking for a funcref does not work for when it is used in
a method.
* Cannot use a method with a complex expression.
* Vim9: cannot use a method with a complex expression in a :def function.
* Vim9: wrong white space error after using imported item.
* Using UNUSED for argument that is used.
* Build failure when disabling the channel feature.
* Block insert goes over the end of the line.
* Visual test fails on MS-Windows.
* ":command Cmd" does not show custom completion argument.
* Complete function cannot be import.Name.
* Vim9: method in compiled function may not see script item.
* Completion tests fail.
* Crash on exit when built with dynamic Tcl and EXITFREE is
defined. (Dominique Pell�)
* Build failure without the +eval feature.
* Crash when method cannot be found. (Christian J. Robinson)
* Building with +sound but without +eval fails. (Dominique Pell�)
* MS-Windows: MSVC build may have libraries duplicated.
* Vim9: calling function in autoload import does not work in a :def function.
* Vim9: wrong error message when autoload script can't be found.
* output of ":scriptnames" goes into the message history, while this des
not happen for other commands, such as ":ls".
* MS-Windows: test for import with absolute path fails.
* Vim9: ":scriptnames" shows unloaded imported autoload script.
* Vim9: the "autoload" argument of ":vim9script" is not useful.
* Vim9: calling import with and without method is inconsistent.
* Vim9: no error for return with argument when the function does not
return anything.
* Using freed memory if an expression abbreviation deletes the abbreviation.
* maparg() does not indicate the type of script where it was defined.
* Vim9 builtin functions test fails.
* Build failure with normal features without persistent undo.
* MS-Windows: IME support for Win9x is obsolete.
* Cannot load libsodium dynamically.
* Confusing error when using name of import for a function.
* Vim9: shadowed function can be used in compiled function but not at
script level.
* E464 does not always include the offending command.
* Deleting any mapping may cause <ScriptCmd> to not set the script context.
* Test override not restored, autocommand left behind.
* Coverity warns for using pointer after free.
* Reading beyond the end of a line.
* Block insert with double wide character fails.
* MS-Windows: Global IME is no longer supported.
* ml_get error when exchanging windows in Visual mode.
* Translating strftime() argument results in check error.
* Fileinfo message overwrites echo'ed message.
* Terminal test fails because Windows sets the title.
* MS-Windows: memory leak in :browse.
* MS-Windows: _WndProc() is very long.
* Cannot change the register used for Select mode delete.
* Vim9: warning for missing white space after imported variable.
* Vim9: no error for redefining function with export.
* No error for omitting function name after autoload prefix.
* Error in legacy code for function shadowing variable.
* The nv_g_cmd() function is too long.
* Undo synced when switching buffer in another window.
* Vim9: error message for old style import.
* Disallowing empty function name breaks existing plugins.
* MS-Windows: unnessary casts and other minor things.
* MS-Windows: still using old message API calls.
* Cannot invoke option function using autoload import.
* Filetype detection for BASIC is not optimal.
* Cannot use an import in 'foldexpr'.
* Vim9: can use an autoload name in normal script.
* MS-Windows: runtime check for multi-line balloon is obsolete.
* Vim9: cannot use imported function with call().
* Vim9: autoload script not loaded after "vim9script noclear".
* Vim9: invalid error for return type of lambda when debugging.
* 'foldtext' is evaluated in the current script context.
* 'balloonexpr' is evaluated in the current script context.
* Vim9: cannot use an import in 'diffexpr'.
* Memory leak when evaluating 'diffexpr'.
* Cannot use an import in 'formatexpr'.
* Cannot use an import in 'includeexpr'.
* Cannot use an import in 'indentexpr'.
* Cannot use an import in 'patchexpr'.
==== wpa_supplicant ====
Version update (2.9 -> 2.10)
- update to 2.10.0:
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2); this is currently disabled by default, but will likely
get enabled by default in the future
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
invalid frame
[https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
invalid frame
[https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow
secret information to be moved away from the main configuration file
without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback
to other compiled in options
* a large number of other fixes, cleanup, and extensions
- drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch,
CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch:
upstream
- refresh config from 2.10 defconfig, re-enable CONFIG_WEP
==== yast2 ====
Version update (4.4.39 -> 4.4.43)
- ProductFeatures: add boot timeout option (jsc#SLE-22667)
- 4.4.43
- Added Y2Packager::NewRepositorySetup to track new repositories
(related to bsc#1194453)
- 4.4.42
- Fix PackageAI call to PackagesProposal.GetResolvable. It prevents
a crash when cloning a system (bsc#1195137).
- 4.4.41
- Use Package module instead of PackageSystem (bsc#1194886).
- 4.4.40