------------------------------------------------------------------ --- Changelog.all ----------- Wed Nov 16 16:51:58 UTC 2022 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2022-11-16 - Nov 16 2022 ------------------- ------------------------------------------------------------------ ++++ openSUSE-repos-LeapMicro: - Update to version 20221116.d3d7bc7: * Use zypp style variable for DIST_ARCH boo#1205460 * Remove service generated service file on uninstall ------------------------------------------------------------------ ------------------ 2022-11-3 - Nov 3 2022 ------------------- ------------------------------------------------------------------ ++++ systemd: - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 ae2067b062 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821) 0469b9f2bc pstore: do not try to load all known pstore modules ad05f54439 pstore: Run after modules are loaded ccad817445 core: Add trigger limit for path units 281d818fe3 core/mount: also add default before dependency for automount mount units ffe5b4afa8 logind: fix crash in logind on user-specified message string ++++ sudo: - Added sudo-CVE-2022-43995.patch * CVE-2022-43995 * bsc#1204986 * Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend. ------------------------------------------------------------------ ------------------ 2022-11-2 - Nov 2 2022 ------------------- ------------------------------------------------------------------ ++++ openSUSE-repos-LeapMicro: - Update to version 20221103.b904c44: * drop dependency on suse-release ------------------------------------------------------------------ ------------------ 2022-10-28 - Oct 28 2022 ------------------- ------------------------------------------------------------------ ++++ openssl-1_1: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel [bsc#1202148] ------------------------------------------------------------------ ------------------ 2022-10-27 - Oct 27 2022 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - Require libjitter only for SLE15-SP4 and greater ------------------------------------------------------------------ ------------------ 2022-10-26 - Oct 26 2022 ------------------- ------------------------------------------------------------------ ++++ expat: - Security fix: * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations - Added patch expat-CVE-2022-43680.patch ++++ mozilla-nss: - update to NSS 3.79.2 (bsc#1204729) * bmo#1785846 - Bump minimum NSPR version to 4.34.1. * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. ------------------------------------------------------------------ ------------------ 2022-10-25 - Oct 25 2022 ------------------- ------------------------------------------------------------------ ++++ libtasn1: - Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690). ------------------------------------------------------------------ ------------------ 2022-10-24 - Oct 24 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Include loopback into signed grub2 image (jsc#PED-2150) ------------------------------------------------------------------ ------------------ 2022-10-21 - Oct 21 2022 ------------------- ------------------------------------------------------------------ ++++ libarchive: - Fix CVE-2021-31566, modifies file flags of symlink target (CVE-2021-31566, bsc#1192426.patch) CVE-2021-31566.patch - Fix bsc#1192427, processing fixup entries may follow symbolic links bsc1192427.patch ------------------------------------------------------------------ ------------------ 2022-10-20 - Oct 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-firmware: - Update firmware for CS35L41 codecs (bsc#1203699): copied from https://github.com/CirrusLogic/linux-firmware ++++ protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 * Add protobuf-CVE-2022-1941.patch - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 * Add protobuf-CVE-2022-3171.patch - Refresh protobuf-CVE-2021-22570.patch - Backport changes from 3.16.x tree for apply recent CVE patches * Add protobuf-51026d922970e06475f005b39287963594134b96.patch * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch - Reorganize patch set ordering ++++ rsync: - Fix --delay-updates never updates after interruption [bsc#1204538] * Added patch rsync-fix-delay-updates-never-updates-after-interruption.patch ------------------------------------------------------------------ ------------------ 2022-10-19 - Oct 19 2022 ------------------- ------------------------------------------------------------------ ++++ libX11: - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * security update for CVE-2022-3554 (bsc#1204422) - U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch * security update for CVE-2022-3555 (bsc#1204425) ++++ permissions: - Update to version 20201225: * permissions for enlightenment helper on 32bit arches (bsc#1194047) ------------------------------------------------------------------ ------------------ 2022-10-18 - Oct 18 2022 ------------------- ------------------------------------------------------------------ ++++ util-linux: - Fix file conflict during upgrade (boo#1204211). ++++ util-linux-systemd: - Fix file conflict during upgrade (boo#1204211). ------------------------------------------------------------------ ------------------ 2022-10-17 - Oct 17 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Leap 15.4 doesn't have setroubleshoot-server ++++ curl: - Security Fix: [bsc#1204383, CVE-2022-32221] * POST following PUT confusion * Add curl-CVE-2022-32221.patch - Security Fix: [bsc#1204386, CVE-2022-42916] * HSTS bypass via IDN * Add curl-CVE-2022-42916.patch ++++ libksba: - Security fix: [bsc#1204357, CVE-2022-3515] * Detect a possible overflow directly in the TLV parser. * Add libksba-CVE-2022-3515.patch ++++ tiff: - security update: * CVE-2022-2519 [bsc#1202968] * CVE-2022-2520 [bsc#1202973] * CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch * CVE-2022-2867 [bsc#1202466] * CVE-2022-2868 [bsc#1202467] * CVE-2022-2869 [bsc#1202468] + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch ++++ libxml2: - Security fixes: * [CVE-2022-40303, bsc#1204366] Fix integer overflows with XML_PARSE_HUGE + Added patch libxml2-CVE-2022-40303.patch * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by entity reference cycles + Added patch libxml2-CVE-2022-40304.patch ++++ libxml2-python: - Security fixes: * [CVE-2022-40303, bsc#1204366] Fix integer overflows with XML_PARSE_HUGE + Added patch libxml2-CVE-2022-40303.patch * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by entity reference cycles + Added patch libxml2-CVE-2022-40304.patch ------------------------------------------------------------------ ------------------ 2022-10-14 - Oct 14 2022 ------------------- ------------------------------------------------------------------ ++++ kdump: - fix network-related dracut options handling for fadump case (bsc#1201051) - fix broken URL in manpage (bsc#1187312) - use inst_binary to install kdump-save (bsc#1202981) ------------------------------------------------------------------ ------------------ 2022-10-13 - Oct 13 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - Fix a potential crash that could be triggered by an invalid signature. (CVE-2022-42010, bsc#1204111) * fix-upstream-CVE-2022-42010.patch - Fix an out of bounds read caused by a fixed length array (CVE-2022-42011, bsc#1204112) * fix-upstream-CVE-2022-42011.patch - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption CVE-2022-42012, bsc#1204113) * fix-upstream-CVE-2022-42012.patch - Disable asserts (bsc#1087072) - Refreshed patches * fix-upstream-CVE-2020-35512.patch ++++ dbus-1-x11: - Fix a potential crash that could be triggered by an invalid signature. (CVE-2022-42010, bsc#1204111) * fix-upstream-CVE-2022-42010.patch - Fix an out of bounds read caused by a fixed length array (CVE-2022-42011, bsc#1204112) * fix-upstream-CVE-2022-42011.patch - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption CVE-2022-42012, bsc#1204113) * fix-upstream-CVE-2022-42012.patch - Disable asserts (bsc#1087072) - Refreshed patches * fix-upstream-CVE-2020-35512.patch ------------------------------------------------------------------ ------------------ 2022-10-12 - Oct 12 2022 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - Add nss-allow-slow-tests.patch, which allows a timed test to run longer than 1s. This avoids turning slow builds into broken builds. ++++ openSUSE-repos-LeapMicro: - Update to version 20221012.1c71da6: * Remove trailing endif - Update to version 20221012.07c2eae: * MicroOS should builds on Factory version only - Update to version 20221012.ea3218c: * Ensure that MicroOS flavor is not build on Leap - Update to version 20221012.c4167e1: * fix broken spec * Remove unwanted second spec * Rebase MicroOS on top of single-spec setup * Initial MicroOS flavor based on TW ------------------------------------------------------------------ ------------------ 2022-10-11 - Oct 11 2022 ------------------- ------------------------------------------------------------------ ++++ permissions: - Update to version 20201225: * fix regression introduced by backport of security fix (bsc#1203911) ------------------------------------------------------------------ ------------------ 2022-10-10 - Oct 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - wifi: mac80211: fix crash in beacon protection for P2P-device (CVE-2022-42722 bsc#1204125). - commit 38da0b9 - wifi: mac80211: fix MBSSID parsing use-after-free (CVE-2022-42719 bsc#1204051). - commit bab6e58 - mac80211: fix memory leaks with element parsing (CVE-2022-42719 bsc#1204051). - commit f9a2be2 - wifi: mac80211: refactor elements parsing with parameter struct (CVE-2022-42719 bsc#1204051). - mac80211: always allocate struct ieee802_11_elems (CVE-2022-42719 bsc#1204051). - mac80211: mlme: find auth challenge directly (CVE-2022-42719 bsc#1204051). - mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719 bsc#1204051). - commit b28a982 - wifi: cfg80211: avoid nontransmitted BSS list corruption (CVE-2022-42721 bsc#1204060). - wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720 bsc#1204059). - commit 82311e4 ++++ systemd: - Add 1012-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179) - Make "sle15-sp3" net naming scheme still available for backward compatibility reason ++++ zlib: - Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used * bsc1203652.patch ------------------------------------------------------------------ ------------------ 2022-10-7 - Oct 7 2022 ------------------- ------------------------------------------------------------------ ++++ openSUSE-repos-LeapMicro: - Update to version 20221007.638a03b: * Packaging: set default package name as openSUSE-repos for non-flavour - Update to version 20221007.0e44106: * Packaging: made it to be real multibuild ++++ ovmf: - Add patches to fix detection issue of NVME controller (bsc#1203825) - ovmf-MdeModulePkg-NvmExpressDxe-fix-check-for-Cap.Css.patch - ovmf-MdeModulePkg-NvmExpressPei-fix-check-for-NVM-command.patch ------------------------------------------------------------------ ------------------ 2022-10-6 - Oct 6 2022 ------------------- ------------------------------------------------------------------ ++++ rsync: - Add support for --trust-sender parameter (patch by Jie Gong in bsc#1202970). (related to CVE-2022-29154, bsc#1201840) * Added patch rsync-CVE-2022-29154-trust-sender-1.patch * Added patch rsync-CVE-2022-29154-trust-sender-2.patch ------------------------------------------------------------------ ------------------ 2022-10-5 - Oct 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - commit 20a025b - Clean up kernel-config settings via run_oldconfig.sh Invoke run_oldconfig.sh to clean the kernel-config settings from unset symbols. Otherwise these settings interfere with actual config changes. - commit 8a799ae - blacklist.conf: not relevant in our configurations - commit 586058b - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - commit 36d622f - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - commit e2ddfcf - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - commit 8041860 - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - commit d514aa5 - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - commit c020446 - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - commit a2d45c7 - blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection' - commit b93ba64 - media: imx-jpeg: Correct some definition according specification (git-fixes). - commit bdf4126 - blacklist.conf: not relevant in our configurations - commit 8171bfe - media: vsp1: Fix offset calculation for plane cropping. - commit dc309b5 - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - commit 332ca3f - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - commit 30518b0 - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - commit f62e31e - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - commit c014d5c - media: coda: Add more H264 levels for CODA960 (git-fixes). - commit 75d6462 - media: coda: Fix reported H264 profile (git-fixes). - commit 1533555 - Revert "constraints: increase disk space for all architectures" (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - commit 3d33373 - blacklist.conf: Append 'fbdev: Hot-unplug firmware fb devices on forced removal' - commit 0b6410b - blacklist.conf: Append 'Revert "fbdev: fbmem: add a helper to determine if an aperture is used by a fw fb"' - commit b1ae504 - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - commit 3bb5d97 - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - commit e714654 - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - commit ac7ee01 ++++ openssl-1_1: - FIPS: OpenSSL service-level indicator - Allow AES XTS 256 [bsc#1190651] * Add patches: openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch ++++ libzypp: - Resolver: Fix missing --[no]-recommends initialization in update (fixes #openSUSE/zypper#459, bsc#1201972) - Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds to --[no]-recommends. - version 17.31.2 (22) ++++ zypper: - BuildRequires: libzypp-devel >= 17.31.2. - Fix --[no]-allow-vendor-change feedback in install command (bsc#1201972) - version 1.14.57 ------------------------------------------------------------------ ------------------ 2022-10-4 - Oct 4 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) (jsc#PED-1276) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch ++++ kernel-default: - blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant - commit bc73e4e - blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs - commit 4726e8f - Drop the ACPI patch temporarily as it causes a regression (bsc#1203794) Delete patches.suse/ACPI-resource-skip-IRQ-override-on-AMD-Zen-platforms.patch - commit 8842ef4 - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - commit 7656242 - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - commit dee3343 - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - commit daa8575 - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - commit f86cf76 - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - commit 68203bf - parisc/sticon: fix reverse colors (bsc#1152489) - commit f94c66b - char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops (CVE-2022-41848 bsc#1203987). - commit a144c48 - fbdev: smscufx: Fix use-after-free in ufx_ops_open() (CVE-2022-41849 bsc#1203992). - commit db3bfe7 ++++ protobuf: - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch ------------------------------------------------------------------ ------------------ 2022-10-3 - Oct 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mana: Add rmb after checking owner bits (git-fixes). - commit 85bfc78 - Makefile.debug: re-enable debug info for .S files (git-fixes). - commit 50458f2 - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - commit 48283d1 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to allow the use of DSA keys (verification only) (bsc#1201298). - Update nss-fips-constructor-self-tests.patch to add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). ------------------------------------------------------------------ ------------------ 2022-10-2 - Oct 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() (git-fixes). - Refresh patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch. - commit 0719451 - usb: typec: ucsi: Remove incorrect warning (git-fixes). - media: rkvdec: Disable H.264 error detection (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - commit 06be809 ------------------------------------------------------------------ ------------------ 2022-10-1 - Oct 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - commit 209f0a1 - Add cherry-picked commit id for an AMDGPU patch (git-fixes) - commit 505fbbc - usb: dwc3: gadget: Refactor pullup() (git-fixes). - commit f481a77 - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - Refresh patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch. - Refresh patches.suse/usb-dwc3-gadget-Prevent-repeat-pullup.patch. - commit 6d90a05 - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - net: phy: Don't WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - Revert "usb: add quirks for Lenovo OneLink+ Dock" (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - commit ce89825 - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - commit 02160f0 - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - Revert "firmware: arm_scmi: Add clock management to the SCMI power domain" (git-fixes). - drm/amdgpu: don't register a dirty callback for non-atomic (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - commit 509f7ae - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - commit 931f4f4 - Add blacklist and alt-commit for ASoC cs35l41 patches (bsc#1203699) - commit b1bfeae ------------------------------------------------------------------ ------------------ 2022-9-30 - Sep 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - commit 6f3c833 - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - commit e1af9a1 - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). Dropped: patches.suse/lpfc-decouple-port_template-and-vport_template.patch - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - commit 23fee86 - supported.conf: mark spi-pxa2xx-platform as supported (bsc#1203699) It's required for the sound on recent Intel machines - commit d17d5e0 - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - commit 495ecbc - wifi: cfg80211: ensure length byte is present before access (CVE-2022-41674 bsc#1203770). - wifi: cfg80211/mac80211: reject bad MBSSID elements (CVE-2022-41674 bsc#1203770). - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (CVE-2022-41674 bsc#1203770). - commit 79b409a - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake "definiton" -> "definition" (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - commit 76fee71 - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - commit df43957 - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - commit 421a33e - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - commit 13ee63f ++++ kernel-firmware: - Add firmware files for CS35L41 codecs (bsc#1203699) Copied from the upstream linux-firmware tree ++++ multipath-tools: - Use %tmpfiles_create macro for tmpfiles.d file - Update to version 0.9.0+62+suse.3e048d4: * Fix multipathd authorization bypass and symlink attack (bsc#1202739 CVE-2022-41973 CVE-2022-41974) * add multipath-dracut.conf: dracut config file to install tmpfiles.d/multipath.conf in initramfs ++++ qemu: - Fix bsc#1198038, CVE-2022-0216 * Patches added: scsi-lsi53c895a-really-fix-use-after-fre.patch ------------------------------------------------------------------ ------------------ 2022-9-29 - Sep 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI: fix adding another field to scsi_device (bsc#1203039). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - Refresh patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch. - Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch. - commit 38a6998 - mm: Fix PASID use-after-free issue (bsc#1203908). - commit e2ea645 - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - commit 2c277d7 - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - commit 719f957 - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1196869). - commit 20ffc1f - kABI workaround for spi changes (bsc#1203699). - commit 57d4f4f - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - commit ec3105d - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - commit 274acc0 - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - Update config files - Update supported.conf - commit 6b0538d - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - commit 66cfc1c - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - commit 3025b3b - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - commit d934822 - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - commit 6e401a7 - Revert "ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations" (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - commit 8707600 - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Don't dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - commit 0179f7c - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - commit f2b0e66 - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - commit a26b9a2 - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-a-quirk-for-HP-OMEN-16-8902-mut.patch. - commit 342e19c - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - commit 0fd2db1 - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - commit 4800a47 - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - commit 346d9b0 - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - commit e34c590 - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Don't claim to support 192k (bsc#1203699). - ASoC: cs42l42: Don't reconfigure the PLL while it is running (bsc#1203699). - commit 866431d - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - commit ac37bc4 - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - commit af84f1a - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch. - commit 7831f17 - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - commit 8ea9da8 - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-a-quirk-for-HP-OMEN-16-8902-mut.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-the-Framework-Laptop.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-right-sounds-and-mute-micmute-L-024a7ad9eb4d.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-right-sounds-and-mute-micmute-L.patch. - commit a813cc9 - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - commit 31fd8da - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - commit 545439c - supported.conf: Add cs_dsp firmware module (bsc#1203699) - commit af1ea30 - Update config files: enable CS35L41 support (bsc#1203699) - commit 195ddb7 - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-the-Framework-Laptop.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-speakers-and-micmute-on-HP-855-.patch. - commit 0a4cbdb - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - Refresh patches.suse/ALSA-hda-ALC287-Add-Lenovo-IdeaPad-Slim-9i-14ITL5-sp.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Legion-Y9000X-2019.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-the-Framework-Laptop.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-speakers-and-micmute-on-HP-855-.patch. - commit b3dce35 - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - commit 39ffdf8 - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Don't overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - commit 5d21207 - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - Revert "powerpc/rtas: Implement reentrant rtas call" (bsc#1203664 ltc#199236). - commit 93ebb75 ------------------------------------------------------------------ ------------------ 2022-9-28 - Sep 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add scsi commit that's too invasive - commit ed3d357 - struct ehci_hcd: hide new element going into a hole (git-fixes). - commit 859270b - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - commit 71e1e4f - xen/usb: don't use arbitrary_virt_to_machine() (git-fixes). - commit 9497b70 - usb: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - usb: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - commit f930b4a - usb: Drop commas after SoC match table sentinels (git-fixes). - commit c8fc91a - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - commit ac47acd - xhci: Allocate separate command structures for each LPM command (git-fixes). - commit 33fbca4 - USB: core: Fix RST error in hub.c (git-fixes). - commit 19a77db ------------------------------------------------------------------ ------------------ 2022-9-27 - Sep 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fuse: Remove the control interface for virtio-fs (bsc#1203798). - commit a23dd0d - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - commit 43a9011 - usb.h: struct usb_device: hide new member (git-fixes). - commit fbd8f4a - USB: core: Prevent nested device-reset calls (git-fixes). - commit 9ef8532 - usb: dwc3: disable USB core PHY management (git-fixes). - commit 1a35727 - Update patch referecen for ALSA fix (CVE-2022-3303 bsc#1203769) - commit 9addbc1 - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - commit ec98644 - NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - NFSv4.2 fix problems with __nfs42_ssc_open (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSv4: Fix races in the legacy idmapper upcall (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFSv4.1: Don't decrease the value of seq_nr_highest_sent (git-fixes). - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes). - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - nfsd: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - SUNRPC: Don't leak sockets in xs_local_connect() (git-fixes). - SUNRPC: Don't call connect() more than once on a TCP socket (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - commit 510ad2f ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - Update nss-fips-constructor-self-tests.patch to hopefully export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). ------------------------------------------------------------------ ------------------ 2022-9-26 - Sep 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - Refresh patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page. - commit e7f768c - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - commit c7d72a7 - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - commit abc7475 ++++ expat: - Security fix: * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent function in xmlparse.c - Added patch expat-CVE-2022-40674.patch ++++ sssd: - Fix sdap_access_host No matching host rule found; (bsc#1202559); Add patch 0001-Fix-sdap_access_host-No-matching-host-rule-found.patch ++++ openSUSE-repos-LeapMicro: - Update to version 20220926.da3133a: * Corrected path and name for LeapMicro debug repo - Update to version 20220926.c75597d: * Run spec-cleaner on specs - Update to version 20220926.e27264d: * Add LeapMicro - Update to version 20220926.be4cbf8: * Specs for multibuild support as we have >2 flavors ++++ salt: - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Fix test_ipc unit test - Added: * retry-if-rpm-lock-is-temporarily-unavailable-547.patch * change-the-delimeters-to-prevent-possible-tracebacks.patch * fix-test_ipc-unit-tests.patch * backport-syndic-auth-fixes.patch * fix-the-regression-in-schedule-module-releasded-in-3.patch * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch * ignore-non-utf8-characters-while-reading-files-with-.patch * fix-state.apply-in-test-mode-with-file-state-module-.patch ------------------------------------------------------------------ ------------------ 2022-9-25 - Sep 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: remove blacklisted patch This patch was incorrectly blacklisted, but in fact is needeed, so remove the blacklist first. - commit 858de69 - serial: fsl_lpuart: Reset prior to registration (git-fixes). - workqueue: don't skip lockdep work dependency in cancel_work_sync() (git-fixes). - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - commit 05ff2c7 ------------------------------------------------------------------ ------------------ 2022-9-24 - Sep 24 2022 ------------------- ------------------------------------------------------------------ ++++ openSUSE-repos-LeapMicro: - Update to version 20220924.5761673: * requested in https://code.opensuse.org/leap/features/issue/91 * Disable post-build checks due to boo#1203715 * Initial rpm spec logic is based on rpm-repos-openSUSE from Neal ------------------------------------------------------------------ ------------------ 2022-9-23 - Sep 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - commit 338849f - kexec_file: drop weak attribute from functions (bsc#1196444). - commit 3df1852 - KVM: avoid NULL pointer dereference in kvm_dirty_ring_push (bsc#1198189 CVE-2022-1263). - commit 7717214 - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - commit a0517d1 - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - commit 6bb0d35 - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - commit 4895eee ------------------------------------------------------------------ ------------------ 2022-9-22 - Sep 22 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add 0002-selinux-temporary-remove-setroubleshoot-section.patch (jsc#CSD-77) - Add dependency policycoreutils-python-utils for cockpit-selinux (bsc#1203371) - Minor changes in cockpit.spec file to adjust macros in conditionals for SLE Micro ++++ kernel-default: - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - commit a413591 - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - commit 7bd201a - net: enetc: Use pci_release_region() to release some resources (git-fixes). - commit 15bc221 - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - commit 568058d - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - commit a7df60c - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - commit 1d801d7 - net: macb: Fix PTP one step sync support (git-fixes). - commit c6f42d2 - net: wwan: iosm: remove pointless null check (git-fixes). - commit 4eccfc1 - eth: sun: cassini: remove dead code (git-fixes). - commit aa42615 - net: stmmac: remove unused get_addr() callback (git-fixes). - commit 14586bc - Revert "ice: Hide bus-info in ethtool for PRs in switchdev mode" (git-fixes). - commit 2b88535 - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - commit 63c3906 - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - commit 41e3617 - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - commit 5001021 - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - commit 1bdfd3c - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - commit f002bf7 - net: phy: at803x: move page selection fix to config_init (git-fixes). - commit 02fb6c3 - ice: Match on all profiles in slow-path (git-fixes). - commit 5ba2957 - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - commit 1308dcb - blacklist.conf: update blacklist - commit e0df553 - blacklist.conf: update blacklist - commit d975e01 - blacklist.conf: update blacklist - commit 2402036 - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - commit 636d297 - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - commit a4ecf82 - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare" (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - commit 6a1df1e ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to prevent sessions from getting flagged as non-FIPS (bsc#1191546). - Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - Enable nss-fips-drbg-libjitter.patch now that we have a patched libjitter to build with (bsc#1202870). ++++ podman: - Add fix for CVE-2022-2989 / bsc#1202809 Add patch: 0001-Add-container-GID-to-additional-groups.patch ------------------------------------------------------------------ ------------------ 2022-9-21 - Sep 21 2022 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - drbd-utils.spec force _localstatedir to use /var/lib in runtime (bsc#1203220) ++++ kernel-default: - Refresh patches.suse/iommu-vt-d-Acquiring-lock-in-domain-ID-allocation-helpers Fix spin deadlock in intel_iommu (bsc#1203505) - commit 69d294e - media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218 bsc#1202960). - commit bdcd7ab - Update kabi files: import symvers from MU 5.14.21-150400.24.21 - commit a9db6f7 ------------------------------------------------------------------ ------------------ 2022-9-20 - Sep 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper - commit 2ebf815 - EDAC/dmc520: Don't print an error for each unconfigured interrupt line (bsc#1190497). - commit c59e321 - blacklist.conf: ad2c302bc604 EDAC/sifive: Fix non-kernel-doc comment - commit 1146177 - Update patch reference for media fix (CVE-2022-3239 bsc#1203552) - commit 9054a9f - supported.conf: Add drivers/virt/coco/sevguest/sevguest - commit 14b71be - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - Update config files. - commit 07e76d6 - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - commit 575230a ++++ patterns-microos: - removed cockpit-kdump which is not yet ready - 5.3.9 ------------------------------------------------------------------ ------------------ 2022-9-19 - Sep 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit eaa3ba3 - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - commit cecec70 - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit d7a984b - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit df057b9 - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit 27da7ad - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/x86-sev-define-the-linux-specific-guest-termination-reasons.patch. - commit 509599d - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - commit 08ede5a - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - commit b42af07 ++++ util-linux: - libuuid improvements (bsc#1201959, PED-1150): * libuuid: Fix range when parsing UUIDs (util-linux-libuuid-uuid_parse-overrun.patch). * Improve cache handling for short running applications-increment the cache size over runtime (util-linux-libuuid-improve-cache-handling.patch). * Implement continuous clock handling for time based UUIDs (util-linux-libuuid-continuous-clock-handling.patch). * Check clock value from clock file to provide seamless libuuid update (util-linux-libuuid-check-clock-value.patch). ++++ mdadm: - mdadm.spec: add EXTRAVERSION string to make command line (jsc#SLE-24761, bsc#1193566) ++++ util-linux-systemd: - libuuid improvements (bsc#1201959, PED-1150): * libuuid: Fix range when parsing UUIDs (util-linux-libuuid-uuid_parse-overrun.patch). * Improve cache handling for short running applications-increment the cache size over runtime (util-linux-libuuid-improve-cache-handling.patch). * Implement continuous clock handling for time based UUIDs (util-linux-libuuid-continuous-clock-handling.patch). * Check clock value from clock file to provide seamless libuuid update (util-linux-libuuid-check-clock-value.patch). ------------------------------------------------------------------ ------------------ 2022-9-17 - Sep 17 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - commit a8d151e - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - commit a41cdd0 ------------------------------------------------------------------ ------------------ 2022-9-16 - Sep 16 2022 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - restore drbd scripts back to /usr/lib/drbd from /lib/drbd (bsc#1203220) Update drbd-utils.spec - fix drbd-bash-completion Update rpmlint-build-error.patch ++++ grub2: - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch ++++ kernel-default: - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - commit 37ef226 - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - commit 3ed3cdd - Update references: - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch (add CVE-2022-32296 bsc#1200288) - commit 07e021d - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - commit 33b6bc1 - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - commit 55b30a0 - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - commit aa17727 - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - commit ea0d055 - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - commit 8bac828 - xen-blkback: fix persistent grants negotiation (git-fixes). - commit 8c9e86e - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - commit 8ae5e2f - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - commit fe2de2e - xen-blkfront: Handle NULL gendisk (git-fixes). - commit ff9be3a - blacklist.conf: add 1dbd11ca75fe ("xen: remove gnttab_query_foreign_access") as it would break KABI - commit 893d5df - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - commit 9311053 - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - commit 4acefb4 - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - commit c7cc445 - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - commit cfc201b - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - commit 001f866 - KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 (git-fixes). - commit 4d133af ++++ colord: - Add colord-CVE-2021-42523.patch: fix a small memory leak in sqlite3_exec (boo#1202802 CVE-2021-42523). ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - Add nss-fips-drbg-libjitter.patch to use libjitterentropy for entropy. This is disabled until we can avoid the inline assembler in the latter's header file that relies on GNU extensions. - Update nss-fips-constructor-self-tests.patch to fix an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ++++ openssl-1_1: - FIPS: Default to RFC-7919 groups for genparam and dhparam * Add openssl-1_1-FIPS-default-RFC7919.patch [bsc#1180995] ------------------------------------------------------------------ ------------------ 2022-9-15 - Sep 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - commit ad373ba - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - commit d9570b4 - Update patch referece for IDXD fix (jsc#PED-729) - commit 0666616 - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - commit b9e7fd2 - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - commit 966fd07 - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - Refresh patches.suse/dmaengine-idxd-set-defaults-for-wq-configs.patch. - commit b8b62ed - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - commit 4d43b5f - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - commit 84c33cd - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - commit 7f570d2 - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - commit c11ff86 - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - commit a2ea081 - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - commit 10afe67 - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - Refresh patches.suse/dmaengine-idxd-fix-wq-settings-post-wq-disable.patch. - commit d90c3a3 - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Correct misspelled words (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - commit 2fdd511 - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - commit 7d30fcd - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - commit cdb75aa - igb: skip phy status check where unavailable (git-fixes). - commit a3b27da - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - commit c2f52c2 - ice: fix crash when writing timestamp on RX rings (git-fixes). - commit fb0a1aa - net/mlx5: Drain fw_reset when removing device (git-fixes). - commit 97a86a6 - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - commit 4a77968 - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - commit f953f8f - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - commit 6b1fa7c - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - commit a1cfc32 - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - commit 52c2fa5 - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - commit b45f6dc - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - commit 41b13b2 - net: ipa: get rid of a duplicate initialization (git-fixes). - commit a69d7cd - net: ipa: record proper RX transaction count (git-fixes). - commit 0de4988 - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - commit cf3c3f2 - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - commit f134be1 - ice: Fix race during aux device (un)plugging (git-fixes). - commit 4278261 - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - commit ca8eb08 - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - commit d224ca3 - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - commit 95340f0 - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - commit bda7960 - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - commit a361614 - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - commit 014fc77 - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - commit 72dc370 - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - commit 1fa6443 - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - commit f4b10fd - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - commit 6d689b8 - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK (git-fixes). - commit cda6d8f - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - commit fc0f29e - net: bcmgenet: hide status block before TX timestamping (git-fixes). - commit 7471b10 - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - commit 77bb15d - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - commit 9360c59 - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - commit 2e1c776 - net: ftgmac100: access hardware register after clock ready (git-fixes). - commit 6f339f4 - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - commit 673e9bc - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - commit 04343f5 - Update patches.suse/SUNRPC-Prevent-immediate-close-reconnect.patch (git-fixes, bsc#1203338). - commit 1a26f26 ------------------------------------------------------------------ ------------------ 2022-9-14 - Sep 14 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - commit 6e948de - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - commit 6052c6d - mlxsw: i2c: Fix initialization error flow (git-fixes). - commit b1671b5 - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - commit d6232d0 - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - commit 5811714 - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - commit 20972b2 - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - commit 21d6298 - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - commit 656f34a - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - commit b62a96b - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - commit 91c7940 - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - commit 587d5e0 - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - commit e5cbf9e - blacklist.conf: update blacklist - commit b64ff66 - jfs: prevent NULL deref in diFree (bsc#1203389 CVE-2022-3202). - commit 1259272 - usb: typec: tipd: Add an additional overflow check (git-fixes). - commit b1f97fa - usb: typec: tipd: Don't read/write more bytes than required (git-fixes). - commit e669366 - Update patch references for ALSA fixes (jsc#PED-652 jsc#PED-720) - commit 3c5b516 - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - commit 012fcdf - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - commit ae48fdf - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - commit c23d1e1 - Update DRM UDL patches from upstreamed patches (bsc#1195917) Dropped: patches.suse/0001-drm-udl-Restore-display-mode-on-resume.patch - commit eab8d35 ------------------------------------------------------------------ ------------------ 2022-9-13 - Sep 13 2022 ------------------- ------------------------------------------------------------------ ++++ dmidecode: 2 recommended fixes from upstream: - news-fix-typo.patch: We ship the NEWS file so avoid including a typo in it. - dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing NULL to a %s printf conversion specifier is illegal, and can result in a segmentation fault. Current version of glibc doesn't mind, but alternative, past or future libc implementations could crash, so let's fix it. - Update to upstream version 3.4: * This update implements jsc#SLE-24502 and jsc#PED-1466. * [COMPATIBILITY] Document how the UUID fields are interpreted. * [PORTABILITY] Don't use memcpy on /dev/mem on arm64. * Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memory module extended speed, new system slot types, new processor characteristics and new format of Processor ID. * Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information). * Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240. * Bug fixes: Fix OEM vendor name matching * Minor improvements: Add bios-revision, firmware-revision and system-sku-number to -s option Use the most appropriate unit for cache size Decode system slot base bus width and peers Skip details of uninstalled memory modules Don't display the raw CPU ID in quiet mode Improve the formatting of the manual pages * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch, dmidecode-add-logical-non-volatile-device.patch, dmidecode-add-memory-device-types-from-smbios-3.4.0.patch, dmidecode-add-processor-characteristics-bits-from-smbios-3.4.0.patch, dmidecode-add-processor-upgrades-from-smbios-3.4.0.patch, dmidecode-add-slot-characteristics2-from-smbios-3.4.0.patch, dmidecode-add-system-slot-types-from-smbios-3.4.0.patch, dmidecode-fix-formatting-of-tpm-table-output.patch, dmidecode-fix-redfish-hostname-print-length.patch, dmidecode-fix-system-slot-information-for-pcie-ssd.patch, dmidecode-missing-commas.patch, dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch and dmidecode-skip-details-of-uninstalled-memory-modules.patch. ++++ jitterentropy: - jitterentropy-split-internal-header.patch: Hide the non-GNUC constructs that are library internal from the exported header. (bsc#1202870) ++++ kernel-default: - ice: Allow operation with reduced device MSI-X (bsc#1201987). - commit adb8f10 - usb: hub: avoid warm port reset during USB3 disconnect (git-fixes). - commit 8af7b8e - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - commit 49a8536 - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - commit 8e1f358 - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - commit c8ec028 - Revert "arm64: Mitigate MTE issues with str{n}cmp()" (git-fixes) - commit 3916261 - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - commit 0ad904d - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - commit ec23c84 - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - commit 4b6dc41 - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - commit 0479f45 - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - commit 5ceb88f ++++ permissions: - Update to version 20201225: * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252) ------------------------------------------------------------------ ------------------ 2022-9-12 - Sep 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (bsc#1203066 CVE-2022-39189). - commit c89b7e4 - blacklist.conf: add 3 commits for git-fixes not needed - commit 6f1ca85 - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (CVE-2022-2586 bsc#1202095). - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (CVE-2022-2586 bsc#1202095). - netfilter: nf_tables: do not allow SET_ID to refer to another table (CVE-2022-2586 bsc#1202095). - commit 42bb8dc - Update patches.suse/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch references (add CVE-2020-16119 bsc#1177471). - commit 7d3c30f - Update message from free_area_init (bsc#1203101) Refreshed: patches.suse/0002-mm-handle-uninitialized-numa-nodes-gracefully.patch - commit 58d8d59 - blacklist.conf: unwanted s390 commits - commit 7773032 - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - commit d609cb4 - kbuild: disable header exports for UML in a straightforward way (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - commit 96f4a7a ++++ libarchive: - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target (CVE-2021-23177, bsc#1192425) * CVE-2021-23177.patch ------------------------------------------------------------------ ------------------ 2022-9-11 - Sep 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - commit 4be15df ------------------------------------------------------------------ ------------------ 2022-9-10 - Sep 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - commit e787e77 - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - commit fdc009b - Move upstreamed patches into sorted section - commit 9769cb9 ++++ sudo: - Modified sudo-sudoers.patch * bsc#1177578 * Removed redundant and confusing 'secure_path' settings in sudo-sudoers file. ------------------------------------------------------------------ ------------------ 2022-9-9 - Sep 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - commit a3c49e0 - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - commit 196b9a7 - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - commit 9419c89 - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - commit 4644276 - bnx2x: fix built-in kernel driver load failure (git-fixes). - commit 4c90c2b - net: stmmac: only enable DMA interrupts when ready (git-fixes). - commit 8b7732b - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - commit 7ef4525 - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - commit 0b61dc1 - bnx2x: fix driver load from initrd (git-fixes). - commit 922bb4e - Update metadata references - commit b8d9524 - regulator: core: Clean up on enable failure (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - usb: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - commit 8d6d69c ++++ openssl-1_1: - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] * Add openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch * Disabled test 15-test_ec.t in FIPS mode ++++ libtirpc: - fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of connections (bsc#1201680) - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch ++++ patterns-microos: - added cockpit-selinux (jsc#CSD-77) - 5.3.8 ------------------------------------------------------------------ ------------------ 2022-9-8 - Sep 8 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - commit f2a5e08 - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - commit 577992b - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - commit f16c949 - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - commit 391f1b3 - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - Refresh patches.suse/net-axienet-setup-mdio-unconditionally.patch. - commit afb1beb - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - commit c38c182 - blacklist.conf: update blacklist - commit 9d146c4 - Update patches.suse/watchqueue-make-sure-to-serialize-wqueue-defunct-pro.patch (git-fixes, CVE-2022-1882, bsc#1199904). - add references to CVE-2022-1882, bsc#1199904 - commit b499e0d ++++ libgcrypt: - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] * Add libgcrypt-FIPS-rndjent_poll.patch ------------------------------------------------------------------ ------------------ 2022-9-7 - Sep 7 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Enable build of cockpit-selinux package (CSD-77) ++++ kernel-default: - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - commit 2e0f852 - Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values" (bsc#1202989). - commit 2353f59 ++++ libgcrypt: - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. * Add libgcrypt-FIPS-kdf-leylength.patch - FIPS: Zeroize buffer and digest in check_binary_integrity() * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020] ++++ pam: - Update pam_motd to the most current version. This fixes various issues and adds support for mot.d directories [jsc#PED-1712]. * Added: pam-ped1712-pam_motd-directory-feature.patch ++++ regionServiceClientConfigEC2: - Update to version 4.1.0 (bsc#1203215) + New certs for 52.79.82.165 and 54.247.166.75 ------------------------------------------------------------------ ------------------ 2022-9-6 - Sep 6 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-podman: - Re-package node_modules.obscpio with latest version of obs-service-node_modules ++++ gnutls: - FIPS: Zeroize the calculated hmac and new_hmac in the check_binary_integrity() function. [bsc#1191021] * Add gnutls-FIPS-Zeroize-check_binary_integrity.patch - FIPS: Additional modifications to the SLI. [bsc#1190698] * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). * Mark HMAC keylength less than 112 bits as non-approved in gnutls_pbkfd2(). * Adapt the pbkdf2 selftest and the regression tests accordingly. * Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch ++++ kernel-default: - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - commit 80bcb5a - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - commit b8be98c - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - commit d1c233b - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - commit 9eefb78 - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - commit 62469ec - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - commit 53e1aa3 - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - commit 44a2b58 - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - commit f62cbbb - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/stp: clock_delta should be signed (git-fixes). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - commit 9886bfd - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - commit 51b9b2e - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - commit f1d7d3e - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - commit d57061d - netfilter: nf_tables: disallow binding to already bound chain (CVE-2022-39190 bsc#1203117). - commit bb5b67f - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - commit 35d24e5 - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - commit 4ff0a76 - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - commit a9fc9d1 - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - commit 4f92bad - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - commit 88f2cbc - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - commit c8964fa ++++ ovmf: - Add patches to disable option ROM on sev (bsc#1199156) - Backported the following patches: - ovmf-MdeModulePkg-Update-PciEnumeratorSupport-to-ignore-O.patch cb8349f01a MdeModulePkg: Update PciEnumeratorSupport to ignore OptionRom if needed - ovmf-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch c477b2783f OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest - ovmf-OvmfPkg-IncompatiblePciDeviceSupportDxe-Refine-the-c.patch 149ed8e421 OvmfPkg/IncompatiblePciDeviceSupportDxe: Refine the configuration - To disable option ROM both on tdx and sev: ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch ------------------------------------------------------------------ ------------------ 2022-9-5 - Sep 5 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Update kdump-suse.patch to match upstream. ++++ kernel-default: - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (CVE-2022-39188, bsc#1203107). - commit 3a89213 - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - commit 7e9c40c - netfilter: nf_conntrack_irc: Tighten matching on DCC message (CVE-2022-2663 bsc#1202097). - netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663 bsc#1202097). - commit 81db4dd - blacklist.conf: breaks kABI in a hard to fix way - commit cc459f1 - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - commit 68f2e3d - Update patches.kabi/kABI-Fix-kABI-after-mm-rmap-Fix-anon_vma-degree-ambi.patch (git-fixes, bsc#1203098). - Update patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch (git-fixes, bsc#1203098). Add reference to bsc#1203098. - commit 866ab35 ++++ sqlite3: - update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. ++++ nfs-utils: - add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch Fix nfsdcltrack bug that affected non-x86 archs. (bsc#1202627) ++++ patterns-microos: - added cockpit-kdump (jsc#SMO-166) - 5.3.7 ------------------------------------------------------------------ ------------------ 2022-9-4 - Sep 4 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" (git-fixes). - commit 44c1db1 - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - commit f95732e - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - commit 9d2056c ------------------------------------------------------------------ ------------------ 2022-9-3 - Sep 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" (git-fixes). - commit fa5bfaa - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - commit b6c0927 - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - driver core: Don't probe devices after bus_type.match() probe deferral (git-fixes). - commit ed7d76e - s390/hypfs: avoid error message under KVM (bsc#1032323). - commit d15dd85 - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - commit b3967e5 - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - commit 83dc2f8 - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - commit 5ee26ea - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - commit 5409e90 - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - commit 3aea465 - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - commit 5500abe - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - commit b35717b ------------------------------------------------------------------ ------------------ 2022-9-2 - Sep 2 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523) - change %post behaviour, only do deleting job for non-link folder ++++ kernel-default: - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - commit 60b85eb - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - commit a591a18 - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - commit 92eb839 - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - commit 280d133 - KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails" (git-fixes). - commit 2197604 - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (git-fixes). - commit 96927c2 - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - commit 68c3e1f - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - commit f2721a9 - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - commit c23060e - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - commit d1a201b - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - commit bd3093f - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - commit fab67c0 - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - commit e697bdc - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - commit 0cdf70f - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - commit 5abb01b - Drop mtd patch that was reverted in the stable tree It may lead to some data loss, hence reverted in the upstream stable tree. - commit 6e6a4da - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - commit 60b35e7 - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - commit aa22b95 - blacklist.conf: Add mwifiex entries that have been reverted in stable tree - commit d49d2ba - spi: Fix incorrect cs_setup delay handling (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - commit 832166f - blacklist.conf: add already reverted commit for stable-5.15.x - commit fe76880 - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - commit 7b86962 - blacklist.conf: update blacklist - commit b02d3d9 - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - commit 9da9e21 - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - Refresh patches.suse/net-dsa-felix-break-at-first-CPU-port-during-init-an.patch. - commit 0908246 - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - commit bba711c - Input: i8042 - merge quirk tables (git-fies). - Refresh patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch. - commit 18e20bc - Input: i8042 - move __initconst to fix code styling warning (git-fies). - commit 783d1cd - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - loop: Check for overflow while configuring loop (git-fies). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - commit a3214fc - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - commit 165b4a4 - kcm: fix strp_init() order and cleanup (git-fies). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - commit d2a4fb7 - Drop usbnet patches that caused problems on stable 5.15 - commit c6293d4 - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - commit bc8005d - Add already cherry-picked AMD gfx commits to Alt-commit - commit f32f5d7 - blacklist.conf: add ax25 entry that isn't applicable to SLE15-SP4 kernel - commit 4066ddd - ax25: Fix ax25 session cleanup problems (git-fixes). - Refresh patches.kabi/net-ax25_dev-kabi-workaround.patch. - commit 0281308 - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - commit 71b9a30 - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). kABI: Fix kABI after "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse" (git-fixes). - commit 513d1e1 - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - commit 026dde7 - Drop a wrongly picked up batmna-adv patch Blacklist it as well - commit 16220d6 - blacklist.conf: Add already reverted ACPI PM entries - commit f0bfc90 - Update patch reference for media fix (CVE-2022-3078 bsc#1203041) - commit 0804984 - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - commit 3a9bb8d ++++ lvm2: - lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523) - change %post behaviour, only do deleting job for non-link folder ++++ openssl-1_1: - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] * Add openssl-1_1-fips-drbg-selftest.patch - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. * Add openssl-1_1-FIPS_drbg-rewire.patch ++++ libzypp: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #402) - Log backtrace on SIGABRT too. - Need to explicitly enable building experimental code. Otherwise an old Notcurses++ package which happens to be present in the buildenv breaks the build (fixes #412). - Work around libyui/libyui#78 on code 15.4 and older. - Stop using std::*ary_function; deprecated and removed in c++17. - Don't expose header files which use types not available in c++11. In 15.3 and older, YAST and PK compile with -std=c++11. - Remove no longer needed %post code (bsc#1203649) - Enable zck support for SLE15-SP4 and newer. On Leap it is enabled since 15.1 (bsc#1189282) - version 17.31.1 (22) ++++ osinfo-db: - bsc#1202827 - Fail to deploy sle15sp5 guest via virt-install with osinfo add-sle15sp5-support.patch ++++ perl: - fix File::Path rmtree/remove_tree race condition [bnc#1047178] [CVE-2017-6512] new patch: perl-file_path_rmtree_fchmod.diff ++++ zypper: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #441, fixes #444) - Remove unneeded code to compute the PPP status. Since libzypp 17.23.0 the PPP status is auto established. No extra solver run is needed. - Make sure 'up' respects solver related CLI options (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US". - Fix man page (fixes #451) - version 1.14.56 ------------------------------------------------------------------ ------------------ 2022-9-1 - Sep 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - commit e35969c - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - commit ef21a23 - KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root() (git-fixes). - commit b06d410 - KVM: x86: SVM: don't passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - commit 31c8f31 - KVM: SVM: Don't intercept #GP for SEV guests (git-fixes). - commit 97eedc7 - blacklist.conf: Add two commits 5102bb1c9f82 psi: Fix "defined but not used" warnings when CONFIG_PROC_FS=n ec2444530612 psi: Fix "no previous prototype" warnings when CONFIG_CGROUPS=n - commit 0f4ea54 - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - commit c7dbeaf - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - commit 0f30cb5 - xen/gntdev: fix unmap notification order (git-fixes). - commit 556f435 - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - commit 4e8b0d8 - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - commit f36e374 - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - commit 967f4a3 - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - commit 109f3b2 - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - commit d503d18 - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - commit a1f1354 - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - commit 779fd48 - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - commit a7fa5e6 - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - commit bdde7fc - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - commit 97d9b98 - KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load (git-fixes). - commit 5bf1fed - xen: don't continue xenstore initialization in case of errors (git-fixes). - commit e090e14 - KVM: x86/mmu: Don't freak out if pml5_root is NULL on 4-level host (git-fixes). - commit 00a89e1 - rpm/kernel-source.spec.in: simplify finding of broken symlinks "find -xtype l" will report them, so use that to make the search a bit faster (without using shell). - commit 13bbc51 - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - commit 0f9d7a1 ++++ openssl-1_1: - Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046] * Add patch openssl-1.1.1-fips-fix-memory-leaks.patch ++++ python3-core: - Add patch CVE-2021-28861-double-slash-path.patch: * http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) ++++ python3: - Add patch CVE-2021-28861-double-slash-path.patch: * http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) ++++ yast2: - Added a parameter to NetworkService.EnableDisableNow method in order to ensure that the selected network service is enabled even when the selection has not been modified (bsc#1202479) - 4.4.52 ------------------------------------------------------------------ ------------------ 2022-8-31 - Aug 31 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - commit df6bb12 - llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356 bsc#1197391). - commit 42c82d5 - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - commit 403d89f - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - commit e76c4ca - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - commit 4b42fb2 - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - commit 1bd288c ++++ freetype2: - disable brotli linkage / WOFF2 support for now to keep dependencies as before. ++++ microos-tools: - Update to version 2.15 - 98selinux-microos: Add grep as dependency ++++ runc: - Update to runc v1.1.4. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.4. * Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. * Switch kill() in libcontainer/nsenter to sane_kill(). * Fix "permission denied" error from runc run on noexec fs. * Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (boo#1202821) - Update to runc v1.1.4. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.4. bsc#1202021 * Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. * Switch kill() in libcontainer/nsenter to sane_kill(). * Fix "permission denied" error from runc run on noexec fs. * Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (boo#1202821) ++++ samba: - CVE-2022-1615: Do not ignore errors in random number generation; (bso#15103); (bsc#1202976); - CVE-2022-32743: Implement validated dnsHostName write rights; (bso#14833); (bsc#1202803); ++++ vim: - Updated to version 9.0 with patch level 0313, fixes the following problems * Fixing bsc#1200884 Vim: Error on startup * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32 * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37 * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37 * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl() * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044 * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045 * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046. * Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock() * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar() * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote() * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent() * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both() * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name() * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc() * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len() * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes() * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite() * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int() * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check() * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs() * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special() * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr() * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line() * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string() * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr() * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails() * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet() * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function() * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len() * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar() * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240 * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00 ++++ yast2: - Do not ask for user input while checking file conflicts if the delayed progress popup is not shown (bsc#1201924, bsc#1202892) - backported from master - 4.4.51 ------------------------------------------------------------------ ------------------ 2022-8-30 - Aug 30 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch: fix loading of larger images (glgo#GNOME/gdk-pixbuf#216). ++++ kernel-default: - af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898 CVE-2022-3028). - commit d480d95 - Update patches.suse/watchdog-export-lockup_detector_reconfigure.patch (bsc#1202872 ltc#197920). - commit 310a79a - ipmi: fix initialization when workqueue allocation fails (git-fixes). - commit 4e7ceb0 ++++ Mesa: - changing default driver from 'iris' to 'i965' for Intel Gen8-11 hardware again, but this time the correct way; "-Dprefer-iris=false" needs to be set for both builds - Mesa-drivers *and* Mesa (boo#1202850, comment#29) ++++ openssl-1_1: - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] * Add openssl-1_1-jitterentropy-3.4.0.patch * Add build dependency on jitterentropy-devel >= 3.4.0 and libjitterentropy3 >= 3.4.0 ++++ microos-tools: - Update to version 2.14 - Fix Makefile to install sysext-add-debug - Update to version 2.13 - 98selinux-microos: Don't rely on selinux=1 [bsc#1202449] - Add sysext-add-debug - Make sure /var/lib/overlay exists before relabeling ------------------------------------------------------------------ ------------------ 2022-8-29 - Aug 29 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 Removed: - Hellenic Academic and Research Institutions RootCA 2011 ++++ keepalived: - FATAL: Module ip_vs not found in directory /lib/modules/5.14.21-150400.24.18-default (bsc#1202808) Set ProtectKernelModules to false in service file ++++ kernel-default: - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - commit 3bc90b6 - blacklist.conf: Add a few entries for ALSA - commit ce7ed14 - asm-generic: sections: refactor memory_intersects (git-fixes). - commit bfaae5b - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - commit d192fa1 - bpf: Don't use tnum_range on array range checking for poke descriptors (bsc#1202564 bsc#1202860 CVE-2022-2905). - commit 56cd61e ++++ Mesa: - revert previous change, since it resulted in Xorg and Mesa no longer being able to load "i965" driver at all! This affects many if not almost all Intel GPU users. I can't tell why this happens, but I'm afraid we need to act immediately (boo#1202850); reopened boo#1200965 for now ... ------------------------------------------------------------------ ------------------ 2022-8-28 - Aug 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - commit 57c696d - Move upstreamed patches into sorted section - commit 1d06339 ------------------------------------------------------------------ ------------------ 2022-8-27 - Aug 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: fix rodata=full (git-fixes). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - commit 470861e ------------------------------------------------------------------ ------------------ 2022-8-26 - Aug 26 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ kernel-default: - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - Refresh patches.kabi/kABI-fix-removal-of-iscsi_destroy_conn.patch. - Refresh patches.suse/scsi-libiscsi-Teardown-iscsi_cls_conn-gracefully.patch. - commit bb43920 - ceph: don't truncate file in atomic_open (bsc#1202824). - ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: use correct index when encoding client supported features (bsc#1202822). - commit d0f574e - tracing: Have filter accept "common_cpu" to be consistent (git-fixes). - commit 31941eb - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - commit 55e2fc7 - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - commit 500082c - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - commit d5efa05 - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - commit 904f517 - blacklist.conf: tracepoint cleanup for drivers/char/random - commit 15d84d3 - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - platform/chrome: cros_ec_proto: don't show MKBP version if unsupported (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - commit 4349f84 - net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - commit 5ff4970 - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - commit 7a7a70b ++++ libapparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ oniguruma: - Added d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch: (boo#1157805 CVE-2019-19246) oniguruma: Heap-based buffer over-read in str_lower_case_match in regexec.c - Added 6eb4aca6a7f2f60f473580576d86686ed6a6ebec.patch: (boo#1164569 CVE-2019-19204) oniguruma: heap-based buffer over-read in function fetch_interval_quantifier in regparse.c - Added aa0188eaedc056dca8374ac03d0177429b495515.patch: (boo#1164550 CVE-2019-19203) oniguruma: heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c - Added 4097828d7cc87589864fecf452f2cd46c5f37180.patch: (boo#1150130 CVE-2019-16163) oniguruma: stack Exhaustion in regcomp.c because of recursion in regparse.c. - Added cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch: (boo#1177179 CVE-2020-26159) oniguruma: Buffer overflow in concat_opt_exact_str could result in DoS - Added 0f7f61ed1b7b697e283e37bd2d731d0bd57adb55.patch: (boo#1142847 CVE-2019-13224) oniguruma: use-after-free in onig_new_deluxe() in regext.c ++++ patterns-microos: - updating the cockpit network plug-in dependencies (bsc#1202479) - 5.3.6 ++++ timezone: - Update to reflect new Chile DST change, bsc#1202310 * bsc1202310.patch ------------------------------------------------------------------ ------------------ 2022-8-25 - Aug 25 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Follow up fix to 10.0.4 (bsc#1202706) - While the source code was updated to support SLE Micro the spec file was not updated for the new locations of the cache and the certs. Update the spec file to be consistent with the code implementation. ++++ kernel-default: - blacklist.conf: Blacklist 5f41fdaea63d - commit 63ae0ad - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - commit dc835b8 - block: only mark bio as tracked if it really is tracked (bsc#1202782). - commit 7abc7a3 - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - commit 5d80bdd - block: Fix wrong offset in bio_truncate() (bsc#1202780). - commit c0f694e - block: Fix fsync always failed if once failed (bsc#1202779). - commit f5086dc - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - commit e87146c - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - commit 84aa1b1 - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - commit f5a554b - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - commit cee5b60 - ocfs2: fix a deadlock when commit trans (bsc#1202776). - commit a5aedb3 - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - commit 28e460c - blacklist.conf: Blacklist d41b60359ffb - commit edba519 - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - commit 9c6d1b4 - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - commit 279cc3f - udf: Fix crash after seekdir (bsc#1194592). - commit 6ef60fc - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - commit 75eb2be - ext4: add reserved GDT blocks check (bsc#1202712). - commit 838aa12 - ext4: fix super block checksum incorrect after mount (bsc#1202773). - commit 613c9ba - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - commit 047da7e - ext4: fix bug_on in ext4_writepages (bsc#1200872). - commit ce23454 - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - commit b2f9c26 - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - commit fdc3142 - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - commit 2d0922d - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - commit 9fdbd44 - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - commit f11e4d9 - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - commit 42b5ddf - ext4: fix symlink file size not match to file content (bsc#1200868). - commit 7082685 - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). Refresh ext4-fix-race-condition-between-ext4_write-and-ext4_.patch - commit f4c0654 - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - commit eba8ff9 - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - commit c4c9f59 - tracing: Add ustring operation to filtering string pointers (git-fixes). - commit aa3d4b0 - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - commit 5104a0b - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - commit 0a7e7a5 - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - commit 967569f - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - commit 72b3729 - tpm: fix reference counting for struct tpm_chip (CVE-2022-2977 bsc#1202672). - commit 1a35f98 - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - commit 62f3764 - ext4: don't use the orphan list when migrating an inode (bsc#1197756). - commit d6830f3 - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - commit 4c705fb - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - commit 12cb4fe - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - commit 82f3f5b - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - commit 187abff - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - commit d6d02d9 - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - commit 507809a - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - commit 4941736 - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - commit 5de593d - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - commit 05b0f97 - Update references to mention CVE-2022-2938: patches.suse/psi-Fix-uaf-issue-when-psi-trigger-is-destroyed-whil.patch (CVE-2022-2938 bsc#1202623). - commit 58b2b90 - supported.conf: mark lib/objagg supported as dependency of mlxsw - commit 0d78453 - x86/speculation: Disable RRSBA behavior (bsc#1201455 CVE-2022-28693). - Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch. - commit 916d5d1 ++++ osinfo-db: - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3 add-opensuse-leap-15.5-support.patch add-sle15sp5-support.patch add-slem5.3-support.patch ++++ patterns-microos: - added libudisks2-0_lvm2 and _btrfs (jsc#SMO-154, jsc#SMO-161) - 5.3.5 ------------------------------------------------------------------ ------------------ 2022-8-24 - Aug 24 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add kdump-nfs-directory.patch and kdump-close.patch required by patches below. - Add kdump-refactor.patch and kdump-suse.patch to support SUSE kdump config management in cockpit. ++++ kernel-default: - x86/sgx: Set active memcg prior to shmem allocation (bsc#1199515 CVE-2021-33135). - commit 7552707 - Refresh patches.suse/nvme-auth-align-to-pre-upstream-FFDHE-implementation.patch. - commit 8ff61f9 - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - commit 1cf844d - net_sched: cls_route: remove from list when handle is 0 (CVE-2022-2588 bsc#1202096). - commit a6b8223 - Update patch reference for pipe fix (CVE-2022-2959 bsc#1202681) - commit a95d764 - Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (bsc#1190497). - commit ed5d2dc - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - commit a4c420a - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - commit a4e7029 ++++ multipath-tools: - Update to version 0.9.0+55+suse.33d8854: * Avoid linking to libreadline to avoid licensing issue (bsc#1202616) ++++ mozilla-nss: - update to NSS 3.79.1 (bsc#1202645) * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1759794 - protect SFTKSlot needLogin with slotLock. * bmo#1760998 - avoid data race on primary password change. * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state. ------------------------------------------------------------------ ------------------ 2022-8-23 - Aug 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - netfilter: nf_queue: do not allow packet truncation below transport header offset (bsc#1201940 CVE-2022-36946). - commit 3d5dd8d - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - commit 3fc5505 - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - commit a66ab60 - powerpc/xive: Fix refcount leak in xive_get_max_prio (fate#322438 git-fixess). - commit 8fc0a92 - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - commit 3ad5660 - blacklist.conf: Add c26d4c5d4f0d powerpc/kvm: Remove obsolete and unneeded select - commit a450e76 - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - commit fad23fe - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - commit a66766c - blacklist.conf: pure cleanup, no code change - commit e6e83f0 - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - commit ae198f6 - supported.conf: mark mlxsw modules supported (jsc#SLE-23766) - commit c490bf8 - blacklist.conf: cleanup with a risk of regressions - commit c2bd63f ++++ freetype2: - Added patches: * CVE-2022-27404.patch + fixes bsc#1198830, CVE-2022-27404: Buffer Overflow * CVE-2022-27405.patch + fixes bsc#1198832, CVE-2022-27405: Segmentation Fault * CVE-2022-27406.patch + fixes bsc#1198823, CVE-2022-27406: Segmentation violation ++++ libgcrypt: - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] * Add libgcrypt-out-of-core-handler.patch ++++ libslirp: - security update - added patches fix CVE-2021-3593 [bsc#1187365], invalid pointer initialization may lead to information disclosure (udp6) + libslirp-CVE-2021-3593.patch ------------------------------------------------------------------ ------------------ 2022-8-22 - Aug 22 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1202593, CVE-2022-35252] * Control codes in cookie denial of service * Add curl-CVE-2022-35252.patch ++++ transactional-update: - Version 4.0.1 - create_dirs_from_rpmdb: Just warn if no default SELinux context found [gh#openSUSE/transactional-update#88], [bsc#1188215] - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure [gh#openSUSE/transactional-update#88] - Handle directories owned by multiple packages [gh#openSUSE/transactional-update#90], [bsc#1188215] ++++ glibc: - x86-shared-non-temporal-threshold.patch: Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) ++++ kernel-default: - net: dsa: seville: register the mdiobus under devres (git-fixes). - commit 5ef3360 - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - commit 9185efa - net: mscc: ocelot: don't dereference NULL pointers with shared tc filters (git-fixes). - commit c98d515 - net: marvell: prestera: fix incorrect structure access (git-fixes). - commit 9ea3b2b - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - commit ee01535 - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - commit 782dad0 - vrf: don't run conntrack on vrf with !dflt qdisc (git-fixes). - commit 33928ef - net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's" (git-fixes). - Refresh patches.suse/net-dsa-mv88e6xxx-Unforce-speed-duplex-in-mac_link_d.patch. - commit ab3f5a5 - blacklist.conf: update blacklist - commit 7f6807d - Update patches.suse/PCI-Add-support-for-ACPI-_RST-reset-method.patch (jsc#SLE-19359 jsc#SLE-24572) - commit 6765137 - net: dsa: b53: Add SPI ID table (git-fixes). - commit ccf6538 - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - commit afd7296 - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - commit acf9d1f - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - commit ec00bd5 - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - commit 35ce0e7 - net: dsa: qca8k: fix MTU calculation (git-fixes). - commit bce505c - blacklist.conf: update blacklist - commit 61c1944 - net: stmmac: fix off-by-one error in sanity check (git-fixes). - commit 09fc6c2 - blacklist.conf: update blacklist - commit 9f34c2e - ext4: Fix check for block being out of directory size (bsc#1198577 CVE-2022-1184). - commit a54fb25 - ext4: make sure ext4_append() always allocates new block (bsc#1198577 CVE-2022-1184). - commit 1a13c4d - ext4: check if directory block is within i_size (bsc#1198577 CVE-2022-1184). - commit 226e379 - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - commit 64ae33d ------------------------------------------------------------------ ------------------ 2022-8-20 - Aug 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - commit 6835ddd - xfs: terminate perag iteration reliably on agcount (git-fixes). - commit f2327cf - xfs: rename the next_agno perag iteration variable (git-fixes). - commit dc975df - xfs: fold perag loop iteration logic into helper function (git-fixes). - commit d6c5eb4 - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - commit 083e5a4 - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - commit fce9137 - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - commit 725e89d - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - commit aaf842c - xfs: revert "xfs: actually bump warning counts when we send warnings" (git-fixes). - commit 5fc6378 - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - commit d15470c - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - commit bc104ad - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - commit 92ffd3b - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - commit 233c708 - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - commit bd04c03 - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - commit b0a0ff8 - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - commit dd3f833 - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - commit a5b7f1f - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - commit 46ab003 - ALSA: info: Fix llseek return value when using callback (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - commit 3db046b ------------------------------------------------------------------ ------------------ 2022-8-19 - Aug 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702 CVE-2021-4037). - commit 96040b9 - fs: Add missing umask strip in vfs_tmpfile (bsc#1198702 CVE-2021-4037). - commit b188cb2 - fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037). - commit d40a52d - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: don't send internal clone attribute to the userspace (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - commit 75a6dfb - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - commit e0a1b98 - selinux: Add boundary check in put_entry() (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: use correct type for context length (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - commit 8fa4586 - arm64: set UXN on swapper page tables (git-fixes). - commit e839a65 - Update patch reference for i2c ISMT fix (CVE-2022-2873 bsc#1202558) - commit c5ea54e - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - commit 0f8542d ++++ python-lxml: - add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309) ------------------------------------------------------------------ ------------------ 2022-8-18 - Aug 18 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Update to version 1.0+git2: * Let selinux-microos-relabel decide whether a relabel is necessary (bsc#1202437) ++++ kernel-default: - ext4: fix race when reusing xattr blocks (bsc#1198971). - commit f900445 - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - commit 68125c2 - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - commit e8e6da3 - mbcache: add functions to delete entry if unused (bsc#1198971). - commit 7e476f0 - mbcache: don't reclaim used entries (bsc#1198971). - commit 351abf2 - Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554). ppc64: NVRAM=y - commit b0c6309 - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - commit 3ed0fd5 - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - commit 7a72909 - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - commit a61eebd - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - commit 95d811d - dpaa2-eth: fix ethtool statistics (git-fixes). - commit 24955ec - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - commit 0a8f29d - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - commit 1af097c - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - commit c60449d - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - commit e939e5a - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - commit 06c0471 - tty: vt: initialize unicode screen buffer (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Don't clear read-only PHY interrupt (git-fixes). - commit 61affc0 - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - commit 74f881a - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: wacom: Don't register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - commit a9b45e9 - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - Refresh patches.suse/drm-vc4-hdmi-Add-debugfs-prefix.patch. - commit f1454ba - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - commit 1505831 - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - Refresh patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch. - commit 57c5267 - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - Refresh patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch. - commit 554f4ee - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - commit a92dd0e - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - commit d28b47b - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - commit ab1e66e - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - commit c6d6958 - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - commit b65bd26 ++++ systemd: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) ------------------------------------------------------------------ ------------------ 2022-8-17 - Aug 17 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tracing/histograms: Fix memory leak problem (git-fixes). - commit 8c95b1f - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - commit 0f2d911 - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/udl: Don't re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - Revert "drm/udl: Kill pending URBs at suspend and disconnect" (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - commit 8fe003b - Update udl patches to the version that have been queued to subsystem tree - commit d27d36e - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - commit 5d9cedf - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - commit 3d58e44 - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - commit 816522a - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - commit 8a222ee ++++ samba: - Fix Use after free when iterating smbd_server_connection->connections after tree disconnect failure; (bso#15128); (bsc#1200102). ++++ tar: - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated ------------------------------------------------------------------ ------------------ 2022-8-16 - Aug 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - commit 7795ade - Move upstreamed exfat patches into sorted section - commit 2ce62ac - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - commit 9c7ade3 - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - commit 583c9be - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - commit 2095e05 ++++ systemd: - Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944) To decrease log level of messages about use of KillMode=none from warning to debug. SAP still uses this deprecated option and the warnings emitted by PID1 confuse both SAP customers and support. ------------------------------------------------------------------ ------------------ 2022-8-15 - Aug 15 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - avoid bashism in baselibs postscript (bsc#1195391) ++++ kernel-default: - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - commit 4749d0c - Update patch-mainline tags to correct to v6.0-rc1 - commit b57acde - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - commit 26470c4 - lib/raid6/test: fix multiple definition linking error (git-fixes). - commit 1efe1e2 - Move upstreamed NVMe patches into sorted section - commit 0685dbd - Correct non-existing v5.20-rc1 to v6.0-rc1 in patch-mainline tags - commit b9e2284 ------------------------------------------------------------------ ------------------ 2022-8-14 - Aug 14 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - commit 48f9a86 ------------------------------------------------------------------ ------------------ 2022-8-13 - Aug 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (CVE-2022-36879 bsc#1201948). - commit d743f1f - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - commit 7941190 - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - commit 7b49d25 ------------------------------------------------------------------ ------------------ 2022-8-12 - Aug 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - commit a304667 - Refresh patches.suse/0007-nvme-auth-Diffie-Hellman-key-exchange-support.patch. - commit c07e572 - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1202131) Now iwlwifi queries *-72.ucode, but again, this is non-existing version. Correct to the existing *-71.ucode - commit af3987b - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - commit 0fff527 - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368 bsc#1202346). - commit 90c61ba - Update patch reference for v4l2 fix (bsc#1202347 CVE-2022-20369) - commit 9ce184e - devlink: Fix use-after-free after a failed reload (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - commit ad545fa - Add cherry-picked ACPI fix to Alt-commit - commit e374c80 ++++ icu: - Backport icu-CVE-2020-21913.patch: backport commit 727505bdd from upstream, use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). ------------------------------------------------------------------ ------------------ 2022-8-11 - Aug 11 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-tukit: - Drop .git from tar by request from Jiří Šrain. ++++ kernel-default: - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - commit f591dd8 - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - commit 1d64061 - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - commit 09d5d99 - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - commit 4e97f34 - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - commit 1bfd5f9 - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - commit a69e4a6 - iwlwifi: mvm: Don't fail if PPAG isn't supported (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: in sync mode don't call schedule (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - commit 80fbd62 - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - commit d9db47d - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - commit c590c1a - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: don't send BAID removal to the FW during hw_restart (bsc#1202131). - commit 315bdf8 - iwlwifi: don't dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - commit 96514f8 - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - commit f716768 - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - commit b310d63 - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - Refresh patches.suse/iwlwifi-yoyo-remove-DBGI_SRAM-address-reset-writing.patch. - commit 8a08a81 - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - commit b5909b9 - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - mac80211: introduce channel switch disconnect function (bsc#1202131). - commit 145a7cd - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - Refresh patches.suse/iwlwifi-yoyo-remove-DBGI_SRAM-address-reset-writing.patch. - commit 347cb47 - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: don't trust hardware queue number (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - commit 435f606 - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - commit bc13b68 - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - commit 875f8a0 - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - commit d54326e - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - Refresh patches.suse/iwlwifi-mvm-don-t-send-SAR-GEO-command-for-3160-devi.patch. - commit 4758d12 - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - commit e7585e2 - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - Refresh patches.suse/iwlwifi-fix-Bz-NMI-behaviour.patch. - commit 0bc6f5d - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - commit d2ec8a7 - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl: amd: Don't save/restore interrupt status and wake status bits (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - Revert "scripts/mod/modpost.c: permit '.cranges' secton for sh64 architecture." (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - commit 797b09e - SUNRPC: Fix READ_PLUS crasher (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - commit 24baf4c - md/bitmap: don't set sb values if can't pass sanity check (bsc#1197158). - commit a639749 ++++ zlib: - Fix heap-based buffer over-read or buffer overflow in inflate via large gzip header extra field (bsc#1202175, CVE-2022-37434, CVE-2022-37434-extra-header-1.patch, CVE-2022-37434-extra-header-2.patch). ++++ mdadm: - imsm: support for third Sata controller (bsc#1201297) 0122-imsm-support-for-third-Sata-controller.patch - mdadm: enable Intel Alderlake RSTe configuration (bsc#1201297) 1005-mdadm-enable-Intel-Alderlake-RSTe-configuration.patch ------------------------------------------------------------------ ------------------ 2022-8-10 - Aug 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require qemu USB drivers needed by virt-install (bsc#1202166) ++++ kernel-default: - drm/udl: Add reset_resume (bsc#1195917) - commit 3d458d0 - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Remove redundant word " *" (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - patches.suse/sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - commit aca64fd - Refresh patches.suse/sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch. - commit 730eeb7 - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - commit 5fb4c16 ++++ mozilla-nspr: - update to version 4.34.1 * add file descriptor sanity checks in the NSPR poll function. ++++ patterns-microos: - add cockpit-storaged (jsc#SMO-116) - add libmbim libmbim-glib4 libqmi-tools libqmi-glib5 (jsc#SMO-50) - add udica (jsc#CSD-121) pam_u2f (jsc#SMO-120) - 5.3.4 ++++ rust-keylime: - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf.diff to keylime-agent.conf.diff - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures ------------------------------------------------------------------ ------------------ 2022-8-9 - Aug 9 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Update to version 2.42.9: + Fix the check for maximum value of LZW initial code size (boo#1194633 CVE-2021-44648). + Use CMake for dependencies on Windows/MSVC. + Add option for building tests. + Move man pages to reStructuredText. + Disable relocation when built as a static libary on Windows. + Update wrap file for libjpeg-turbo. + Limit the memory size when loading image data. - Add docutils and pkgconfig(gi-docgen) BuildRequires: New dependencies. ++++ kernel-default: - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726 CVE-2022-26373). - commit f2aa23b - x86/speculation: Add RSB VM Exit protections (bsc#1201726 CVE-2022-26373). - commit aeafde0 - acpi: Disable APEI error injection if the kernel is locked down (bsc#1023051, CVE-2016-3695). - commit ce97a64 - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - commit 947a748 - Move kABI patch to kABI section. - commit a7b7c6a - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - commit 48b4d74 - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - commit 57502cb - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - commit 4b73642 - tty: n_gsm: fix broken virtual tty handling (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-invalid-use-of-MSC-in-advanced-option.patch. - Refresh patches.suse/tty-n_gsm-fix-software-flow-control-handling.patch. - Refresh patches.suse/tty-n_gsm-fix-tty-registration-before-control-channe.patch. - Refresh patches.suse/tty-n_gsm-fix-user-open-not-possible-at-responder-un.patch. - commit c074522 - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-restart-handling-via-CLD-command.patch. - commit a54ea81 - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - commit 64b8ec0 - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - commit d02d442 - n_gsm: remove unused parameters from gsm_error() (git-fixes). - commit 70877a4 - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - commit 351f982 - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-deadlock-in-gsmtty_open.patch. - Refresh patches.suse/tty-n_gsm-fix-invalid-use-of-MSC-in-advanced-option.patch. - Refresh patches.suse/tty-n_gsm-fix-missing-update-of-modem-controls-after.patch. - Refresh patches.suse/tty-n_gsm-fix-mux-cleanup-after-unregister-tty-devic.patch. - Refresh patches.suse/tty-n_gsm-fix-restart-handling-via-CLD-command.patch. - Refresh patches.suse/tty-n_gsm-fix-software-flow-control-handling.patch. - Refresh patches.suse/tty-n_gsm-fix-tty-registration-before-control-channe.patch. - Refresh patches.suse/tty-n_gsm-fix-user-open-not-possible-at-responder-un.patch. - commit 642a799 - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-restart-handling-via-CLD-command.patch. - commit 5190326 - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - Refresh patches.suse/tty-n_gsm-Modify-CR-PF-bit-when-config-requester.patch. - commit 0e6806e - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - commit e704b35 - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_fsl: Don't report FE, PE and OE twice (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - commit d8e88fb ------------------------------------------------------------------ ------------------ 2022-8-8 - Aug 8 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] * Add new dependency on jitterentropy * Add gnutls-FIPS-jitterentropy.patch ++++ keepalived: - VUL-0: CVE-2021-44225: keepalived: possible privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115) apply upstream patch: * 0001-dbus-fix-policy-to-not-be-overly-broad.patch ++++ kernel-default: - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - commit a524606 - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - commit a725a56 - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - commit 836dbc5 - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - commit ce06a4a - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - commit b67257b - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - commit 705cc88 - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - kfifo: fix kfifo_to_user() return type (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - random: remove useless header comment (git-fixes). - commit 7ebdc9d ++++ libgcrypt: - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf - Add libgcrypt-jitterentropy-3.3.0.patch * Update the internal jitterentropy to version 3.4.0 - Add libgcrypt-jitterentropy-3.4.0.patch ++++ podman: - Update to version 3.4.7: * Bump to v3.4.7 * Update release notes for v3.4.7 * fix CVE-2022-1227 * Update readme version * Bump to v3.4.7-dev * Bump to v3.4.6 * Add release notes for v3.4.6 * Bump golang.org/x/crypto to 7b82a4e * Bump to v3.4.6-dev * Bump to v3.4.5 * test: fix podman run test as rootless * do not set the inheritable capabilities * Release notes for v3.4.5 * Backport of https://github.com/containers/podman/pull/13536 to 3.4 * Bump github.com/prometheus/client_golang to v1.11.1 * [v.3.4] vendor containers/common@v0.44.5 * Disable search-images test * [CI:DOCS] logformatter: handle python logs * Changes of docker descriptions * Fix images since/after tests * Makefile: fix darwin detection * buildah bud tests: skip failing tests * System tests: fix RHEL8 gating tests * Record the image stream along with the path * Not all fields in machine list were set properly * Add completion for machine list format * Add JSON version of the machine list * Bump to v3.4.5-dev - Remove merged patches: * 0002-Add-JSON-version-of-the-machine-list.patch * 0003-Add-completion-for-machine-list-format.patch * 0004-Not-all-fields-in-machine-list-were-set-properly.patch * 0005-Record-the-image-stream-along-with-the-path.patch * 0006-System-tests-fix-RHEL8-gating-tests.patch * 0007-buildah-bud-tests-skip-failing-tests.patch * 0008-Makefile-fix-darwin-detection.patch * 0009-Fix-images-since-after-tests.patch * 0010-Changes-of-docker-descriptions.patch * 0011-CI-DOCS-logformatter-handle-python-logs.patch * 0012-Disable-search-images-test.patch * 0013-v.3.4-vendor-containers-common-v0.44.5.patch * 0014-Bump-github.com-prometheus-client_golang-to-v1.11.1.patch * 0015-Backport-of-https-github.com-containers-podman-pull-.patch - Fixed security issues: * CVE-2022-1227: https://github.com/advisories/GHSA-66vw-v2x9-hw75 bsc#1182428 * CVE-2022-27191: https://github.com/advisories/GHSA-8c26-wmh5-6g9v bsc#1197284 * CVE-2022-21698: https://github.com/advisories/GHSA-cg3q-j54f-5p7p bsc#1196338 ++++ salt: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288) - Added: * fix-ownership-of-salt-thin-directory-when-using-the-.patch * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch * save-log-to-logfile-with-docker.build.patch * add-support-for-gpgautoimport-539.patch * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch * normalize-package-names-once-with-pkg.installed-remo.patch * use-salt-bundle-in-dockermod.patch * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch * fix-salt.states.file.managed-for-follow_symlinks-tru.patch * set-default-target-for-pip-from-venv_pip_target-envi.patch ------------------------------------------------------------------ ------------------ 2022-8-7 - Aug 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: usb-audio: Add endianness annotations (git-fixes). - commit 9261514 - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - commit d2bf5c3 - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - commit 34c1728 - Revert "drivers/video/backlight/platform_lcd.c: add support for device tree based probe" (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - commit a1ba91a - Move upstreamed patches into sorted section - commit 4e4180d ------------------------------------------------------------------ ------------------ 2022-8-6 - Aug 6 2022 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Update to version 1.18.10: + Build: Require libqmi 1.30.8. + FCC unlock: Updated SDX55 unlock script to handle the new method introduced in the latest firmware releases. + Modem interface: - Set signal quality to 0% on shutdown. - Set signal quality as recent on init. + MBIM: - Fix task completion when peeking device fails. - Fix several GError double-frees. + mmcli: Don't print signal quality until modem is enabled. + Plugins: foxconn: remove carrier mapping table for T99W175. + Several other minor improvements and fixes. - Changes from version 1.18.8: + A new connection status dispatcher setup is provided, where users can provide custom scripts that will be called on bearer connect/disconnect events. This dispatcher will make the netifd integration in openwrt work much better, as we'll be able to report network-initiated disconnections cleanly to netifd. There are no default connection status dispatcher scripts installed, but it's suggested distributions make sure the following directories exist: - ${sysconfdir}/ModemManager/connection.d/ - ${libdir}/ModemManager/connection.d/ + API: Add missing Simple interface definitions in ModemManager-names.h. + Build: - meson: . fix daemon enums dependencies. . fix port enums includes. . fix 'export_packages' in GIR setup. . fix simtech plugin module name. - systemd: don't run ModemManager in containers. + Core: - serial: ensure the port object is valid after BUFFER_FULL handling. - netlink: . use unaligned netlink attribute length. . only change IFF_UP flag. - bearer: match unknown auth to chap in loose comparisons. - charsets: return error if UTF-8 validation fails. - fcc-unlock: make scripts POSIX shell compatible. - modem-helpers: . consider minimum ID when choosing best profile. . fix reading given in COPS=? responses. - sms: prevent crash if date is out of range. - profile-manager: fix copy-paste error on tags for quarks. + QMI: - Ignore slot status indications until initial status is known. - Return error when loading capabilities if none is found. + MBIM: - Default initial EPS bearer's auth to chap when unknown. - Update default error when network error is out of range. + mmcli: Fix key length when printing list of items. + Plugins: - linktop: new port type hints. - cinterion: add support for PLSx3w modems. - huawei: disable +CPOL based features in Huawei E226. + Several other minor improvements and fixes. ------------------------------------------------------------------ ------------------ 2022-8-5 - Aug 5 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b (except the not needed hunk for patching CHANGES.md which fails) that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch bsc#1201511: Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 ++++ dracut: - Update to version 055+suse.294.gc5bc4bb5: Missing network-manager module fixes (bsc#1201975): * fix(network-manager): avoid calling unavailable dracut-logger functions * fix(network-manager): skip non-directories in /sys/class/net * fix(network-manager): disable tty output if the console is not usable * fix(network-manager): show output on console only with rd.debug enabled * fix(network-manager): write DHCP filename option to dhcpopts file * fix(network-manager): ensure safe content of /tmp/dhclient."$ifname".dhcpopts * fix(network-manager): include nm-daemon-helper binary * fix(network-manager): don't pull in systemd-udev-settle * fix(network-manager): support teaming under NM+systemd * fix(network-manager): pull in network.target in nm-initrd.service ++++ hwinfo: - merge gh#openSUSE/hwinfo#115 - improve treatment of NVME devices (bsc#1200975) - fix compiler warnings - 21.83 ++++ kernel-default: - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - commit b5f1223 - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - Refresh patches.suse/iwlwifi-don-t-pass-actual-WGDS-revision-number-in-ta.patch. - commit 2aa0188 - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: don't get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - iwlwifi: dump host monitor data when NIC doesn't init (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - commit 65c3ddc - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - Refresh patches.suse/iwlwifi-don-t-pass-actual-WGDS-revision-number-in-ta.patch. - commit 1f7d7e3 - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - commit 4955e78 - iwlwifi: add new device id 7F70 (bsc#1202131). - Refresh patches.suse/iwlwifi-pcie-add-killer-devices-to-the-driver.patch. - commit a871c28 - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - commit dd87451 - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - commit 67d2e71 - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - Refresh patches.suse/iwlwifi-mvm-don-t-crash-on-invalid-rate-w-o-STA.patch. - commit 4f57116 - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - commit db3dcd7 - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - commit c24f8b7 - openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639 bsc#1202154). - commit 5c51c64 - usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - commit 1102903 - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - commit da104a3 - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/portdrv: Don't disable AER reporting in get_port_device_capability() (git-fixes). - PCI: endpoint: Don't stop controller when unbinding endpoint function (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - commit f77f01b - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - HID: amd_sfh: Handle condition of "no sensors" (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - commit 14d844c - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - commit 138fb4a ++++ selinux-policy: - Update fix_systemd.patch to add udev_read_pid_files(systemd_gpt_generator_t) (bsc#1200814) ------------------------------------------------------------------ ------------------ 2022-8-4 - Aug 4 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-tukit: - Update to version 0.0.3~git14.ff11a9a: * Add support for dict-format snapshots List * Fix URIError: malformed URI sequence * fix filemane+duplications * initial version of czech translation * added/corrected de.po for german - Remove old cockpit-tukit.obsinfo file ++++ kernel-default: - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - commit 62d2eea - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (CVE-2022-2585 bsc#1202094). - commit 2decf97 - supported.conf: added drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all octeontx2 modules as supported (jsc#SLE-24682) - commit 8caae84 - kabi/severities: octeontx2 driver (jsc#SLE-24682) - commit e0be4cf - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - Refresh patches.suse/octeontx2-af-cn10k-Do-not-enable-RPM-loopback-for-LP.patch. - commit c25b3fb - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - commit 4644234 - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - commit 559b103 - Remove doubly applied amdgpu patches - commit c58b33f - drm/amd/display: Revert "drm/amd/display: turn DPMS off on connector unplug" (git-fixes). - commit 2a4df70 - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Don't crash for invalid duplicate_state() (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - Revert "drm/i915: Hold reference to intel_context over life of i915_request" (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - commit c8ad99e - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - commit 3606800 - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - commit caf4ad9 ++++ u-boot-rpiarm64: Fix out-of-bounds write in sqfs_readdir() may lead to arbitrary code execution CVE-2022-33103 (bsc#1201213) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0022-fs-squashfs-sqfs_read-Prevent-arbit.patch ------------------------------------------------------------------ ------------------ 2022-8-3 - Aug 3 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvm reports udev database has incomplete information on devices (bsc#1202011) + bug-1202011_vgchange-monitor-don-t-use-udev-info.patch ++++ jitterentropy: - updated to 3.4.0 * enhancement: add API call jent_set_fips_failure_callback as requested by Daniel Ojalvo * fix: Change the SHA-3 integration: The entropy pool is now a SHA-3 state. It is filled with the time delta containing entropy and auxiliary data that does not contain entropy using a SHA update operation. The auxiliary data is calculated by a SHA-3 hashing of some varying state data. The time delta that contains entropy is measured about the SHA-3 hasing of the auxiliary data. This satisfies FIPS 140-3 IG D.K resolutions 4, 6, and 8. * enhancement: add CMake support by Andrew Hopkins - updated to 3.3.1 * fix: bug fix in initialization logic by Vladis Dronov * fix: use __asm__ instead of asm to suit the C11 standard - added a -devel-static package to be able to link it static. ++++ kernel-default: - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726 CVE-2022-26373). - commit e9f7bfc - x86/speculation: Add RSB VM Exit protections (bsc#1201726 CVE-2022-26373). - commit 87cc728 - ipv4: avoid using shared IP generator for connected sockets (CVE-2020-36516 bsc#1196616). - ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516 bsc#1196616). - commit 1c066c9 - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - Documentation: siphash: Fix typo in the name of offsetofend macro (git-fixes). - Documentation: update watch_queue.rst references (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq (git-fixes). - crypto: hisilicon/sec - don't sleep when in softirq (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - Documentation: dm writecache: Render status list as list (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - Documentation: PM: Drop pme_interrupt reference (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - Documentation: ACPI: EINJ: Fix obsolete example (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" (git-fixes). - Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes). - commit 3f28928 - kabi/severities: add hisilicon hns3 symbols - commit 684e0cd - kabi/severities: add Qlogic qed symbols - commit cb6e740 - net: hns3: clean residual vf config after disable sriov (git-fixes). - commit 3154aec - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - commit 1199c9d - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - commit e93e238 - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - commit 329c205 - net: stmmac: clean up impossible condition (git-fixes). - commit ab39c12 - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - commit 4ff6c29 - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - commit af05743 - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - commit c7e4e5e - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - commit ec8da82 - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - commit 71c2b0b - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - commit dfd1200 ++++ lvm2: - lvm reports udev database has incomplete information on devices (bsc#1202011) + bug-1202011_vgchange-monitor-don-t-use-udev-info.patch ++++ tiff: - CVE-2022-34266 [bsc#1201971] and [bsc#1201723]: Rename tiff-CVE-2022-0561.patch to tiff-CVE-2022-0561,CVE-2022-34266.patch This CVE is actually a duplicate. ++++ python-M2Crypto: - update CVE-2020-25657-Bleichenbacher-attack.patch to actually contain the fix rather than just being empty (CVE-2020-25657, bsc#1178829) ------------------------------------------------------------------ ------------------ 2022-8-2 - Aug 2 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Update audit-secondary.spec: create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519). ++++ combustion: - Update to version 1.0+git1: * Use /lib/dracut/hooks instead of the usr-merged location (bsc#1201957) ++++ dracut: - Update to version 055+suse.283.ge98ece25: * fix(network-manager): check for nm-initrd-generator in both /usr/{libexec,lib} (bsc#1201975) * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709) ++++ transactional-update: - Version 4.0.0 - Last minute interface change: Changed "List" method of Snapshot D-Bus interface to return a map of properties instead of a comma separated list of strings; this will allow retrieving the snapshot properties even if they contain a comma in their value [boo#1202147] - Remove "Snapshot.hpp" as a public API for now - all public functionality is part of SnapshotManager.hpp - Add header file documentation for SnapshotManager.hpp - Add method to delete snapshot [gh#openSUSE/transactional-update#52] - Allow setting description of snapshot [gh#openSUSE/transactional-update#55] - create_dirs_from_rpmdb: set SELinux file context of missing directories [gh#openSUSE/transactional-update#84], [bsc#1197242] - Fix broken logrotate due to typo in config file [gh#openSUSE/transactional-update#87] - create_dirs_from_rpmdb: Fix handling return code of create_dirs() [gh#openSUSE/transactional-update#86] - Fix broken "shell" prompt after selfupdate - Add documented D-Bus interface definition files - Add tukit_sm_get_current and tukit_sm_get_default to C interface - Fixed typos ++++ gnutls: - Security fix: [bsc#1202020, CVE-2022-2509] * Fixed double free during verification of pkcs7 signatures * Add gnutls-CVE-2022-2509.patch ++++ ignition: - ignition-enable-network.sh: Use /lib/dracut/hooks directly instead of the usr-merged location which isn't available everywhere (bsc#1201957) ++++ kernel-default: - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - commit 9816878 - kabi/severities: add microchip dsa drivers - commit d613b6c - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - commit f226af5 - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - commit eacb01d - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - commit 8fa1360 - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - commit 0417527 - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - commit 3269aa1 - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - commit eb53b1f - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - commit b56ecf7 - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - commit bcf713a - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - commit b95b3f1 - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - commit a40e5b6 - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - commit 855c403 - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - commit 2dc0b5b - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - commit b660473 - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - commit 7942c9d - net: dsa: microchip: implement multi-bridge support (git-fixes). - commit 1695da6 - net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - commit 5d0a92e - Update metadata references - commit 17e29ab ------------------------------------------------------------------ ------------------ 2022-8-1 - Aug 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/sev: Save the negotiated GHCB version (bsc#1190497). - commit 7d296c5 - Updated commit IDs from a rebased upstream branch: - patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch. - patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch. - patches.suse/watchdog-export-lockup_detector_reconfigure.patch. - commit 34c0e2f - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - commit 15bee70 - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - commit dacac6f - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - commit 44d8adc - net: asix: fix "can't send until first packet is send" issue (git-fixes). - commit 1f6d39d - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - commit 9ae4b3e - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - commit 6eee3c8 - drm/udl: Restore display mode on resume (bsc#1195917) - commit ab3f8b8 - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - commit f44b61a ++++ tiff: - security update: * CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch ++++ osinfo-db: - update to 20220727 - drop: add-opensuse-leap-15.4-support.patch add-sle15sp4-support.patch add-slem5.1-support.patch add-slem5.2-support.patch opensuse-autoyast-desktop.patch: all upstream ++++ rsync: - Security fix: [bsc#1201840, CVE-2022-29154] * arbitrary file write vulnerability via do_server_recv function * Added patch rsync-rsync-CVE-2022-29154.patch ++++ udica: - Initial packaging of version 0.2.6-5 ------------------------------------------------------------------ ------------------ 2022-7-31 - Jul 31 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - commit 1a67e46 - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - commit 95439df - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - commit d7e1c73 ------------------------------------------------------------------ ------------------ 2022-7-30 - Jul 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - commit 935d297 - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - commit 154606a - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - Refresh patches.suse/watch_queue-Fix-missing-rcu-annotation.patch. - commit 0e9524c - nouveau/svm: Fix to migrate all requested pages (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - commit 7883bd5 - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - bitfield.h: Fix "type of reg too small for mask" test (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - commit 68b3804 - Revert selftest patches that have been reverted in stable-5.15.y - commit a911337 ------------------------------------------------------------------ ------------------ 2022-7-29 - Jul 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - commit 55821eb - nvme: consider also host_iface when checking ip options (bsc#1199670). - commit 230f363 - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - commit 7c30f9f - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - commit 421f4e7 - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - commit 98e80d0 - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - commit 12973e3 - scripts/gdb: change kernel config dumping method (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - commit c823894 - tee: tee_get_drvdata(): fix description of return value (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - tee: optee: do not check memref size on return from Secure World (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - commit 00b109c - watch_queue: Fix missing rcu annotation (git-fixes). - udmabuf: add back sanity check (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - commit 4dc2af2 - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - commit d002ca3 - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - commit 6c401ae - Drop qla2xxx patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958) Upstream fixed the problem by reverting the offending commit. Delete: - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch - commit ae1d1a3 - selftests/seccomp: Don't call read() on TTY from background pgrp (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - commit 41741a6 - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - commit b3cbd1a - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - kselftest: signal all child processes (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - commit 48061db - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - commit ecbaea5 - blacklist.conf: Add ALSA entries that can't be applied to SLE15-SP4 kernels Those are to be cleared once when more ALSA core stuff is backported - commit b982d6c - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - commit 4b9d2ad ------------------------------------------------------------------ ------------------ 2022-7-28 - Jul 28 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Update suse-microos-branding.patch for new /etc/os-release ID. - Add storage-btrfs.patch to enable BTRFS use in cockpit-storage. ++++ kernel-default: - exfat: use updated exfat_chain directly during renaming (git-fixes). - commit 6b8d95e - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - commit 3017f33 - selftests/landlock: Add tests for unknown access rights (git-fixes). - commit a355ad8 - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Fully test file rename with "remove" access (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Use square brackets around "landlock-ruleset" (git-fixes). - lockdep: Correct lock_classes index mapping (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - commit 6710d1e - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes). - Documentation: add description for net.sctp.ecn_enable (git-fixes). - Documentation: add description for net.sctp.intl_enable (git-fixes). - Documentation: add description for net.sctp.reconf_enable (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - Documentation: add description for net.core.gro_normal_batch (git-fixes). - Documentation: move watch_queue to core-api (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - device property: Check fwnode->secondary when finding properties (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - commit 1ff4d9a - patches.suse/msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch: (bsc#1199364). - commit fbec9a8 - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - commit 0beb6ec - nvme: kabi fixes for in-band authentication (bsc#1199086). - commit 26c80ba - Update config files. - commit 1003620 ------------------------------------------------------------------ ------------------ 2022-7-27 - Jul 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cifs: fix reconnect on smb3 mount types (bsc#1201427). - commit d696086 - Update patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch references (add CVE-2022-32250). - commit 801027d - net/sched: cls_u32: fix netns refcount changes in u32_change() (CVE-2022-29581 bsc#1199665). - commit 6f81977 - blacklist.conf: This is a cleanup, not fixing any bug - commit 6f050ff - tee: fix put order in teedev_close_context() (git-fixes). - commit 1650ec3 - blacklist.conf: duplicate - commit 1c70642 - random: fix typo in comments (git-fixes). - commit 6de6114 - blacklist.conf: breaks kABI for a cleanup - commit 678666e - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - commit 0fb6e8a - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Refresh patches.suse/Bluetooth-btusb-Add-one-more-Bluetooth-part-for-WCN6.patch. - commit 91ad5ba - supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183) - commit 2fed93a - Refresh nvme in-band authentication patches (bsc#1199086) - nvme: implement In-Band authentication (jsc#SLE-20183). - Refresh patches.suse/0007-nvme-auth-Diffie-Hellman-key-exchange-support.patch. - Refresh patches.suse/0008-nvmet-parse-fabrics-commands-on-io-queues.patch. - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - Refresh patches.suse/0010-nvmet-auth-Diffie-Hellman-key-exchange-support.patch. - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - Delete patches.suse/nvme-auth-fixup-crash-at-boot.patch. - Delete patches.suse/nvme-fix-visibility-of-dev_attr_dhchap_ctrl_secret-s.patch. - commit 90c9163 - Refresh patches.suse/0001-crypto-add-crypto_has_shash.patch. - Refresh patches.suse/0002-crypto-add-crypto_has_kpp.patch. - Refresh patches.suse/0003-lib-base64-RFC4648-compliant-base64-encoding.patch. - Refresh patches.suse/0004-nvme-add-definitions-for-NVMe-In-Band-authentication.patch. - Refresh patches.suse/0005-nvme-fabrics-decode-authentication-required-connect-.patch. - commit 7d9a006 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). - Update nss-fips-constructor-self-tests.patch to fix compiler warning. ------------------------------------------------------------------ ------------------ 2022-7-26 - Jul 26 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - memcmp-power10.patch: powerpc: Optimized memcmp for power10 (jsc#PED-987) ++++ kernel-default: - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - commit 4c3e250 - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - commit 11d19f6 - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - commit 91f9b43 - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - commit 0e13b0d ++++ harfbuzz: - Add harfbuzz-CVE-2022-33068.patch: sbix: limit glyph extents (boo#1200900 CVE-2022-33068). ++++ lshw: - Update to version B.02.19.2+git.20220628 (jsc#526): * make version check optional ------------------------------------------------------------------ ------------------ 2022-7-25 - Jul 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add commit 7acae6183cf3 I blacklisted the wrong commit: instead of adding 7acae6183cf3, I added the commit that introduced the bug fixed by it (which isn't present in SLE15-SP4). - commit 8ec5489 - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - commit 5dd0ec2 - net: bcmgenet: skip invalid partial checksums (git-fixes). - commit af8e915 - ice: Fix race condition during interface enslave (git-fixes). - commit 873e269 - net: bcmgenet: Don't claim WOL when its not available (git-fixes). - commit a981d90 - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - commit 4aa2b33 - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - commit b08b10f - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - commit 549b785 - ice: Fix error with handling of bonding MTU (git-fixes). - commit 03f6b8d - ice: stop disabling VFs due to PF error responses (git-fixes). - commit 13b5865 - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - commit 1b69809 - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - commit 8344b36 - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - commit 2faff78 ++++ u-boot-rpiarm64: Fix heap overflow in squashfs filesystem implementation CVE-2022-33967 (bsc#1201745) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0021-fs-squashfs-Use-kcalloc-when-releva.patch Fix stack buffer overflow vulnerability in i2c md command CVE-2022-34835 (bsc#1201214) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0020-i2c-fix-stack-buffer-overflow-vulne.patch update_git: Set index lenght of git diffs to 10. ------------------------------------------------------------------ ------------------ 2022-7-23 - Jul 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - commit 7a76772 ------------------------------------------------------------------ ------------------ 2022-7-22 - Jul 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update kabi files: import symvers from MU 5.14.21-150400.24.11 - commit 5ac1ff2 - r8152: fix a WOL issue (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - Revert "e1000e: Fix possible HW unit hang after an s0ix exit" (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - NFC: nxp-nci: don't print header length mismatch on i2c error (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - commit 4bd213d - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - commit 65713d7 - Move upstreamed be2net patch into sorted section - commit c55a187 - Drop doubly applied arm64 dts patch Delete patches.suse/arm64-dts-broadcom-bcm4908-Fix-timer-node-for-BCM4906-SoC.patch - commit efd9176 ++++ libtirpc: -exclude ipv6 addresses in client protocol 2 code (bsc#1200800) - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch ------------------------------------------------------------------ ------------------ 2022-7-21 - Jul 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - commit fa420fb - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - commit eb2677a - net: ipa: add an interconnect dependency (git-fixes). - commit 94e475f - net: stmmac: fix return value of __setup handler (git-fixes). - commit 3c858ea - net: sxgbe: fix return value of __setup handler (git-fixes). - commit 723d359 - net: sparx5: Fix add vlan when invalid operation (git-fixes). - commit 1d88b17 - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - commit 74c8cc9 - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - commit 810f895 - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - commit 093ee20 - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - commit 13c2302 - Revert "net: ethernet: bgmac: Use devm_platform_ioremap_resource_byname" (git-fixes). - commit 411126e - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - commit b952b7a - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - commit 7bd7001 - blacklist.conf: add ARCnet drivers - commit 1614d85 - Sort patches from bsc#1201323 - commit 4165437 - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. - commit c3b4451 - lockdown: Fix kexec lockdown bypass with ima policy (CVE-2022-21505 bsc#1201458). - commit 5f6e1e5 ++++ openssl-1_1: - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] * Add patches: - openssl-1_1-ossl-sli-000-fix-build-error.patch - openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-ossl-sli-003-add-sli.patch - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] * Add openssl-1_1-Zeroization.patch ++++ sqlite3: - update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] ++++ selinux-policy: - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911) ------------------------------------------------------------------ ------------------ 2022-7-20 - Jul 20 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.5 (bsc#1201612) - Handle exception when trying to deregister a system form the server ++++ glibc: - disable-check-consistency.patch: i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ++++ kernel-default: - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - commit e2263d4 - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). Refresh: - patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch - patches.kabi/kABI-fix-adding-field-to-scsi_device.patch - patches.suse/scsi-core-sd-Add-silence_suspend-flag-to-suppress-some-PM-messages.patch - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - dm: don't stop request queue after the dm device is suspended (bsc#1201651). - commit 4dedd62 - kabi/severities: add intel ice - commit 77a60f8 - Delete patches.suse/xhci-turn-off-port-power-in-shutdown.patch (bsc#1201691) This patch leads to a failure to power off. https://bugzilla.kernel.org/show_bug.cgi?id=216243 - commit f2d59c9 - i2c: smbus: Check for parent device before dereference (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - commit c96154e ++++ pcre2: - Added pcre2-bsc1199235-CVE-2022-1587.patch * CVE-2022-1587 / bsc#1199235 * Fix out-of-bounds read due to bug in recursions * Sourced from: - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 ++++ systemd: - Import commit 7b70d88264a588fdba36c6e7655d1feea2b0e0a0 (merge of v249.12) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/4949659dd6ce81845e13034504fe06b85a02f08b...7b70d88264a588fdba36c6e7655d1feea2b0e0a0 - Import commit 4949659dd6ce81845e13034504fe06b85a02f08b 0f096f16ba tmpfiles: check the directory we were supposed to create, not its parent 82c3793e43 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call 2191a9ae95 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059) ++++ zypper: - lr: Allow shortening the Name column if table is wider than the terminal (bsc#1201638) - Don't accepts install/remove modifier without argument (bsc#1201576) - zypper-download: Set correct ExitInfoCode when failing to resolve argument. - zypper-download: Handle unresolvable arguments as error. This commit changes zypper-download such that it behaves more consistent to zypper-install when an argument can't be resolved. - version 1.14.55 ------------------------------------------------------------------ ------------------ 2022-7-19 - Jul 19 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - static-tls-surplus.patch: Remove tunables (bsc#1201560) ++++ kernel-default: - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - commit c4e0776 - net: dsa: lan9303: fix reset on probe (git-fixes). - commit 33805f1 - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - commit c168b96 - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - commit ceff3da - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - commit c46c86b - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - commit c2f5c50 - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - commit 1ebdd4d - net: dsa: lantiq_gswip: don't use devres for mdiobus (git-fixes). - commit 93f4a90 - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - commit 76cc859 - ethtool: Fix get module eeprom fallback (bsc#1201323). - commit f5666fa - nvme: wait until quiesce is done (bsc#1201651). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - commit d28bf38 - arm64: cpufeature: add HWCAP for FEAT_RPRES (git-fixes) Refresh patches.suse/0019-arm64-Use-the-clearbhb-instruction-in-mitigations.patch - commit cbc315a - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - commit b3a2425 - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - commit def3ab7 - net: dsa: felix: don't use devres for mdiobus (git-fixes). - commit a03978a - net: dsa: bcm_sf2: don't use devres for mdiobus (git-fixes). - commit 682abc6 - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - commit 6f8e329 - net: dsa: mv88e6xxx: don't use devres for mdiobus (git-fixes). - commit 61ee304 - gve: Recording rx queue before sending to napi (git-fixes). - commit 6edbff0 - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - commit 2479d47 - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - commit ea855e1 - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - commit 993d341 - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - commit 3b02b3e - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - commit d048544 - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - commit 741baff - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - commit 6f75240 - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - commit c68ab05 - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - commit 46a7cc8 - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - commit 904137a - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - commit fe79137 - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - commit cf06848 - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - commit 92bd067 - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - commit 7ae5bdc - tun: fix bonding active backup with arp monitoring (git-fixes). - commit cf865a3 - Update patch references for fbcon fixes (CVE-2021-33655 bsc#1201635) - commit eb3d075 ++++ libzypp: - Add PoolItem::statusReinit to reset the status it's initial state in the ResPool (might help bsc#1199895) This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if the PoolItem matched a hard lock defined in /etc/zypp/locks. - Fix building with GCC 13 on i586 (fixes #407, fixes #396) - Be prepared to receive exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and dependend code. This commit removes the MediaNetwork tech preview and all related code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloader and second: since the Provide API is going to completely replace the current media backend it would be extra work to ensure that changes on the Downloader do not break MediaNetwork. - version 17.31.0 (22) ------------------------------------------------------------------ ------------------ 2022-7-18 - Jul 18 2022 ------------------- ------------------------------------------------------------------ ++++ gpg2: - Security fix [CVE-2022-34903, bsc#1201225] - Vulnerable to status injection - Added patch gnupg-CVE-2022-34903.patch ++++ kernel-default: - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - commit f21578a - blacklist.conf: Add memcg/rstat optimizations 11192d9c124d fd25a9e0e23b 5b3be698a872 - commit 932b7ef - blacklist.conf: Add 26d5badbccdd signal: Implement force_fatal_sig - commit 1fe0fd9 - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - commit e2af2db - kABI workaround for snd-soc-rt5682-* (git-fixes). - kabi/severities: ignore dropped symbol rt5682_headset_detect - commit 5e19e6d - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - commit 59356c4 - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - commit 3831453 - net: amd-xgbe: Fix skb data length underflow (git-fixes). - commit 50d3988 - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - commit b59b0a9 - blacklist: added commit e1a4541ec0b9 - commit 7d0447e - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - commit 6cefa9d - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - commit 8aa4851 - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - commit d65aa35 - net: sfp: ignore disabled SFP node (git-fixes). - commit 5b8ce08 - octeontx2-pf: Forward error codes to VF (git-fixes). - commit 562327e - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - commit b549cad - octeontx2-af: Do not fixup all VF action entries (git-fixes). - commit dd1aa95 - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - commit e3e3f07 - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - commit 1470b40 - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - commit f842d14 - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - commit 6cf1273 - net: mscc: ocelot: fix using match before it is set (git-fixes). - commit 78b3f03 - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - commit cfa26bb - net: axienet: increase default TX ring size to 128 (git-fixes). - commit d910ea1 - net: axienet: fix for TX busy handling (git-fixes). - commit 99e0d80 - net: axienet: fix number of TX ring slots for available check (git-fixes). - commit 0c7e435 - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim doesn't write the inode (bsc#1201592). - commit 938aae2 - net: axienet: Fix TX ring slot available check (git-fixes). - commit c151ff3 - net: axienet: limit minimum TX ring size (git-fixes). - commit 13afdcb - net: axienet: add missing memory barriers (git-fixes). - commit d466816 - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - commit 7c11a1f - net: axienet: increase reset timeout (git-fixes). - commit 5cd6041 - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - commit 8a29229 - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - commit 7d643fb - bcmgenet: add WOL IRQ check (git-fixes). - commit d56437b - net: ipa: prevent concurrent replenish (git-fixes). - commit 63abe4d - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - commit 4d71717 - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - commit f58c0c8 - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - commit 2af3cae - rocker: fix a sleeping in atomic bug (git-fixes). - commit 75f1355 - kABI workaround for phy_device changes (git-fixes). - commit 91e246e - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mm: don't try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - commit 4d0f0a6 - Update patch metadata and move to sorted section patches.suse/mm-page_alloc-Do-not-prefetch-buddies-during-bulk-free.patch. patches.suse/mm-page_alloc-Drain-the-requested-list-first-during-bulk-free.patch. patches.suse/mm-page_alloc-Fetch-the-correct-pcp-buddy-during-bulk-free.patch. patches.suse/mm-page_alloc-Free-pages-in-a-single-pass-during-bulk-free.patch. patches.suse/mm-page_alloc-Limit-number-of-high-order-pages-on-PCP-during-bulk-free.patch. patches.suse/mm-page_alloc-Simplify-how-many-pages-are-selected-per-pcp-list-during-bulk-free.patch. patches.suse/mm-page_alloc-Track-range-of-active-PCP-lists-during-bulk-free.patch. - commit 14b9fbe - usbnet: fix memory leak in error case (git-fixes). - commit 7372d17 - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - commit 9119799 - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - commit 0d8f996 - arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - commit 3250248 - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - commit d8e5343 - blacklist.conf: ffc95a46: CONFIG_SLAB not set in config - commit d12fa0c - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - commit 3919bf9 - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - commit 2f456a6 - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - Revert "serial: sc16is7xx: Clear RS485 bits in the shutdown" (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - commit f48404b - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - net: phy: Don't trigger state machine while in suspend (git-fixes). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - commit 8948cad - kABI workaround for rtsx_usb (git-fixes). - commit ea7f901 - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ida: don't use BUG_ON() for debugging (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - commit 41d4678 - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - commit 5a5128b - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - commit d7feb0b - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - Revert "can: xilinx_can: Limit CANFD brp to 2" (git-fixes). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - batman-adv: Use netif_rx() (git-fixes). - commit ee36772 - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - commit 46eda4a - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - commit e9387c5 - ASoC: rt5682: Fix deadlock on resume (git-fixes). - Refresh patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch. - commit b58000f - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - Refresh patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch. - commit e602e5e - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - commit 9f44c25 - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - commit 72aed94 - Move upstreamed netfilter and tty patches to sorted section - commit 9d5e117 - x86/bugs: Remove apostrophe typo (bsc#1190497). - commit 0e5e638 - Sort in RETbleed backport into the sorted section Now that it is upstream... - Refresh patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch. - Refresh patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch. - Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch. - Refresh patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch. - Refresh patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch. - Refresh patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch. - Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch. - Refresh patches.suse/objtool-Re-add-UNWIND_HINT_-SAVE_RESTORE.patch. - Refresh patches.suse/objtool-Treat-.text.__x86.-as-noinstr.patch. - Refresh patches.suse/objtool-Update-Retpoline-validation.patch. - Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch. - Refresh patches.suse/x86-Undo-return-thunk-damage.patch. - Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch. - Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch. - Refresh patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch. - Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch. - Refresh patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch. - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. - Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch. - Refresh patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch. - Refresh patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch. - Refresh patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch. - Refresh patches.suse/x86-common-Stamp-out-the-stepping-madness.patch. - Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch. - Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch. - Refresh patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch. - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - Refresh patches.suse/x86-ftrace-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - Refresh patches.suse/x86-kvm-vmx-Make-noinstr-clean.patch. - Refresh patches.suse/x86-objtool-Create-.return_sites.patch. - Refresh patches.suse/x86-retpoline-Cleanup-some-ifdefery.patch. - Refresh patches.suse/x86-retpoline-Swizzle-retpoline-thunk.patch. - Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch. - Refresh patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch. - Refresh patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch. - Refresh patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch. - Refresh patches.suse/x86-speculation-Fix-RSB-filling-with-CONFIG_RETPOLINE-n.patch. - Refresh patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch. - Refresh patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch. - Refresh patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch. - Refresh patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch. - Refresh patches.suse/x86-static_call-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch. - Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch. - commit cc67fa3 ++++ kernel-firmware: - Fix missing aliases for qlogic (bsc#1200889); update other aliases as well from the latest SLE15-SP4 kernels ++++ libqmi: - update to 1.30.8: * dms: new 'Foxconn FCC authentication v2' request/response. ++++ libslirp: - Add patch to fix the version header (bsc#1201551): * 0001-meson-remove-meson-dist-script.patch ------------------------------------------------------------------ ------------------ 2022-7-16 - Jul 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI: fix adding field to ufs_hba (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Don't call kcalloc() if size arg is zero (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - commit fb67102 - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - commit 9992992 - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - commit 3de312d - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - commit 1a42a36 - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - commit 82fef3c ------------------------------------------------------------------ ------------------ 2022-7-15 - Jul 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - Refresh patches.suse/objtool-Update-Retpoline-validation.patch. - commit cf7f7e0 - x86/entry: Remove skip_r11rcx (bsc#1201524). - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - commit 64980c7 - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - commit bf00db7 - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - commit 3585cf1 ++++ ldb: - Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all changes for ldb-2.4.4. + CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). + CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); + CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). ++++ ncurses: - Add patch ncurses-bnc1198627.patch * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read ++++ sqlite3: - update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. ++++ permissions: - Update to version 20201225: * postfix: add postlog setgid for maildrop binary (bsc#1201385) ++++ qemu: - Fix: bsc#1198038, CVE-2022-0216 - Fix: bsc#1201367, CVE-2022-35414 * Patches added: scsi-lsi53c895a-fix-use-after-free-in-ls.patch softmmu-Always-initialize-xlat-in-addres.patch ++++ rpm-config-SUSE: - add SBAT values (boo#1193282) ------------------------------------------------------------------ ------------------ 2022-7-14 - Jul 14 2022 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.188.0: * Allow confined containers to mount overlay filesystems Fixed bsc#1201348 ++++ kernel-default: - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - commit ee19e9d - kabi/severities: add stmmac network driver local symbols - commit 832dcf3 - ppp: ensure minimum packet size in ppp_write() (git-fixes). - commit 1871bcf - veth: Do not record rx queue hint in veth_xmit (git-fixes). - commit 4e81b53 - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - commit 89745b1 - net: stmmac: Add platform level debug register dump feature (git-fixes). - commit 1f1e295 - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - commit 1ea5bd4 - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - commit 21661cb - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - commit bdd4068 - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - commit 100c8d7 - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - commit c8a3960 - veth: ensure skb entering GRO are not cloned (git-fixes). - commit de7c3ec - net: ks8851: Check for error irq (git-fixes). - commit c6aa897 - drivers: net: smc911x: Check for error irq (git-fixes). - commit 76302d7 - fjes: Check for error irq (git-fixes). - commit 3518c05 - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - commit caea254 - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - commit ca205ab - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - commit d928a50 - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - commit c13727a - netdevsim: don't overwrite read only ethtool parms (git-fixes). - commit e49332e - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - commit 14806b1 - net: mvpp2: fix XDP rx queues registering (git-fixes). - commit 785d73e - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - commit e300fac - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - commit 1aeafc7 - qede: validate non LSO skb length (git-fixes). - commit a6a6f45 - net: altera: set a couple error code in probe() (git-fixes). - commit 4b6f9c2 - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - commit 57e402c - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - commit 823f883 - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - commit ab94872 - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - commit eb079a6 - natsemi: xtensa: fix section mismatch warnings (git-fixes). - commit dbb5264 - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - commit 1aeeaf7 - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - commit f25bb21 - Remove Half duplex mode speed capabilities (git-fixes). - commit 92878dd - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - commit de8c06a - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - commit a6567bd - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - commit 6d547bd - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - commit 4e89e84 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit decd358 ++++ yaml-cpp: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171, yaml-cpp-abi-breakage.patch). ++++ samba: - CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). - CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). - CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); - CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). - CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). ------------------------------------------------------------------ ------------------ 2022-7-13 - Jul 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - commit 771ed28 - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - commit bc0ad1c - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - commit 6cf809d - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - commit f025bf7 - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - commit f8d4262 - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - commit e187f9a - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - commit f0be9d3 - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - commit 55e4b0b - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - commit 45eae59 - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - commit 3f5e1a3 - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - commit 58f5e5f - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - commit 47fa6c7 - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - commit d323c6e - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - commit 3dd00f6 - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - commit 3c0a341 - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - commit 6cd5dd2 - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - commit cd979cf - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - commit 067f613 - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - commit 8df6c27 - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - commit b13c76a - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - commit 185c5a1 - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - commit 3436390 - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - commit 5dea61c - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - commit e64c29a ++++ multipath-tools: - Update to version 0.9.0+39+suse.51a2ab1: Upstream bug fixes: * libmultipath: fix find_multipaths_timeout for unknown hardware (boo#1201483) * multipath-tools: fix "multipath -ll" for Native NVME Multipath devices (boo#1201483) - Update to version 0.9.0+33+suse.fdc6686 * multipath.conf: add support for "protocol" subsection in "overrides" section to set certain config options by protocol. * Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout * hwable fixes and additions * multipath.conf(5): add disclaimer about vendor support * libmultipath, kpartx: fix callers of dm_get_next_target() * Change built-in defaults for NVMe: group by prio, and immediate failback * Allow compilation with -D_FORTIFY_SOURCE=3 ++++ mozilla-nss: - Update nss-fips-constructor-self-tests.patch to add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - Update nss-fips-approved-crypto-non-ec.patch to mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - Update nss-fips-approved-crypto-non-ec.patch to remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need the workaround in FIPS mode (bsc#1200325). - Remove nss-fips-tests-skip.patch. This is no longer needed since we removed the code to short-circuit broken hashes and moved to using the SLI. ++++ ceph: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) ------------------------------------------------------------------ ------------------ 2022-7-12 - Jul 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - commit ca6af39 - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - commit 755232f - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - Refresh patches.suse/devlink-Make-devlink_register-to-be-void.patch. - commit 255954c - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - Refresh patches.suse/octeontx2-pf-cleanup-transmit-link-deriving-logic.patch. - commit c99a251 - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Don't enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: debugfs: don't corrupt user memory (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-pf: Don't mask out supported link modes (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Fix spelling mistake "Makesure" -> "Make sure" (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - commit 7af5fda ++++ python-M2Crypto: - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API. - Add python-M2Crypto.keyring to verify GPG signature of tarball. ++++ rpm: - Support Ed25519 signatures [jsc#SLE-24714] * new patch: ed25519.diff ++++ rust-keylime: - Update to version 0.1.0+git.1657303637.5b9072a: * keys_handler: Use scopes to drop mutexes before await * Enable usage of Rust IMA emulator in E2E tests. * ima_emulator: Support PCR hash algorithms other than SHA-1 * ima_entry: add IMA entry parser ported from Python Keylime * algorithms: Add conversion between our hash algorithms and OpenSSL's * Remove unused functions revocation_ip_get and revocation_port_get. Change String to &str. * Adjust function usage comments to account for new parameters. * Load config file less at startup in src/common.rs * GNUmakefile: Make target dependencies explicit * permissions: Set supplementary groups when dropping privileges * main: Use more descriptive message for missing files error * Show path when fail to load the certificate * tpm: Add serialization functions for structures in quotes - Requires tpm2.0-abrmd dependency, as the kernel resource manager could be not enough - Downgrade /var/run/keylime permissions - Set "run_as" parameter to "keylime:tss" - Create the keylime user via systemd - Fix keylime service home directory - Add 0001-main-die-when-cannot-drop-privileges.patch to avoid the execution as root when the run_as user is missing in the system ------------------------------------------------------------------ ------------------ 2022-7-11 - Jul 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - commit 3d68d7d - don't call utsname() after ->nsproxy is NULL (bsc#1201196). - commit 9689c47 ++++ permissions: - Update to version 20201225: * apptainer: fix starter-suid location (bsc#1198720) ++++ systemd-presets-branding-SMO: - enable NetworiManager by default (jsc#SMO-84) ------------------------------------------------------------------ ------------------ 2022-7-8 - Jul 8 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979] - gnutls_fips140_run_self_tests now properly releases fips_context ++++ kernel-default: - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d1e1c13 - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 3be5cfd - x86/bugs: Add Cannon lake to RETBleed affected CPU list (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 739eddd - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - commit e1e83aa - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - commit c771c51 ++++ ldb: - Update to version 2.4.3 + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); ++++ systemd: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network (bsc#1201276) This configuration files put in these directories are read by both udevd and systemd-networkd. ++++ samba: - Update to 4.15.8 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); ------------------------------------------------------------------ ------------------ 2022-7-7 - Jul 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - commit e9e6c6d - mm/slub: add missing TID updates on slab deactivation (git-fixes). - commit 2839b22 ------------------------------------------------------------------ ------------------ 2022-7-6 - Jul 6 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Switch to use the git repo with obs_scm - Update to version 1.0+git0: * Add Makefile for make install support * Start sysroot-usr.mount as well * Replace invalid use of ln_r in module-setup.sh ++++ open-iscsi: - Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570) ++++ kernel-default: - Update patch reference for rose fix (CVE-2022-2318 bsc#1201251) - commit 6740ddf - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (bsc#1200763, CVE-2022-33743, XSA-405). - commit 3452cb8 - xen/netfront: force data bouncing when backend is untrusted (bsc#1200762, CVE-2022-33741, XSA-403). - commit 8573a2a - xen/netfront: fix leaking data in shared pages (bsc#1200762, CVE-2022-33740, XSA-403). - commit d781d02 - xen/blkfront: force data bouncing when backend is untrusted (bsc#1200762, CVE-2022-33742, XSA-403). - commit e887a75 - xen/blkfront: fix leaking data in shared pages (bsc#1200762, CVE-2022-26365, XSA-403). - commit 5f3a98c ++++ tiff: - security update * CVE-2022-2056 [bsc#1201176] * CVE-2022-2057 [bsc#1201175] * CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch ++++ permissions: - Update to version 20201225: * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) ++++ setools: - require python3, not python (bsc#1200649) ------------------------------------------------------------------ ------------------ 2022-7-5 - Jul 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - Refresh patches.suse/KVM-nVMX-Ensure-vCPU-honors-event-request-if-posting.patch. - commit cc9c0cb - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - commit fb35701 - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - commit f8aa8f6 - netfilter: nf_tables: stricter validation of element data (CVE-2022-34918 bsc#1201171). - commit 6821024 - usbnet: fix memory allocation in helpers (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - commit bb6cd2d - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - commit a292641 - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (git-fixes). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/gem: add missing else (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - commit 29490b2 - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/amd/display: Don't reinitialize DMCUB on s0ix resume (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - commit 3a6b863 - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - commit b2f3ec0 ++++ libzypp: - Fix building with GCC 12.x release (#396) - version 17.30.3 (22) ++++ zypper: - Fix building with GCC 13 (fixes #448) - Put signing key supplying repository name in quotes. - version 1.14.54 ------------------------------------------------------------------ ------------------ 2022-7-4 - Jul 4 2022 ------------------- ------------------------------------------------------------------ ++++ gtk3: - Add compatible dependency "python3-gobject-Gdk if python3-gobject" to the typelib package for SLE and Leap (boo#1200614). ++++ kernel-default: - nvme: add verbose error logging (bsc#1200567). Update config files. - commit d728b74 - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - commit 19236f6 - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - commit 0a53cad - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - commit 5106bcc - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - commit 5bca6f6 - net: marvell: prestera: fix double free issue on err path (git-fixes). - commit 7d71374 - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - commit fd69472 - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - commit ab42270 - net: mvmdio: fix compilation warning (git-fixes). - commit 717e02c - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). Refresh: - patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - commit aaa97b5 - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - commit eeb9031 - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - commit 2c9f726 ++++ Mesa: - change default driver from 'iris' back to 'i965' for Intel Gen8-11 hardware; that way we also use the same driver used by X and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046 ------------------------------------------------------------------ ------------------ 2022-7-3 - Jul 3 2022 ------------------- ------------------------------------------------------------------ ++++ openssl-1_1: - Encrypt the sixteen bytes that were unencrypted in some circumstances on 32-bit x86 platforms. * [bsc#1201099, CVE-2022-2097] * added openssl-CVE-2022-2097.patch ------------------------------------------------------------------ ------------------ 2022-7-2 - Jul 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1657f57 - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c4753d1 - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 2b985b5 - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 4bed1b0 - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 316fcc5 - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 15924a8 - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f8dcdb9 - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ef884f6 - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1e826ce - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - commit 0257357 - virtio-net: realign page_to_skb() after merges (git-fixes). - commit 265619f - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit e07908e - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - commit 46bf69a - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 7195e40 - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9038814 - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ca2994e - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 82031ef - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5cc7992 - objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 3cfb55f ------------------------------------------------------------------ ------------------ 2022-7-1 - Jul 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1651453 - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 85c8e14 - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit cb8daf6 - objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 7436f55 - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b411908 - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f9a629c - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit dbabe9a - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b629108 - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ff2e369 - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 479ab24 - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c15babd - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 280d4c4 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit aa29b09 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 367584b - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 208357a - objtool: Fix sibling call detection in alternatives (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 184b12c - objtool: Treat .text.__x86.* as noinstr (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b887ffb - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d70c3f9 - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9650a8e - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit a3c8329 - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 24c6cbf - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b4bf5a2 - x86/ftrace: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 34b9619 - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - commit e34e055 - sched/fair: Revise comment about lb decision matrix (git-fixes) - commit 2b109b3 - sched/psi: report zeroes for CPU full at the system level (git-fixes) - commit 05c0f03 - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5ad644e - x86,static_call: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit e70fd02 - static_call,x86: Robustify trampoline patching (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 6790036 - x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f10b243 - x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9f6f194 - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 8a7359d - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5926e03 - x86/retpoline: Swizzle retpoline thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 3c3e714 - x86/retpoline: Cleanup some #ifdefery (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit eaa3af4 - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 00af010 - x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 75117a6 ++++ sqlite3: - update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. - drop sqlite-src-3380100-atof1.patch, included upstream - add sqlite-src-3390000-func7-pg-181.patch to skip float precision related test failures on 32 bit ++++ qemu: - Fix usb ehci boot failure (bsc#1192115) * Patches added: hw-usb-hcd-ehci-fix-writeback-order.patch ------------------------------------------------------------------ ------------------ 2022-6-30 - Jun 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/mce: Drop copyin special case for #MC (bsc#1201050 CVE-2021-26341). - Refresh patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch. - commit 4126374 - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - commit 5966058 - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - commit 3631ac9 - net: ipa: disable HOLB drop when updating timer (git-fixes). - commit a355c1a - net: ipa: HOLB register sometimes must be written twice (git-fixes). - commit 1a1e1cc - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - commit a4a273a - blacklist.conf: update - commit b3146ae - blacklist.conf: update blacklist - commit 441d7b5 - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - commit 2891b6b - crypto: x86/poly1305 - Fixup SLS (bsc#1201050 CVE-2021-26341). - commit fa7ee3f - x86: Add straight-line-speculation mitigation (bsc#1201050 CVE-2021-26341). - Update config files. - Refresh patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. - commit ab9af62 - x86/alternative: Relax text_poke_bp() constraint (bsc#1201050 CVE-2021-26341). - commit fc16607 - objtool: Add straight-line-speculation validation (bsc#1201050 CVE-2021-26341). - commit 97a5faf - x86: Prepare inline-asm for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit 8812996 - x86: Prepare asm files for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit 4b86385 - x86/lib/atomic64_386_32: Rename things (bsc#1201050 CVE-2021-26341). - commit 38ceb5a - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (bsc#1201050 CVE-2021-26341). - commit 28ad1d2 ------------------------------------------------------------------ ------------------ 2022-6-29 - Jun 29 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Backport to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch ++++ gnutls: - FIPS: * Add gnutls_ECDSA_signing.patch [bsc#1190698] - Check minimum keylength for symmetric key generation - Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) * Add gnutls-FIPS-force-self-test.patch [bsc#1198979] - Provides interface for running library self tests on-demand - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598 ++++ libguestfs: - bsc#1201064 - Libguestfs: Buffer overflow in get_keys leads to DOS - CVE-2022-2211 CVE-2022-2211-options-fix-buffer-overflow-in-get_keys.patch CVE-2022-2211-docs-guestfs-security-document.patch ++++ kernel-default: - kABI fix of sysctl_run_estimation (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - commit 19d4bd1 - sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154 bsc#1200599). - commit 68ce62e - sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599). - commit 7c734e0 - Update metadata references - commit 41b198a ------------------------------------------------------------------ ------------------ 2022-6-28 - Jun 28 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) ------------------------------------------------------------------ ------------------ 2022-6-27 - Jun 27 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1200734, CVE-2022-32205] * Set-Cookie denial of service * Add curl-CVE-2022-32205.patch - Security fix: [bsc#1200735, CVE-2022-32206] * HTTP compression denial of service * Add curl-CVE-2022-32206.patch - Security fix: [bsc#1200736, CVE-2022-32207] * Unpreserved file permissions * Add curl-CVE-2022-32207.patch - Security fix: [bsc#1200737, CVE-2022-32208] * FTP-KRB bad message verification * Add curl-CVE-2022-32208.patch ------------------------------------------------------------------ ------------------ 2022-6-24 - Jun 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Bring back /sbin/netconfig as build option since the netconfig in SLE is not ready for usrmerge. ++++ kernel-default: - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - commit 675eea8 ++++ util-linux: - agetty: Resolve tty name even if stdin is specified (bsc#1197178, util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731, util-linux-libmount-moving-mount-point-sub-mounts.patch, util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). ++++ util-linux-systemd: - agetty: Resolve tty name even if stdin is specified (bsc#1197178, util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731, util-linux-libmount-moving-mount-point-sub-mounts.patch, util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). ------------------------------------------------------------------ ------------------ 2022-6-23 - Jun 23 2022 ------------------- ------------------------------------------------------------------ ++++ hwinfo: - merge gh#openSUSE/hwinfo#113 - Keep NVMe's namespace output consistency when nvme_core.multipath=1 (bsc#1199948) - 21.82 ++++ kernel-default: - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - commit 0f5670f - Move upstreamed ALSA fix into sorted section - commit cd31297 - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - commit a36edad - fs: fix fd table size alignment properly (bsc#1200882). - commit 48b3814 - blacklist.conf: duplicate - commit e8e07db - blacklist.conf: duplicate - commit a10f356 - blacklist.conf: Blacklist e730558adffb, 14362a254179 - commit bc46cf4 - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - commit 46146be - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - commit 6ea4f30 - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - commit 173bfb0 - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - commit ab00b5f - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - commit 73ded12 - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - commit 83b219d - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - commit 81bd06f - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - commit bb0777f - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - commit 557f443 - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - commit 69042fa - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - commit 26397b0 - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - commit 597896d - blacklist.conf: add sdsi duplicates - commit 96b040c - mei: me: add raptor lake point S DID (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - gpio: dwapb: Don't print error on -EPROBE_DEFER (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping" (git-fixes). - commit 1ef7ff5 ++++ python-psutil: - Add patch mem-used-bsc1181475.patch (bsc#1181475) * Adopt change of used memory calculation from upstream of procps ------------------------------------------------------------------ ------------------ 2022-6-22 - Jun 22 2022 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.187.0: * Allow container domains to use /dev/zero - Changes from 2.186.0: * Create policy for a container_device_t * Allow containers to shutdown & setopt userdomain:sockets - Changes from 2.183.0: * Allow containers to inherit all socket classes from container runtimes. - Changes from 2.182.0: * Allow containers to inherit all socket classes - Changes from 2.181.0: * Allow socket activated domains for tcp sockets from init_t and userdomains. ++++ kernel-default: - blacklist.conf: blacklist block patches (bsc#1200569) - Delete patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch. - Delete patches.suse/block-avoid-to-quiesce-queue-in-elevator_init_mq.patch. - commit 9f66f8e - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - commit e2c2768 - iomap: iomap_write_failed fix (bsc#1200829). - commit b09bb9e - jfs: fix divide error in dbNextAG (bsc#1200828). - commit 1d88c02 - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - commit 49a67ad - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - commit 60be30f - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - iocost: don't reset the inuse weight of under-weighted debtors (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - bcache: fixup multiple threads crash (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - commit 4b94325 - blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - commit 67cf915 - kabi/severities: add exception for bcache symboles Nobody do their development based on bcache kernel module, it is unnecessary to add bcache symbles into kabi list. Add bcache as exception as we already did in previous products. - commit 3d2c794 - init: Initialize noop_backing_dev_info early (bsc#1200822). - commit 42f2c82 - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - commit 9659a5c - ext4: make variable "count" signed (bsc#1200820). - commit 046a2c3 - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - commit a8ac9df - fsnotify: fix wrong lockdep annotations (bsc#1200815). - commit 1d18602 - Update tags for: patches.suse/bfq-Allow-current-waker-to-defend-against-a-tentativ.patch. patches.suse/bfq-Avoid-false-marking-of-bic-as-stably-merged.patch. patches.suse/bfq-Avoid-merging-queues-with-different-parents.patch. patches.suse/bfq-Drop-pointless-unlock-lock-pair.patch. patches.suse/bfq-Get-rid-of-__bio_blkcg-usage.patch. patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch. patches.suse/bfq-Relax-waker-detection-for-shared-queues.patch. patches.suse/bfq-Remove-pointless-bfq_init_rq-calls.patch. patches.suse/bfq-Split-shared-queues-on-move-between-cgroups.patch. patches.suse/bfq-Track-whether-bfq_group-is-still-online.patch. patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch. - commit a5768bd - writeback: Avoid skipping inode writeback (bsc#1200813). - commit db91e0b - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - commit f0ad25f - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - commit aa31b78 - ext4: fix bug_on in __es_tree_search (bsc#1200809). - commit 6a97568 - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - commit f561c32 - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - commit 7239104 - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - commit 14ca9be - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). Refresh: patches.suse/vfs-add-super_operations-get_inode_dev - commit b200248 - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - commit f67e41c - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds' universally for now) added two new compiler-dependent configs: * CC_NO_ARRAY_BOUNDS * GCC12_NO_ARRAY_BOUNDS Ignore them -- they are unset by dummy tools (they depend on gcc version == 12), but set as needed during real compilation. - commit a14607c ++++ procps: - Add the patches * procps-3.3.17-library-bsc1181475.patch * procps-3.3.17-top-bsc1181475.patch which are backports of current newlib tree to solve bug bsc#1181475 * 'free' command reports misleading "used" value ++++ patterns-microos: - added conditionally cockpit-networkmanager to cockpit pattern - removed wicked from base pattern (jsc#SMO-84) - 5.3.3 ++++ rust-keylime: - Update to version 0.1.0+git.1655384301.b834667: * Update fmf plans to run test with IMA policy * .github/dependabot.yml: prevent updates that require manifest change - Add logrotate configuration for the agent service - Requires libtss2-tcti-device0 to interact with the real device - Drop legacy Python subpackage and feature - Move conflicts into the Python version ++++ virt-manager: - bsc#1200691 - SLES 15 SP4 GMC --os-variant tag shouldn't be mandatory on s390x (see also bsc#1200422) revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch ------------------------------------------------------------------ ------------------ 2022-6-21 - Jun 21 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ kernel-default: - Move to sorted section - patches.suse/sched-numa-Initialise-numa_migrate_retry.patch - patches.suse/sched-numa-Do-not-swap-tasks-between-nodes-when-spare-capacity-is-available.patch - patches.suse/sched-numa-Apply-imbalance-limitations-consistently.patch - patches.suse/sched-numa-Adjust-imb_numa_nr-to-a-better-approximation-of-memory-channels.patch - patches.suse/sched-fair-Consider-CPU-affinity-when-allowing-NUMA-imbalance-in-find_idlest_group.patch - commit 2813cbe - Refresh patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Refresh patches.suse/sched-fair-Improve-consistency-of-allowed-NUMA-balance-calculations.patch. Update metadata and move to sorted section. - commit e9e3368 - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - commit 14a7772 - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679 bsc#1199487). - commit c0e7a92 - blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL - commit 0702138 - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - commit 6d6ec08 - net: bnxt_ptp: fix compilation error (bsc#1199736). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - commit 46960ba - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - commit af9d58f - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - commit b447248 - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit 7bb387a - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: Don't set mddev private to NULL in raid0 pers->free (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: Don't report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Don't report ENOSPC write errors twice (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - commit cd7dbfe ++++ patterns-microos: - added cockpit-tukit to the pattern (jsc#SMO-22) - 5.3.2 ------------------------------------------------------------------ ------------------ 2022-6-20 - Jun 20 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-tukit: - Update to version 0.0.3~git9.94caf26: * switch _service to stable branch * Add translation template * Update translations ++++ jeos-firstboot: - Don't require wicked nor NetworkManager. Both are optional - Update to version 1.2.0.4: * Rewrite license code ++++ kernel-default: - Update config files. - commit 0f2966b - powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - Update config files. - commit 5211de3 - Refresh patches.suse/powerpc-rtas-Allow-ibm-platform-dump-RTAS-call-with-.patch - commit ed464d4 - Delete patches.suse/locking-rwsem-Make-handoff-bit-handling-more-consist.patch (bnc#1200420) The patch in question can miss wakeups on heavily contended inode i_mmap_rwsem locks. In extreme cases, this can prevent acquisition of the i_mmap_rwsem belonging to libc resulting in a system-wide lockup. The issue has been brought upstream but for the moment, revert the patch. - commit a0c3c4b - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - commit cd97b2f ++++ samba: - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ++++ tar: - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch ------------------------------------------------------------------ ------------------ 2022-6-17 - Jun 17 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.2: + Fix race condition with pppd that caused failures when activating PPPoE connections. + Unbreak DHCPv6 over PPP. + Don't ignore IPv6 DNS servers received from PPP. + Fix crash while checking WEP capability of Wi-Fi interfaces. + Ensure DHCP is restarted every time the link goes up. + Fix struct alignment issues seen on some architectures. + Various other bugfixes and improvements. ++++ gtk3: - Add dependency "python3x-gobject-Gdk if python3x-gobject" to the typelib package (boo#1200614). ++++ open-iscsi: - For Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d to vendor-specific /usr/etc/logrotate.d (for Stefan Schubert ) ++++ kernel-default: - Update patches.suse/random-fix-crash-on-multiple-early-calls-to-add_boot.patch (bsc#1184924). - commit f04e090 - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - commit bf45498 - kabi/severities: Exclude ppc kvm - commit 56c89d8 - exec: Force single empty string when argv is empty (bsc#1200571). - commit 256509d - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - commit d37f671 - net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: Use a mutex for locking "struct smc_pnettable" (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - commit 813daf3 - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - commit 6a3a347 - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - commit f4bd443 - Update patch reference for HID fix (CVE-2022-20132 bsc#1200619) - commit cfdbccf ++++ openssl-1_1: - Added openssl-1_1-Fix-file-operations-in-c_rehash.patch * bsc#1200550 * CVE-2022-2068 * Fixed more shell code injection issues in c_rehash ------------------------------------------------------------------ ------------------ 2022-6-16 - Jun 16 2022 ------------------- ------------------------------------------------------------------ ++++ pcre2: - Added pcre2-10.39-bsc1199232-unicode-property-matching.patch * bsc#1199232 * CVE-2022-1586 * Fixes unicode property matching issue ++++ salt: - Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) - Added: * fix-for-cve-2022-22967-bsc-1200566.patch ------------------------------------------------------------------ ------------------ 2022-6-15 - Jun 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - commit 29350fd - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - commit bd72f4c - kabi: return type change of secure_ipv_port_ephemeral() (CVE-2022-1012 bsc#1199482). - commit 7655c4d - Move upstreamed x86 patches into sorted section - commit 0044b5f - tcp: drop the hash_32() part from the index calculation (CVE-2022-1012 bsc#1199482). - tcp: increase source port perturb table to 2^16 (CVE-2022-1012 bsc#1199482). - tcp: dynamically allocate the perturb table used by source ports (CVE-2022-1012 bsc#1199482). - tcp: add small random increments to the source port (CVE-2022-1012 bsc#1199482). - tcp: resalt the secret every 10 seconds (CVE-2022-1012 bsc#1199482). Refresh patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch - tcp: use different parts of the port_offset for index and offset (CVE-2022-1012 bsc#1199482). - secure_seq: use the 64 bits of the siphash for port offset calculation (CVE-2022-1012 bsc#1199482). - commit dbe5a40 - Add references to IBM bugs - patches.suse/s390-dasd-fix-data-corruption-for-ESE-devices (bsc#1200205 LTC#198456). - patches.suse/s390-dasd-prevent-double-format-of-tracks-for-ESE-devices (bsc#1200205 LTC#198456). - patches.suse/s390-dasd-Fix-read-for-ESE-with-blksize-4k (bsc#1200211 LTC#198457). - patches.suse/s390-dasd-Fix-read-inconsistency-for-ESE-DASD-devices (bsc#1200211 LTC#198457). - commit aad3794 - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - usb: dwc2: gadget: don't reset gadget's driver->bus (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - tty: n_gsm: Don't ignore write return value in gsmld_output() (git-fixes). - pvpanic: Fix typos in the comments (git-fixes). - commit 27a1b2a - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - commit ca740b6 - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - commit feae0af ++++ libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag. - version 17.30.2 (22) ++++ logrotate: - Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864) * enforce stricter parsing to avoid CVE-2021-3864 * Added patch logrotate-enforce-stricter-parsing.patch * Added patch logrotate-enforce-stricter-parsing-extra-tests.patch ++++ rust-keylime: - Drop CFSSL port from the keylime.xml firewalld rules ++++ zypper: - Basic JobReport for "cmdout/monitor". - versioncmp: if verbose, also print the edition 'parts' which are compared. - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally (fixes #433) - Honor the NO_COLOR environment variable when auto-detecting whether to use color (fixes #432) - Define table columns which should be sorted natural [case insensitive] (fixes #391, closes #396, fixes #424) - lr/ls: Use highlight color on name and alias as well. - version 1.14.53 ------------------------------------------------------------------ ------------------ 2022-6-14 - Jun 14 2022 ------------------- ------------------------------------------------------------------ ++++ jeos-firstboot: - Update to version 1.2.0.3: * Don't ask for licence confirmation if not needed * Deduplicate wifi list ++++ kernel-default: - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 ("s390/boot: get rid of startup archive"), vmlinux on s390x moved from "compressed" subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - commit cd15543 - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - commit 93b1375 - blacklist.conf: duplicate - commit 04d3753 - blacklist.conf: duplicate - commit 40c85e4 - blacklist.conf: duplicate - commit 87d9efa - blacklist.conf: duplicate - commit f6df653 - ice: kabi protect ice_pf (bsc#1200502). - commit d6775e6 - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - Refresh patches.suse/RDMA-irdma-Fix-Passthrough-mode-in-VM.patch. - commit d0321f4 - net/ice: Remove unused enum (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - commit 220523b ++++ openldap2: - bsc#1198341 - Prevent memory reuse which may lead to instability * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch ++++ nfs-utils: - 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch Ensure sysctl setting work (bsc#1199856) ++++ rust-keylime: - Update to version 0.1.0+git.1655143451.7c4121e: * Add dependabot for automatic dependency updates * config: remove unused options * persist AK, NK and mTLS certificate to disk * Update tokio minimum version * Adjust CI test name according to keylime-tests PR#125 * Make wiremock an optional dependency * Drop unused dependency flate2 * Drop unused dependency rustc-serialize * Update clap dependency to 3.1.18 * add support for "hash_ek" UUID creation * tpm: add and use EKResult struct as return value for create_ek(..) * replace custom marshall functions with the offical one * update to tss-esapi 7.1.0 * quotes_handler: Rewind measured boot log file * Add test /functional/measured-boot-swtpm-sanity to Packit CI plan * OpenSSL on deb family is now libssl-dev ------------------------------------------------------------------ ------------------ 2022-6-13 - Jun 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - commit 5d68630 - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - commit 9445fd3 - Fix the build of f2fs driver (bsc#1200475) Refreshed patches: patches.suse/f2fs-Convert-to-using-invalidate_lock.patch patches.suse/f2fs-fix-to-unmap-pages-from-userspace-process-in-pu.patch - commit 7021d3f - drm/ast: Create threshold values for AST2600 (bsc#1190786) - commit 27f7842 ------------------------------------------------------------------ ------------------ 2022-6-12 - Jun 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - commit 553fd9c ------------------------------------------------------------------ ------------------ 2022-6-11 - Jun 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - commit e30715d - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - commit bd23b70 ------------------------------------------------------------------ ------------------ 2022-6-10 - Jun 10 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.279.g3b3c36b2: * fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) * fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) * fix(convertfs): ignore commented lines in fstab (bsc#1200251) * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) ++++ kernel-default: - floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836). - Update config files. - commit 74f61f9 - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - vdpasim: allow to enable a vq repeatedly (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - kselftest/arm64: bti: force static linking (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - commit 1cdee61 ++++ virglrenderer: - security update * Fix OOB in read_transfer_data() (CVE-2022-0135 bsc#1195389) Add virglrenderer-CVE-2022-0135.patch ------------------------------------------------------------------ ------------------ 2022-6-9 - Jun 9 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - strncpy-power9-vsx.patch: powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334, BZ #29197) ++++ kernel-default: - USB: new quirk for Dell Gen 2 devices (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - commit 88ae7b9 - mt76: fix encap offload ethernet type check (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - media: i2c: max9286: Use "maxim,gpio-poc" property (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - commit 8e2405a - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: validate the screen formats (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - commit 759c11f - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - commit 65ef7e3 - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: dapm: Don't fold register value changes into notifications (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - commit 4c6b283 - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - commit ebda4af - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - commit 30785a5 - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - commit ffb6036 - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - commit 97f34c5 - KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 (git-fixes). - commit 8240744 - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - commit d2a88e6 - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - commit 62ba92c - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - commit 704e7a8 - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - commit 6f6c8f1 - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - commit 06d4784 - KVM: x86: Fix emulation in writing cr8 (git-fixes). - commit 06b317c - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - commit 87cd4ea - Revert "svm: Add warning message for AVIC IPI invalid target" (git-fixes). - commit b359f55 - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - commit 25027bb - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - commit 2ca6eb1 - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - commit 28f6136 - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - commit 4e37bee - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - commit 42762d5 - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - commit 3c3b22d - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - commit 0a53b34 - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - commit 0a9f2a5 - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - commit e80aea5 - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - Refresh patches.suse/KEYS-asymmetric-properly-validate-hash_algo-and-enco.patch. - commit 432a795 - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - commit 1953e79 - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - commit 380000e - cifs: skip trailing separators of prefix paths (bsc#1193629). - commit de52c39 - cifs: update internal module number (bsc#1193629). - commit e08e204 - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - commit c456b31 - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - commit 4993b7e - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - commit b8254d9 - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - commit 52ba2a3 - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - commit 8ad5d4a - cifs: fix potential double free during failed mount (bsc#1193629). - commit 2c8b5b6 - cifs: avoid parallel session setups on same channel (bsc#1193629). - commit 6398a2b - cifs: use new enum for ses_status (bsc#1193629). - commit 217b1ee - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - commit e666d73 - smb3: add mount parm nosparse (bsc#1193629). - commit 124b02e - smb3: don't set rc when used and unneeded in query_info_compound (bsc#1193629). - commit 7bd568d - smb3: check for null tcon (bsc#1193629). - commit 7a9d23a - cifs: fix minor compile warning (bsc#1193629). - commit d783113 - Add various fsctl structs (bsc#1193629). - commit 113fafc - smb3: add trace point for oplock not found (bsc#1193629). - commit ca9c908 - cifs: return the more nuanced writeback error on close() (bsc#1193629). - commit 82811a7 - smb3: add trace point for lease not found issue (bsc#1193629). - commit dbdf8ba - cifs: smbd: fix typo in comment (bsc#1193629). - commit aa02f35 - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - commit 4ab153f - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - commit e68ac2c - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - commit e6babcb - cifs: print TIDs as hex (bsc#1193629). - commit ce753c2 - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - commit 562c8f3 - cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - commit 3e90ad5 - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - commit 3af7051 - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - commit e69077c - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - commit 775b640 - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - commit 282d7da - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - commit 4763651 - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - commit fc6ae9a - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - commit 1257221 - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - commit 3cd13e9 - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - commit 316f9e5 - cifs: release cached dentries only if mount is complete (bsc#1193629). - commit 42278b8 - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - commit b05a349 - cifs: update internal module number (bsc#1193629). - commit e161349 - cifs: force new session setup and tcon for dfs (bsc#1193629). - commit 2775e37 - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - commit 98d57dc - cifs: fix potential race with cifsd thread (bsc#1193629). - commit a547515 - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). [ ematsumiya: remove ksmbd parts ] - commit 1f36337 - smb3: cleanup and clarify status of tree connections (bsc#1193629). - commit 4be78fe - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - commit c6b74e0 - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - commit f23838d - [smb3] move more common protocol header definitions to smbfs_common (bsc#1193629). - commit d36ebbe - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - commit b55a09d - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - commit 00f232e - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - commit 9a48bbc - cifs: writeback fix (bsc#1193629). - commit 408ba7b - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - commit 613da4d - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - commit 81f5390 - Adjust cifssb maximum read size (bsc#1193629). - commit 8697188 - cifs: fix handlecache and multiuser (bsc#1193629). - commit 1baccc5 - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - commit 96a8bc3 - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - commit 746d619 - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - commit 3e1f855 - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - commit 96cdf4f - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - commit 64c2706 - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - commit fad6ecf - smb3: fix snapshot mount option (bsc#1193629). - commit 5a0e7c7 - cifs: mark sessions for reconnection in helper function (bsc#1193629). - commit d739035 - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - commit 4bc92b0 - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - commit b48b128 - [smb3] improve error message when mount options conflict with posix (bsc#1193629). - commit 30c8e8b - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - commit a396f87 - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - commit f64d988 - Fix a warning about a malformed kernel doc comment in cifs (bsc#1193629). - commit 3b5b4f5 - cifs: update internal module number (bsc#1193629). - commit f3a1db7 - smb3: send NTLMSSP version information (bsc#1193629). - commit 7ef0d69 ++++ python3-core: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x. ++++ ceph: - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 ++++ python3: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x. ++++ runc: - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ++++ u-boot-rpiarm64: Fix IP deframentation vulnerabilities CVE-2022-30790, CVE-2022-30552 (bsc#1200363, bsc#1200364) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0019-net-Check-for-the-minimum-IP-fragme.patch ++++ vim: - Deleted patches: * restrict-shell-commands.patch * source-check-sandbox.patch * vim-8.0.1568-CVE-2021-3778.patch * vim-8.0.1568-CVE-2021-3796.patch * vim-8.0.1568-CVE-2021-3872.patch * vim-8.0.1568-CVE-2021-3927.patch * vim-8.0.1568-CVE-2021-3928.patch * vim-8.0.1568-CVE-2021-3984.patch * vim-8.0.1568-CVE-2021-4019.patch * vim-8.0.1568-CVE-2021-4193.patch * vim-8.0.1568-CVE-2021-46059.patch * vim-8.0.1568-CVE-2022-0319.patch * vim-8.0.1568-CVE-2022-0351.patch * vim-8.0.1568-CVE-2022-0361.patch * vim-8.0.1568-CVE-2022-0413.patch * vim-8.0.1568-globalvimrc.patch - Added patches: * vim-8.1.0297-dump3.patch * vim-8.2.2411-globalvimrc.patch * disable-unreliable-tests-arch.patch - Updated patches: * disable-unreliable-tests.patch * vim-7.3-filetype_changes.patch * vim-7.3-filetype_ftl.patch * vim-7.3-filetype_spec.patch * vim-7.3-gvimrc_fontset.patch * vim-7.3-help_tags.patch * vim-7.3-mktemp_tutor.patch * vim-7.3-name_vimrc.patch * vim-7.3-sh_is_bash.patch * vim-7.3-use_awk.patch * vim-7.4-disable_lang_no.patch * vim-7.4-filetype_apparmor.patch * vim-7.4-filetype_mine.patch * vim-7.4-highlight_fstab.patch * vim-8.0-ttytype-test.patch * vim-8.0.1568-defaults.patch * vim73-no-static-libpython.patch - Updated to version 8.2 with patch level 5038, fixes the following problems * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read ------------------------------------------------------------------ ------------------ 2022-6-8 - Jun 8 2022 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Enable QRTR support * Add BR pkgconfig(qrtr-glib) ++++ gpg2: - gnupg-detect_FIPS_mode.patch: use AES as default cipher instead of 3DES if we are in FIPS mode. (bsc#1196125) ++++ kernel-default: - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - commit 7adf859 - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - commit 3f08633 - cifs: make status checks in version independent callers (bsc#1193629). - commit 4cd34c9 - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - commit 8253840 - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - commit 87c9542 - cifs: remove unused variable ses_selected (bsc#1193629). - commit 6eecd97 - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - commit aafaacc - cifs: fix the connection state transitions with multichannel (bsc#1193629). - commit 4d0aa0b - cifs: check reconnects for channels of active tcons too (bsc#1193629). - commit fbe1e74 - cifs: serialize all mount attempts (bsc#1193629). - commit 59797f7 - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - commit 6676166 - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - commit da4fb6c - cifs: clean up an inconsistent indenting (bsc#1193629). - commit d52e4e3 - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - commit d5d4763 - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - commit 11e89d8 - cifs: move superblock magic defitions to magic.h (bsc#1193629). - commit 9fcbd8d - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - commit 7b20a4b - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - commit 946730f - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - commit 95b368d - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - commit 851fea7 - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - commit 2ab24a2 - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - commit 833b4c0 - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - commit d359030 - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - commit 2bb2f0d - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - commit cb5bbe6 - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - commit 4a6c95e - cifs: remove redundant assignment to pointer p (bsc#1193629). - commit 6785bb0 - ftrace: Clean up hash direct_functions on register failures (git-fixes). - commit b73ad5c - blacklist.conf: aa748949b4e6 ("tracing/timerlat: Notify IRQ new max latency only if stop tracing is set") Not really a bug. It fixes a performance issue in tracing/timerlat. It also needs a preparatory patch. - commit d176655 - blacklist.conf: Add 78ed93d72ded signal: Deliver SIGTRAP on perf event asynchronously if blocked - commit 076f1f3 - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - commit ae69371 - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req (git-fixes). - commit cb739a2 - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - commit 7b6e6c7 - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - commit 1658257 - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - commit c752451 - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - commit d782140 - KVM: x86: don't print when fail to read/write pv eoi memory (git-fixes). - commit ddd0369 - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - commit d9d53c0 - KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration (git-fixes). - commit a3af640 - KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - commit 30f5bba - Add CVE reference to patches.suse/fanotify-Fix-stale-file-descriptor-in-copy_event_to_.patch (bsc#1195187 CVE-2022-1998). - commit f941d8c - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - commit 566d574 - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - commit eadab0f - Refresh patches.suse/drm-vmwgfx-Fix-fencing-on-SVGAv3.patch. Alt-commit - commit 595b07f - blacklist.conf: d4da1f27396f drm/dp: Fix off-by-one in register cache size - commit 6523c09 - blacklist.conf: 4adc33f36d80 drm/edid: Split deep color modes between RGB and YUV444 - commit ac837ed - mmc: block: Fix CQE recovery reset success (git-fixes). - commit d3053f5 ++++ systemd: - Import commit 17d488c53ad150de59f7d842e870e0c3d141d8ff 6b3bb1161c core/device: device_coldplug(): don't set DEVICE_DEAD 1e4058a0bc core/device: do not downgrade device state if it is already enumerated f1d33c466e core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570) fdaad2ff3a core/device: drop unnecessary condition ------------------------------------------------------------------ ------------------ 2022-6-7 - Jun 7 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch ++++ docker: - Update to Docker 20.10.17-ce. See upstream changelog online at . bsc#1200145 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++ kernel-default: - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - commit d332656 - add mainline tag for a pci-hyperv change - commit 6d39b2d - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - commit dfe7233 - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - commit 0f1be88 - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (CVE-2022-1972 bsc#1200019). - commit fb312f5 - netfilter: nf_tables: disallow non-stateful expression in sets earlier (CVE-2022-1966 bsc#1200015). - commit 382d5dc ++++ mozilla-nss: - Remove upstreamed patches: * nss-fips-version-indicators.patch * nss-fips-tests-pin-paypalee-cert.patch - update to NSS 3.79 - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - bmo#1766907 - Update mercurial in clang-format docker image. - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail. - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots. - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - bmo#1764788 - Correct invalid record inner and outer content type alerts. - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle. - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34 - update to NSS 3.78.1 * bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple - update to NSS 3.78 bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. bmo#1763120 - Add ECH Grease Support to tstclnt bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname. bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. bmo#1760813 - Make SEC_PKCS12EnableCipher succeed bmo#1762489 - Update zlib in NSS to 1.2.12. - update to NSS 3.77 * Bug 1762244 - resolve mpitests build failure on Windows. * bmo#1761779 - Fix link to TLS page on wireshark wiki * bmo#1754890 - Add two D-TRUST 2020 root certificates. * bmo#1751298 - Add Telia Root CA v2 root certificate. * bmo#1751305 - Remove expired explicitly distrusted certificates from certdata.txt. * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. * bmo#1756271 - Remove token member from NSSSlot struct. * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. * bmo#1757279 - Support UTF-8 library path in the module spec string. * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. * bmo#1760827 - Add a CI Target for gcc-11. * bmo#1760828 - Change to makefiles for gcc-4.8. * bmo#1741688 - Update googletest to 1.11.0 * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API. * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts. * bmo#1755904 - Fix calculation of ECH HRR Transcript. * bmo#1758741 - Allow ld path to be set as environment variable. * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests. * bmo#1758478 - Fix DataBuffer Move Assignment. * bmo#1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 * bmo#1755092 - rework signature verification in mozilla::pkix - Require nss-util in nss.pc and subsequently remove -lnssutil3 - update to NSS 3.76.1 NSS 3.76.1 * bmo#1756271 - Remove token member from NSSSlot struct. NSS 3.76 * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. * bmo#1370866 - Check return value of PK11Slot_GetNSSToken. * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS * bmo#1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. * bmo#1753505 - Avoid truncating files in nss-release-helper.py. * bmo#1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. - Add nss-util pkgconfig and config files (copied from RH/Fedora) - update to NSS 3.75 * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI. * bmo#1749794 - Make DottedOIDToCode.py compatible with python3. * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. * bmo#1748386 - Remove redundant key type check. * bmo#1749869 - Update ABI expectations to match ECH changes. * bmo#1748386 - Enable CKM_CHACHA20. * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown. * bmo#1747310 - real move assignment operator. * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests. * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool. * bmo#1747772 - Allow to build using clang's integrated assembler. * bmo#1321398 - Allow to override python for the build. * bmo#1747317 - test HKDF output rather than input. * bmo#1747316 - Use ASSERT macros to end failed tests early. * bmo#1747310 - move assignment operator for DataBuffer. * bmo#1712879 - Add test cases for ECH compression and unexpected extensions in SH. * bmo#1725938 - Update tests for ECH-13. * bmo#1725938 - Tidy up error handling. * bmo#1728281 - Add tests for ECH HRR Changes. * bmo#1728281 - Server only sends GREASE HRR extension if enabled by preference. * bmo#1725938 - Update generation of the Associated Data for ECH-13. * bmo#1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. * bmo#1712879 - Allow for compressed, non-contiguous, extensions. * bmo#1712879 - Scramble the PSK extension in CHOuter. * bmo#1712647 - Split custom extension handling for ECH. * bmo#1728281 - Add ECH-13 HRR Handling. * bmo#1677181 - Client side ECH padding. * bmo#1725938 - Stricter ClientHelloInner Decompression. * bmo#1725938 - Remove ECH_inner extension, use new enum format. * bmo#1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. - update to NSS 3.74 * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR * bmo#1721426 - NSS does not properly restrict server keys based on policy * bmo#1733003 - Set nssckbi version number to 2.54 * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate * bmo#1735407 - Replace GlobalSign ECC Root CA R4 * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3 * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate * bmo#1740095 - Add iTrusChina ECC root certificate * bmo#1740095 - Add iTrusChina RSA root certificate * bmo#1738805 - Add ISRG Root X2 root certificate * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build * bmo#1735028 - Check for missing signedData field * bmo#1737470 - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) - update to NSS 3.73.1: * Add SHA-2 support to mozilla::pkix's OSCP implementation - update to NSS 3.73 * bmo#1735028 - check for missing signedData field. * bmo#1737470 - Ensure DER encoded signatures are within size limits. * bmo#1729550 - NSS needs FiPS 140-3 version indicators. * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs * bmo#1738600 - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) * CVE-2021-43527 (bmo#1737470) Memory corruption via DER-encoded DSA and RSA-PSS signatures - update to NSS 3.72 * Remove newline at the end of coreconf.dep * bmo#1731911 - Fix nsinstall parallel failure. * bmo#1729930 - Increase KDF cache size to mitigate perf regression in about:logins - update to NSS 3.71 * bmo#1717716 - Set nssckbi version number to 2.52. * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported * bmo#1717707 - Add HARICA Client ECC Root CA 2021. * bmo#1717707 - Add HARICA Client RSA Root CA 2021. * bmo#1717707 - Add HARICA TLS ECC Root CA 2021. * bmo#1717707 - Add HARICA TLS RSA Root CA 2021. * bmo#1728394 - Add TunTrust Root CA certificate to NSS. - update to NSS 3.70 * bmo#1726022 - Update test case to verify fix. * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback * bmo#1681975 - Avoid using a lookup table in nssb64d. * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true. * bmo#1726022 - Cache additional PBE entries. * bmo#1709750 - Read HPKE vectors from official JSON. - Update to NSS 3.69.1 * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default * bmo#1720226 (Backout) - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69 * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again) * bmo#1720226 - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) * bmo#1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms. * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing nss failures. (removed obsolete nss-btrfs-sqlite.patch) * bmo#1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports. * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode * bmo#1720232 - SQLite calls could timeout in starvation situations. * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67 * bmo#1709817 - Import the NSS documentation from MDN in nss/doc. * bmo#1720227 - NSS using a tempdir to measure sql performance not active - add nss-fips-stricter-dh.patch - updated existing patches with latest SLE ++++ logrotate: - Fix "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802): * Added patch logrotate-dont_warn_on_size=_syntax.patch ++++ nvme-cli: - fabrics: Already connected uses a different error code (bsc#1199994) * add 0001-fabrics-Already-connected-uses-a-different-error-cod.patch - fabrics: skip connect if the transport types don't match (bsc#1199949 bsc#1199994) * add 0002-fabrics-skip-connect-if-the-transport-types-don-t-ma.patch - nvme-print: Show ANA state only for one namespace (bsc#1200044 bsc#1199956 bsc#1199990) * add 0003-nvme-print-Show-paths-from-the-first-namespace-only.patch * add 0004-nvme-print-Show-ANA-state-only-for-one-namespace.patch - fabrics: Honor config file for connect-all (bsc#1199504) * add 0005-fabrics-Honor-config-file-for-connect-all.patch ++++ patterns-microos: - include TPM in the base pattern (jsc#SMO-79) - 5.3.1 ------------------------------------------------------------------ ------------------ 2022-6-6 - Jun 6 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + bsc1200145-Limit-the-response-size-of-ExecSync.patch - Update to containerd v1.5.12. Upstream release notes: ++++ kernel-default: - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - Update config files to disable mistakenly enabled CONFIG_JBD2_DEBUG - commit 906d455 - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - commit 3a30c09 - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: Fix read for ESE with blksize < 4k (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - commit ef964f8 - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - commit 05f3a6d ------------------------------------------------------------------ ------------------ 2022-6-5 - Jun 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - commit 208fb5c - Added a commit for SCSI fixes - commit 73de13f - drbd: remove assign_p_sizes_qlim (git-fixes). - commit 457053c ------------------------------------------------------------------ ------------------ 2022-6-4 - Jun 4 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - commit 1ee546e - USB: serial: pl2303: fix type detection for odd device (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - USB: storage: karma: fix rio_karma_init return (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - commit 516f89a - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: sh-sci: Don't allow CS5-6 (git-fixes). - serial: txx9: Don't allow CS5-6 (git-fixes). - serial: rda-uart: Don't allow CS5-6 (git-fixes). - serial: digicolor-usart: Don't allow CS5-6 (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: don't overwrite xmit->buf[0] by x_char (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: 8250: pxa: Remove unneeded (git-fixes). - serial: 8250: core: Remove unneeded (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - commit dd65e3b - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - commit a50adf8 - driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - commit 903d077 ------------------------------------------------------------------ ------------------ 2022-6-3 - Jun 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (fate#322438 git-fixes). - commit e2ebad5 - tracing: Fix return value of trace_pid_write() (git-fixes). - commit 5a94726 - tracing: Fix potential double free in create_var_ref() (git-fixes). - commit eaa2d28 - blacklist.conf: 499f12168aeb ("tracing: Have event format check not flag %p* on __get_dynamic_array()") The commit introduces similar improvement as commit c6ced22997ad ("tracing: Update print fmt check to handle new __get_sockaddr() macro") which we do not carry. Let's blacklist it for now. - commit 416300c - Move upstreamed fsl patch into sorted section - commit 4204d7b - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - commit 7548c25 ++++ libnvme: - Reduce log noise and export error codes (bsc#1199994 bsc#1199503) * add 0001-fabrics-Lower-log-level-in-__nvmf_add_ctrl.patch * add 0002-fabrics-Remove-double-connection-error-logging.patch * add 0003-fabrics-Introduce-connection-connect-error-mapping.patch - Apply configuration from JSON file (bsc#1199503) * add 0004-libnvme-Export-nvme_ctrl_get_config.patch * add 0005-tree-Factor-lookup-code-for-controller.patch * add 0006-fabrics-Consider-config-from-file-when-adding-new-co.patch ++++ qemu: - Improve the output of update_git.sh, by including the list of repos to which we have downstream patches. - Fix bsc#1197084 and bsc#1199924 * Patches added: hostmem-default-the-amount-of-prealloc-t.patch pci-fix-overflow-in-snprintf-string-form.patch ------------------------------------------------------------------ ------------------ 2022-6-2 - Jun 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - commit e01be53 - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - commit 4dc809b - powerpc/xive: Fix refcount leak in xive_spapr_init (fate#322438 git-fixes). - commit 852fb13 - Cover the missing device_registered() check in the previous NFC fix patch (CVE-2022-1974 bsc#1200144) - Refresh patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch. - Refresh patches.suse/nfc-replace-improper-check-device_is_registered-in-n.patch. - commit be7ffc0 - Update patch reference for NFC fix (CVE-2022-1975 bsc#1200143) - commit c69687e - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974 bsc#1200144). - Refresh patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch. - commit 3255346 - Fix 0010-drm-msm-dpu-fix-error-check-return-value-of-irq_of_p.patch Fixed the incorrect return value added by this patch. Error message is below. * int-conversion in ../drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c in dpu_kms_init ../drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c: In function 'dpu_kms_init': ../drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c:1127:10: warning: return makes pointer from integer without a cast [-Wint-conversion] - commit 2b62fe6 - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - commit 240d3e0 - power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk (git-fixes). - commit 61ba8ea - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - commit 4dbbac8 - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - commit 1351672 - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - Update config files (set INTEL_SDSI=m). - supported.conf: add intel_sdsi - commit 5d516f9 ++++ mozilla-nss: - Mozilla NSS 3.68.4 (bsc#1200027) * Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) ++++ openssl-1_1: - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits ++++ ceph: - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths ------------------------------------------------------------------ ------------------ 2022-6-1 - Jun 1 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.360 (bsc#1200110): + Updated pci, usb and vendor ids. ++++ kernel-default: - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - commit b7805bd - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - commit ae4d644 - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - commit 113346a - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - commit 7d2b57d - KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852 bsc#1199875). - commit aff0e2d - KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID (CVE-2022-1789 bsc#1199674). - commit 2d985ed - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - commit 8873758 - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - commit 713cdfa ++++ sg3_utils: - Update to version 1.47+5.d13bc56: * rescan-scsi-bus.sh: add timeout parameter (bsc#1199248) ------------------------------------------------------------------ ------------------ 2022-5-31 - May 31 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0017-net-ip-Do-IP-fragment-maths-safely.patch * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0022-net-tftp-Avoid-a-trivial-UAF.patch * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Update SBAT security contact (boo#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch ++++ kernel-default: - Delete patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch. Remove this out-of-tree patch. Upstream has fixed the issue differently. - commit dbaf4c1 - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - commit 3e4f734 - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - commit 780b40c - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - commit 801b48d - Move upstreamed patches into sorted section - commit 36fc456 - Move upstreamed patches into sorted section - commit 92f23de - blacklist.conf: remove the document fix patch that has been backported - commit 94cafe2 - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - commit d77ad83 - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - commit eda282d - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - commit 08bb9f1 - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - commit 14f3189 - blacklist.conf: Append 'drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems' - commit 63487a6 - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - commit d241db8 - blacklist.conf: Append 'drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses' - commit 7d292af - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - commit f5c6c88 - blacklist.conf: Append 'drm/i915: Check EDID for HDR static metadata when choosing blc' - commit 1e4bda7 - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - commit d9a79ed - blacklist.conf: Append 'drm/i915: Fix race in __i915_vma_remove_closed' - commit 6b9663e - blacklist.conf: Append 'drm/amd/display: Fix memory leak in dcn21_clock_source_create' - commit 6b379f0 - blacklist.conf: Append 'drm/amdkfd: Fix GWS queue count' - commit c194bfe - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - commit 1516756 - blacklist.conf: Append 'drm/amdgpu/smu10: fix SoC/fclk units in auto mode' - commit 6e963ac - arm64: Add support for user sub-page fault probing (git-fixes) Update patch and enable CONFIG_ARCH_HAS_SUBPAGE_FAULTS=y on aarch64 - commit 89d500c - blacklist.conf: Append 'drm/vmwgfx: Disable command buffers on svga3 without gbobjects' - commit bf4ec77 - blacklist.conf: Append 'drm/vmwgfx: Initialize drm_mode_fb_cmd2' - commit 8d00ddf - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - commit f91c8b4 - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - commit 0e4c9cb - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - commit 6eef8ef - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - commit d1f24d4 - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - commit 6e3b46b - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - commit e399f83 - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - commit ff84c19 - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - commit 7e0c8c4 - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - commit e9be256 - drm/msm: properly add and remove internal bridges (bsc#1190768) - commit 5c122fe - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - commit ab7ec76 - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - commit 42fd30b - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - commit 9331eed - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - commit ad47bc7 - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - commit 9c50bd8 - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - commit 46850e9 - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - commit ea06bd8 - KVM: x86: SVM: don't set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - commit d06006c - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - commit e82d899 - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - commit deab733 - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - commit d4b3446 - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - commit 7edc84d - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - commit f6a065f - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - commit 44bc62d - kvm: fix wrong exception emulation in check_rdtsc (git-fixes). - commit 1c5ae50 - KVM: VMX: Remove defunct "nr_active_uret_msrs" field (git-fixes). - commit 1a24800 - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - commit 1f6eceb - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - commit 676f374 - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - commit 61c5fcd - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - commit e1674de - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - commit 1cee451 - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - commit f10ca89 - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - commit f9e5a47 - KVM: x86: Don't force set BSP bit when local APIC is managed by userspace (git-fixes). - commit 7c46a7f - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - commit 611cd52 - lockdown: kABI workaround for lockdown_reason changes (bsc#1199426 CVE-2022-21499). - commit 972b043 ------------------------------------------------------------------ ------------------ 2022-5-30 - May 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - Fix double fget() in vhost_net_set_backend() (git-fixes). - commit 4401121 - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - commit abc77e7 - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - commit 397eb16 - gen_init_cpio: fix short read file handling (bsc#1193289). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - commit b52895d - KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - Documentation: Add documentation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 426a83d - hide appended member supports_dynamic_smps_6ghz (git-fixes). - commit f872210 - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - commit 413bfcd - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - commit 9697600 - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - commit 3121010 - lockdown: also lock down previous kgdb use (bsc#1199426 CVE-2022-21499). - commit 251570d - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - commit 2fd937f ++++ openssl-1_1: - Security fix: [bsc#1199166, CVE-2022-1292] * Added: openssl-CVE-2022-1292.patch * properly sanitise shell metacharacters in c_rehash script. ++++ libzypp: - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh. - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived. (bsc#1199042) - singletrans: no dry-run commit if doing just download-only. - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER (fixes #388) - version 17.30.1 (22) ++++ mdadm: - resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) 1004-mdadm-super1-restore-commit-45a87c2f31335-to-fix-clu.patch ------------------------------------------------------------------ ------------------ 2022-5-29 - May 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - commit 00278c6 ++++ libmbim: - update to 1.26.4: * meson: force building doc on normal builds, not only during install. * meson: fix 'export_packages' in GIR setup. * compat: deprecate the MbimLteAttachStatus type. * net-port-manager: use unaligned netlink attribute length. * include MBIM proxy control service in docs. * codegen: add section doc for each service. * utils: add missing short description in section. * compat: add missing MbimLteAttachStatus doc. * device: add missing mbim_device_list_links() doc. * device: fix MbimDevice 'device-in-session' property doc. * version: add missing MBIM_CHECK_VERSION() documentation. * device: fix wrong reference to QmiDevice * Several other minor improvements and fixes. ++++ mozilla-nspr: - update to version 4.34 * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ------------------------------------------------------------------ ------------------ 2022-5-28 - May 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: x86 - eliminate anonymous module_init & module_exit (git-fixes). - commit e9656ce - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - commit f5e4e29 - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - commit 5a67b91 ------------------------------------------------------------------ ------------------ 2022-5-27 - May 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - commit 1131a46 - Update patch reference for libata fix (bsc#1118212). - commit 6d39ca9 - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: validate S1G channel width (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - vhost_vdpa: don't setup irq offloading when irq_num < 0 (git-fixes). - commit 4e4f201 - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - commit a0726ce - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - commit 8d4668b - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/amd/display: DCN3.1: don't mark as kernel-doc (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - commit 9404954 - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm: sti: don't use kernel-doc markers (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm: bridge: icn6211: Fix register layout (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - commit 57ac012 - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - Refresh patches.suse/ARM-dts-aspeed-Add-video-engine-to-g6.patch. - commit 7366c1a - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - arm: mediatek: select arch timer for mt7629 (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - ath11k: Don't check arvif->is_started before sending management frames (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - commit 31708da ++++ systemd: - fix parsing error in s390 udev rules conversion script (bsc#1198732) ++++ u-boot-rpiarm64: Fix vulnerability in NFS, CVE-2022-30767 (bsc#1199623) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0018-net-nfs-Fix-CVE-2022-30767-old-CVE-.patch ------------------------------------------------------------------ ------------------ 2022-5-26 - May 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - perf: Fix sys_perf_event_open() race against self (bsc#1199507,CVE-2022-1729). - commit 25fb716 ------------------------------------------------------------------ ------------------ 2022-5-25 - May 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - commit 4c36b1c - ext4: avoid cycles in directory h-tree (bsc#1198577 CVE-2022-1184). - commit b38a01b - ext4: verify dir block before splitting it (bsc#1198577 CVE-2022-1184). - commit bca7951 - net: phy: correct spelling error of media in documentation (git-fixes). - commit f65b389 - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/bcm2711: Don't clamp temperature at zero (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - commit 6d8fda5 - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - commit c3331af ++++ libqmi: - Enable QRTR support ++++ installation-images-LeapMicro: - rename the SLE Micro -release package (bsc#1199911) - 16.57.21 ------------------------------------------------------------------ ------------------ 2022-5-24 - May 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Fold NetworkManager-wifi back into the main package: The dep chain is not really different and it causes too many problems for users having that split. Not worth the pain (boo#1199710, boo#1199706). - As a consequence, also drop the recommends fro the main package to -wifi. ++++ python-kiwi: - Remove mailmap so email is not updated for old changelog entries in IBS Signed-off-by: David Cassany ++++ kernel-default: - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - commit 6d101b3 - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - commit b108057 - Add cherry-picked IDs to x86 platform drivers - commit e43dfb1 - arm64: fix types in copy_highpage() (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - commit 5e96a09 ++++ patterns-microos: - bump version to 5.3.0 ++++ qemu: - Get rid of downstream patches breaking s390 modules. Replace them with the upstream proposed and Acked (but never committed) solution (bsc#1199015) * Patches added: modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch * Patches dropped: Fix-the-module-building-problem-for-s390.patch modules-quick-fix-a-fundamental-error-in.patch ++++ rust-keylime: - Update to version 0.1.0+git.1653314004.ceda2ec: * Skip serialization of optional fields * Make support for legacy python revocation actions optional * main: Do not try to load CA cert if mTLS is disabled * CI: Add packit to run end-to-end tests * GNUmakefile: Install shim.py * Add service for secure mount * secure_mount: Do not try to give ownership to root * secure_mount: Rewrite check_mount() * main: Ignore original ownership when unzipping files * Drop privileges to run as normal user and group * main: Mount secure mount before dropping the privileges * main: Open files that require privilege at the beginning * quotes_handler: Fix measured boot list encoding * Fix typo in config_get() * Add option to disable mTLS * Update actix-web to 4, remove tokio 0.2 dependencies * crypto: Add helper function to convert public key to PEM string * Add ansasaki as maintainer ++++ toolbox: - bump the container version to 5.3 ------------------------------------------------------------------ ------------------ 2022-5-23 - May 23 2022 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch bsc1199724-modules.patch (bsc#1199724) * Enable upstream commit to list ko.zst modules as well ++++ python-kiwi: - Bump version up to v9.24.36 This version includes fixes for: * Preserve LABEL setting (#2108) Preserve the LABEL= setting when the grub config file is re-generated. the GRUB_ENABLE_LINUX_LABEL setting does not exists upstream and not in any SUSE distribution. Set the grub setting such that LABEL is preserved on SUSE distros. (bsc#1197616) * Add ensure_empty_tmpdirs option for OCI containers (bsc#1197783) Since #1759 was merged, the contents of /run/ and /tmp/ are excluded from built images. This causes problems for some containers, notably Ceph when deployed in a Rook/k8s environment, which needs to have certain directories present inside /run/. This commit adds the ability to return to the previous behaviour and *not* empty those temporary directories, if you specify . Fixes: https://github.com/OSInside/kiwi/issues/2093 Signed-off-by: Tim Serong * Set /.snapshots subvolume to mode 0700 (bsc#1194992) Avoid that users other than root can enter or even change the content. This is what snapper does as well. ++++ kernel-default: - io_uring: kill extra checks in io_write() (bsc#1198968 CVE-2022-1508). - Revert "iov_iter: track truncated size" (bsc#1198968 CVE-2022-1508). - io_uring: use iov_iter state save/restore helpers (bsc#1198968 CVE-2022-1508). - iov_iter: add helper to save iov_iter state (bsc#1198968 CVE-2022-1508). - io_uring: reexpand under-reexpanded iters (bsc#1198968 CVE-2022-1508). - iov_iter: track truncated size (bsc#1198968 CVE-2022-1508). - commit edd86da - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - commit ed6f157 - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - commit 55b24a6 - Update patch reference for crypto fix (bsc#1197601) - commit 0c89071 - Add dtb-starfive - commit 85335b1 - Update patch references for ax25 fixes (CVE-2022-1204 bsc#1198025) - commit c6e9ba8 - Update kabi files from the GMC submitted kernel. - commit b4bebf4 - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - commit c85ed92 - blacklist.conf: riscv architecture not supported. - commit 89f6518 - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - commit fafa813 ++++ ceph: - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit ++++ osinfo-db: - Update to database version 20220516 osinfo-db-20220516.tar.xz ++++ qemu: - Fix bsc#1198712, CVE-2022-26354 - Fix bsc#1198711, CVE-2022-26353 * Patches added: vhost-vsock-detach-the-virqueue-element-.patch virtio-net-fix-map-leaking-on-error-duri.patch - Fix bsc#1198037, CVE-2021-4207 - Fix bsc#1198035, CVE-2021-4206 * Patches added: display-qxl-render-fix-race-condition-in.patch ui-cursor-fix-integer-overflow-in-cursor.patch - Backport a GCC 12 aarch64 build fix (bsc#1199625) * Patches added: block-qdict-Fix-Werror-maybe-uninitializ.patch ++++ runc: - Backport to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ++++ systemd-presets-common-SUSE: - enable ignition-delete-config by default (bsc#1199524) ++++ virt-manager: - Change dependency on package xorriso to Requires from Recommends virt-manager.spec ------------------------------------------------------------------ ------------------ 2022-5-22 - May 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - commit 4a1b622 - Input: ili210x - fix reset timing (git-fixes). - commit 36d87dd ------------------------------------------------------------------ ------------------ 2022-5-21 - May 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - commit 11e974a - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - commit f88b8c8 ++++ libqrtr-glib: - Initial package version 1.2.2 ------------------------------------------------------------------ ------------------ 2022-5-20 - May 20 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691 cups: authentication bypass and code execution (bsc#1199474) ++++ kernel-default: - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - commit e1ca6b5 - bfq: Relax waker detection for shared queues (bsc#1184318). - commit 4c2bfe4 - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - Revert "can: m_can: pci: use custom bit timings for Elkhart Lake" (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - commit 96fd919 ++++ mozilla-nss: - Update nss-fips-constructor-self-tests.patch to scan LD_LIBRARY_PATH for external libraries to be checksummed. ------------------------------------------------------------------ ------------------ 2022-5-19 - May 19 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.4 (bsc#1199668) - Store the update server certs in the /etc path instead of /usr to accomodate read only setup of SLE-Micro ++++ cockpit-tukit: - Update to version 0.0.3~git6.03c747e: * Hide snapshot item extension part * Change help URL to official docs * Mention node_modules.sums in spec sources * Use compression for source archive ++++ gtk3: - Update to version 3.24.34: + Include legacy hicolor icons. + Fix the build with gcc 12. + X11: Trap errors when getting output properties. + Wayland: Ignore empty preedit updates. This fixes a problem with textview scrolling. + Updated translations. ++++ kernel-default: - kABI: Fix kABI after CVE-2022-0171 backport (bsc#1199509, CVE-2022-0171). - commit 62ff370 - KVM: SEV: add cache flush to solve SEV cache incoherency issues (CVE-2022-0171 bsc#1199509). - KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs (CVE-2022-0171 bsc#1199509). - KVM: SVM: Simplify and harden helper to flush SEV guest page(s) (CVE-2022-0171 bsc#1199509). - commit 156e44b - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - commit b348fc5 - ping: remove pr_err from ping_lookup (bsc#1195826). - commit bf5e056 - patches.suse/ping-fix-the-dif-and-sdif-check-in-ping_lookup.patch: (bsc#1195826). - commit e08cccf - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - commit 74e3031 - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - Refresh patches.suse/kvm-svm-allow-avic-support-on-system-w-physical-apic-id-255. - commit 697f911 - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: usb-audio: Don't get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - commit 36ccd50 ++++ logrotate: - Security fix: (bsc#1199652, CVE-2022-1348) * insecure permissions for state file creation * Added patch logrotate-CVE-2022-1348.patch * Added patch logrotate-CVE-2022-1348-follow-up.patch ++++ salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Added: * make-sure-saltcacheloader-use-correct-fileclient-519.patch ------------------------------------------------------------------ ------------------ 2022-5-18 - May 18 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch * The wrapper rootsh is not a restricted shell (bsc#1199492) ++++ ignition: - Update to version 2.14.0: * NEWS: update v2.14.0 * docs/operator-notes: add section on provisioning secrets * Dockerfile.validate: build with Fedora 36 * internal/resource: fix gs:// fetches in GCE without a service account * docs/operator-notes: document supported S3 URL formats * internal/resource: fix S3 access point object ARNs * exec/util: fix infinite loop in Depth() if -root is relative * Add ignition-delete-config.service and ignition-rmcfg symlink * providers/virtualbox: support deleting Ignition configs * providers/virtualbox: add comment referencing VirtualBox source * providers/virtualbox: add define for GUEST_PROP_FN_GET_PROP * providers/virtualbox: add helper to set up hypervisor connection * providers/vmware: support deleting Ignition configs * main: add ignition-rmcfg multicall binary * go.mod: add github.com/beevik/etree * providers/vmware: switch to internal copy of OVF parser * internal/resource: fix bucket field in error message * internal/resource: derive AWS region hint from ARN partition field * internal/resource: simplify test * internal/resource: fix minor nits * provider/azure: try to fetch userdata from IMDS * providers/vmware: convert OVF tests to testify * providers/vmware: drop vmw-ovflib docs * providers/vmware: add verbatim copy of vmw-ovflib * providers/vmware: add constants for guestinfo and OVF property names * providers/virtualbox: fix reading properties with flags * internal/resource: support S3 access point URLs - Update fixes CVE from [bsc#1199524]; this introduces a new service "ignition-delete-config.service" - Add ignition-rmcfg-suse.conf dropin to adapt to SUSE environment - Use fixed paths in spec file for hardcoded installation paths ++++ kernel-default: - floppy: use a statically allocated error counter (bsc#1199063 CVE-2022-1652). - commit 4b74f1a - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - commit 014dc39 - firmware_loader: use kernel credentials when reading firmware (git-fixes). - fsl_lpuart: Don't enable interrupts too early (git-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - USB: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Fibocom L610 modem (git-fixes). - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - commit fe9e2eb - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - commit 5e2f529 - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - commit 4781c47 - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - commit dbf1a79 - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - commit 6ed0188 - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - commit 4978658 - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - commit adcbd88 - netfilter: conntrack: move synack init code to helper (bsc#1199035). - commit dbb9a48 - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - commit d568a79 - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - Refresh patches.suse/drm-amd-display-For-vblank_disable_immediate-check-P.patch. - commit 4d8e6ac - amd/display: set backlight only if required (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - commit 5048ab0 - Revert "PCI: aardvark: Rewrite IRQ code to chained IRQ handler" (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - commit 9dd5801 ++++ regionServiceClientConfigAzure: - Update to version 2.0.0 (bsc#1199668) + Move the certs to /usr from /var to accomodate ro filesystem of SLE-Micro + Fix source url in spec file ++++ regionServiceClientConfigEC2: - Update to version 4.0.0 (bsc#1199668) + Move cert location to usr form var to accomodate ro filesystem of SLE-Micro + Fix source location in spec file ++++ regionServiceClientConfigGCE: - Update to version 4.0.0 (bsc#1199668) + Move the cert location to /usr for compatibility with ro setup of SLE-Micro + Fix url in spec file to pint to the proper location of the source ------------------------------------------------------------------ ------------------ 2022-5-17 - May 17 2022 ------------------- ------------------------------------------------------------------ ++++ cifs-utils: - Update to version 6.15 * CVE-2022-27239: mount.cifs: fix length check for ip option parsing Previous check was true whatever the length of the input string was, leading to a buffer overflow in the subsequent strcpy call (bsc#1197216). * mount.cifs: fix verbose messages on option parsing (bsc#1198976, CVE-2022-29869) ++++ transactional-update: - Version 4.0.0~rc4 - Fix building with GCC 12 - Fix stack overflow with very long commands / ids [bsc#1196149] - Use separate mount namespace for chroot, allowing overwriting the bind mounts from the update environment - this could have lead to data loss of the bind mount previously - Fix C error and exception handling for snapshots ++++ kernel-default: - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - commit eb47ef3 - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - commit e8fad46 - blacklist.conf: Add c923a8e7edb0 ucounts: Move RLIMIT_NPROC handling after set_user - commit 142ab90 - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - Refresh patches.suse/sched-Fix-yet-more-sched_fork-races.patch. - commit 0267df3 - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - commit 592ff0f - blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop - commit 4c1d7db - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - commit bc001ee - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - commit 8324e83 - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - Refresh patches.suse/0003-kabi-Add-placeholders-to-a-couple-of-important-struc.patch. - commit bfc2f16 - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - commit 8d5da3b - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734 bsc#1199605). - commit cf1c6a1 - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - commit 07baf00 - nfs: fix broken handling of the softreval mount option (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - Revert "SUNRPC: Ensure gss-proxy connects on setup" (git-fixes). - commit ff62e52 - Add duplicated commit id for drm amdgpu patch - commit 5990a24 - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - Refresh patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch. - commit b92e1de ++++ wpa_supplicant: - Enable WPA3-Enterprise (SuiteB-192) support. ------------------------------------------------------------------ ------------------ 2022-5-16 - May 16 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.0: + Add support for route type "throw". + Fix bug setting priority for IP addresses. + Static IPv6 addresses from "ipv6.addresses" are now preferred over addresses from DHCPv6, which are preferred over addresses from autoconf. This affects IPv6 source address selection, if the rules from RFC 6724, section 5 don't give a exhaustive match. + Static IPv6 addresses from "ipv6.addresses" are now interpreted with first address being preferred. Their order got inverted. This is now consistent with IPv4. + Wi-Fi hotspots will use a (stable) random channel number unless one is chosen manually. + Don't use unsupported SAE/WPA3 mode for AP mode. + NetworkManager will no longer advertise frequencies as supported when they're disallowed in configured regulatory domain. + Attempt to connect to WEP-encrypted Wi-Fi network will now fail gracefully with a recent version of wpa_supplicant when built without WEP support. As long as wpa_supplicant supports WEP, NetworkManager will continue to work. + Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the NIC does not support PMF. This is known to cause problems in some setups. It is still possible to explicitly configure wifi.key-mgmt=sae for WPA3. + Add new dummy crypto backend "null" that does nothing. NetworkManager uses the crypto library when handling certificates for 802.1x profiles. + Veth devices with name "eth*" are now managed by default via the udev rule. This is to support managing the network in LXD containers. + The hostname received from DHCP is now shortened to the first dot (or to 64 characters, whatever comes first) if it's too long. + As the insecure WEP encryption for Wi-Fi network is phased out, nmcli now discourages its use when activating or modifying a profile. + Fix connectivity checks in case the check endpoint address resolves to multiple addresses. + Workaround libcurl blocking NetworkManager while resolving DNS names. + nmcli: indicate missing Wi-Fi hardware when showing rfkill setting. + nmcli: add connection migrate command to move a profile to a specified settings plugin. This allows to convert profiles in the deprecated ifcfg-rh format to keyfile. + Set "src" attribute for routes from DHCPv4 to the leased address. This helps with source address selection. + Various bugfixes and internal improvements. + Updated translations. - Recommend NetworkNanager-wifi from the main package: after the split, there is currently nothing pulling in NM-wifi. Preferably this would happen based on wifi chips prsence, but that is not yet done (boo#1199550). ++++ glibc: - selinux-deprecated.patch: Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718, BZ #28771) ++++ kernel-default: - blacklist.conf: prerequisites not met - commit 8a4463e - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - commit 32ee880 - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - commit 01f31f9 - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - commit 05db5c9 - Update patch reference for mmc fix (CVE-2022-20008 bsc#1199564). - commit 411e099 - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - commit e5b4705 - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - commit 2ceb3f5 - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tcpci: Don't skip cleanup in .remove() on error (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - Revert "drm/amd/pm: keep the BACO feature enabled for suspend" (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - commit d82c829 ++++ samba: - Revert NIS support removal; (bsc#1199247); ------------------------------------------------------------------ ------------------ 2022-5-13 - May 13 2022 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) ++++ kernel-default: - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - commit 13701d7 - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413). - commit 6dae5ac - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpftool: Remove useless #include to from map_perf_ring.c (git-fixes). - bpftool: Remove unused includes to (git-fixes). - tools: bpftool: Complete metrics list in "bpftool prog profile" doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, - B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - commit 4f4442f - Add patch reference to seccomp fix (CVE-2022-30594 bsc#1199505 bsc#1198413) Also shorten the patch file name to standard size - commit d6179dc - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - Refresh patches.suse/PCI-pci-bridge-emul-Correctly-set-PCIe-capabilities.patch. - commit 3d56076 - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Don't mask irq when mapping (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - commit a0fb1d1 - mac80211: Reset MBSSID parameters upon connection (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - batman-adv: Don't skb_split skbuffs with frag_list (git-fixes). - dim: initialize all struct fields (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: don't set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - commit 0517047 ++++ fribidi: - Add fribidi-CVE-2022-25308.patch: fix a stack overflow (boo#1196147 CVE-2022-25308). - Add fribidi-CVE-2022-25309.patch: protect against garbage in the CapRTL encoder (boo#1196148 CVE-2022-25309). - Add fribidi-CVE-2022-25310.patch: fix a SEGV in fribidi_remove_bidi_marks (boo#1196150 CVE-2022-25310). ++++ libyajl: - add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405) ++++ qemu: - Backport SeaBIOS patches for fixing bsc#1199018 * Patches added: pci-let-firmware-reserve-IO-for-pcie-pci.patch pci-reserve-resources-for-pcie-pci-bridg.patch ------------------------------------------------------------------ ------------------ 2022-5-12 - May 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - commit f9f5496 - Refresh patches.suse/0002-drm-vmwgfx-Remove-unused-compile-options.patch. Alt-commit - commit f3160fb - rxrpc: fix some null-ptr-deref bugs in server_key.c (CVE-2022-1671 bsc#1199439). - commit 8d79cf2 - Refresh patches.suse/drm-i915-ttm-ensure-we-unmap-when-purging.patch. Alt-commit - commit c56900a - virt: acrn: fix a memory leak in acrn_dev_ioctl() (CVE-2022-1651 bsc#1199433). - commit bca15e5 - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - commit bcb4116 - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - commit f04841f ++++ runc: - Add ExcludeArch for s390 (not s390x) since we've never supported it. ------------------------------------------------------------------ ------------------ 2022-5-11 - May 11 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.359: + Updated pci, usb and vendor ids. ++++ kernel-default: - io_uring: fix race between timeout flush and removal (bsc#1198811 CVE-2022-29582). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). Update patches.suse/io-wq-serialize-hash-clear-with-wakeup.patch (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). Update patches.suse/io-wq-fix-queue-stalling-race.patch patches.suse/io-wq-fix-race-between-adding-work-and-activating-a-.patch patches.suse/io-wq-fix-wakeup-race-when-adding-new-work.patch patches.suse/io-wq-serialize-hash-clear-with-wakeup.patch (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). Update patches.suse/io-wq-fix-race-between-adding-work-and-activating-a-.patch (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). Update patches.suse/io_uring-fix-race-between-poll-completion-and-cancel.patch (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). Update patches.suse/io_uring-allow-conditional-reschedule-for-intensive-.patch (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). Update patches.suse/io_uring-add-splice_fd_in-checks.patch (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: don't halt iopoll too early (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). Update patches.suse/io_uring-allow-retry-for-O_NONBLOCK-if-async-is-supp.patch (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - commit 9c1030b - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - commit 99a0106 - mlx5: kabi protect lag_mp (git-fixes). - commit 69118a5 - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Lag, Don't skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - ixgbe: ensure IPsec VF<->PF compatibility (git-fixes). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Don't remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - commit e0ed03e - Update patches.suse/NFSv4-nfs_atomic_open-can-race-when-looking-up-a-non.patch (bsc#1195612 CVE-2022-24448 git-fixes). - commit b03bb3a - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for "i2c: smbus: Use device_*() functions instead of of_*()" - commit d0b5048 - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - commit b5efaae - kABI: ivtv: restore caps member (git-fixes). - commit 8aa5382 - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - commit 4b98fe7 - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - commit 6ac6205 - blacklist.conf: cleanup designed to break kABI - commit ca96b43 - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - commit bdb5025 - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - Refresh patches.suse/media-davinci-vpif-fix-unbalanced-runtime-PM-enable.patch. - commit 05ac27d - media: videobuf2: Fix the size printk format (git-fixes). - commit c3df4b9 - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-firmware: - Update to version 20220509 (git commit b19cbdca78ab): * mediatek: Update mt8183 SCP firmware * ice: Update package to 1.3.28.0 * i915: Add DMC v2.06 for DG2 * rtl_bt: Update RTL8852A BT USB firmware to 0xDBB7_C1D9 * amdgpu: update psp_13_0_8 firmware * amdgpu: update gc_10_3_7_rlc firmware * amdgpu: update dcn_3_1_6_dmcub firmware * ath11k: QCA6390 hw2.0: update to WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1 * qcom: add firmware files for Adreno a420 & related generations * qcom: add firmware files for Adreno a330 * qcom: add firmware files for Adreno a220 * i915: Add GuC v70.1.2 for DG2 * rtw89: 8852c: add new firmware v0.27.20.0 for RTL8852C * Mellanox: Add lc_ini_bundle for xx.2010.1006 * Mellanox: xx.2010.1502: Distribute non-xz-compressed lc_ini_bundle * ath10k: QCA9984 hw1.0: update board-2.bin * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1 * ath10k: QCA4019 hw1.0: update board-2.bin * ath10k: QCA99X0 hw2.0: add board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.7 * ath11k: WCN6750 hw1.0: add to WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 * ath11k: WCN6750 hw1.0: add board-2.bin * ath11k: QCN9074 hw1.0: add to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: QCN9074 hw1.0: add board-2.bin * ath11k: QCA6390 hw2.0: update board-2.bin * ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ8074 hw2.0: update board-2.bin * ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ6018 hw1.0: update board-2.bin * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1502 * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * mediatek: Add mt8195 SCP firmware * qcom: apq8096: add modem firmware * qcom: apq8096: add aDSP firmware * rtl_bt: Add firmware and config files for RTL8852C * i915: Add GuC v70.1.1 for all platforms - Update aliases ++++ multipath-tools: - Update to version 0.8.9+90+suse.71a70fb: * support overriding -D_FORTIFY_SOURCE in OPTFLAGS * add -U_FORTIFY_SOURCE to optflags to avoid compilation errors on old distros ++++ mozilla-nss: - Run test suite at build time, and make it pass (bsc#1198486). Based on work by Marcus Meissner. - Add nss-fips-tests-skip.patch to skip algorithms that are hard disabled in FIPS mode. - Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired PayPalEE cert from failing the tests. - Add nss-fips-tests-enable-fips.patch, which enables FIPS during test certificate creation and disables the library checksum validation during same. - Update nss-fips-constructor-self-tests.patch to allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. ++++ pcre: - Added pcre-8.45-bsc1199232-unicode-property-matching.patch * bsc#1199232 * CVE-2022-1586 * Fixes unicode property matching issue ++++ runc: - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-29162 bsc#1199460 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. bsc#1199460 * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. ++++ samba: - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); ------------------------------------------------------------------ ------------------ 2022-5-10 - May 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: Update with patches added to perf userspace package - commit 53e42ae - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Don't pass task around when ctx sched in (git-fixes). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - riscv: Fix fill_callchain return value (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Fix cgroup event list management (git fixes). - commit b000f7c - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - commit 7cc0f4f - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - commit c9b5d42 - rfkill: make new event layout opt-in (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - commit d7f018a - kABI workaround for pci quirks (git-fixes). - commit 0375f50 - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - commit 46181b6 - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - commit e981ed9 - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - commit 79ac66a - sched/core: Fix forceidle balancing (git-fixes) - commit f2b329d - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - commit a094ea3 - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - commit 82932b7 - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - commit e583c29 - sched/core: Export pelt_thermal_tp (git-fixes) - commit 74c8b44 - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - commit fbf6ec4 - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - commit c72ea8a - psi: fix "defined but not used" warnings when (git-fixes) - commit 0e31231 - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - commit 8f64d02 - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - commit 778665f - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - commit 898fead - cputime, cpuacct: Include guest time in user time in (git-fixes) - commit 713d40a - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - commit 8d26b54 - sched/core: Mitigate race (git-fixes) - commit 8899862 - genirq: Synchronize interrupt thread startup (git-fixes) - commit ac80f16 - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - commit a7563af - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - Refresh patches.suse/PCI-Add-MSI-masking-quirk-for-Nvidia-ION-AHCI.patch. - commit 972d035 - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - commit 51fb8ef - timers: Fix warning condition in __run_timers() (git-fixes) - commit 9c2fbb7 - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - commit 8e2b11d - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - commit 22aa9c2 - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - USB: quirks: add STRING quirk for VCOM device (git-fixes). - USB: quirks: add a Realtek card reader (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - commit fd76029 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ multipath-tools: - Update to version 0.8.9+87+suse.a1eb122: * add ability to autodetect support for -D_FORTIFY_SOURCE=3 ++++ libarchive: - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init (CVE-2022-26280, bsc#1197634) * fix-CVE-2022-26280.patch ++++ libtirpc: - fix memory leak in params.r_addr assignement (bsc#1198752) - add 0001-fix-parms.r_addr-memory-leak.patch ------------------------------------------------------------------ ------------------ 2022-5-9 - May 9 2022 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) * feature-upstream-new-check-config-1.patch * feature-upstream-new-check-config-2.patch ++++ gnutls: - FIPS: Make sure zeroization is performed in all API functions * Add gnutls-zeroization-API-functions.patch [bsc#1191021] * Upsream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1573 - FIPS: Add missing requirements for the SLI [bsc#1190698] * Remove 3DES from FIPS approved algorithms: - gnutls-Remove-3DES-from-FIPS-approved-algos.patch - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1570 * DRBG service (gnutls_rnd) should be considered approved: - gnutls-Add-missing-FIPS-service-indicator-transitions.patch - gnutls-Add-missing-FIPS-service-indicator-transitions-tests.patch - gnutls-pkcs12-tighten-algorithm-checks-under-FIPS.patch - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569 ++++ open-iscsi: - Update to latest upstream, including: * Added 'distclean' to Makefile targets * Ensure Makefile '.PHONY' targets set up correctly * fix an iscsid logout bug generating a false error and cleanup logout error messages ++++ kernel-default: - usb: phy: generic: Get the vbus supply (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: core: Don't hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - commit d2780c0 - smsc911x: allow using IRQ0 (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - commit 41345c7 - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - commit 9d4b763 - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - commit fe2e8be - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - commit a6c239d - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - commit 50f4170 - drm/msm/dp: remove fail safe mode related code (git-fixes). - patches.suse/cpufreq-fix-memory-leak-in-sun50i_cpufreq_nvmem_prob.patch: (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - commit b82dad2 - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - commit 83b9c18 - ASoC: soc-ops: fix error handling (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - Revert "ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40" (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ARM: dts: socfpga: change qspi to "intel,socfpga-qspi" (git-fixes). - commit 3579a34 - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - commit 7688043 - series.conf: cleanup - Move submitted patch to "sorted" section patches.suse/0001-SUNRPC-change-locking-for-xs_swap_enable-disable.patch - commit 56d34ef - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - commit 8fc1419 - Revert "SUNRPC: attempt AF_LOCAL connect on setup" (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - NFSv4: Don't invalidate inode attributes on delegation return (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - commit 98bffb1 ++++ multipath-tools: - Update to version 0.8.9+85+suse.a9da21c: * This is a pre-release of multipath-tools 0.9.0 * multipath.conf: add "protocol" subsection in "overrides" section This allows to set "dev_loss_tmo", "fast_io_fail_tmo", and "eh_deadline" on a per-protocol basis rather than per storage * multipath.conf: drop support for deprecated options: getuid_callout, pg_timeout, config_dir, multipath_dir * multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570) * multipathd: avoid delays during uevent processing (bsc#1199347) * Fixes for minor issues reported by coverity * Fix for memory leak with uid_attrs * Fix possibility to redefine -D_FORTIFY_SOURCE macro. * Updates for built in hardware db ++++ udisks2: - CVE-2021-3802: fix insecure defaults in user-accessible mount helpers (bsc#1190606) + add 0001-mount-options-Always-use-errors-remount-ro-for-ext-f.patch ------------------------------------------------------------------ ------------------ 2022-5-8 - May 8 2022 ------------------- ------------------------------------------------------------------ ++++ sqlite3: - update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release - includes changes from 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key ------------------------------------------------------------------ ------------------ 2022-5-6 - May 6 2022 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Updated to latest upstream version, tagged 2.1.7. Changes included: * updated/fixed test script * updated build system * several bug fixes, including one for bsc#1199264 ++++ kernel-default: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - commit da8812a - drm/connector: Fix typo in output format (bsc#1190786) - commit b29d4f3 - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - commit 5d4e32c ++++ openldap2: - bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql * 0242-ITS-9815-slapd-sql-escape-filter-values.patch ++++ tiff: - security update * CVE-2022-0561 [bsc#1195964] + tiff-CVE-2022-0561.patch * CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch * CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch * CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch * CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch * CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch - security update * CVE-2022-1056 [bsc#1197631] * CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch ++++ yast2: - Avoid build failures when packager is not available (related to bsc#1196674) - 4.4.50 ------------------------------------------------------------------ ------------------ 2022-5-5 - May 5 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Securiy fix: [bsc#1199223, CVE-2022-27781] * CERTINFO never-ending busy-loop * Add curl-CVE-2022-27781.patch - Securiy fix: [bsc#1199224, CVE-2022-27782] * TLS and SSH connection too eager reuse * Add curl-CVE-2022-27782.patch ++++ gzip: - Add support to zstd in zgrep, fixes bsc#1198922 * xz_lzma.patch -> xz_lzma_zstd.patch ++++ kernel-default: - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - commit 4d2a151 - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - blacklist.conf: Append 'drm/vmwgfx: Remove the dedicated memory accounting' - commit a8ed0eb - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - commit 43899b4 - drm/amdkfd: Fix GWS queue count (bsc#1190786) - commit 1accf3c - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - commit 07b3f3d - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - commit f637f05 - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - commit bd1333e - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - commit 9bc8018 - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - commit 48859f6 - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - commit 69a0208 - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - commit 50f9562 - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - commit b91046a - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - commit 141dc64 - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ pcre2: - do not enable jit-sealloc [bsc#1182864] [bsc#1199208] - enable jit for s390x [bsc#1199196] ++++ libqmi: - Update to 1.30.6 * meson: fix 'export_packages' in GIR setup. * net-port-manager: use unaligned netlink attribute length. - Drop the unneeded rpmlintrc file ++++ mokutil: - Add the following patches against bsc#1198458 mokutil-enable-setting-fallback-verbosity-and-norebo.patch mokutil-SBAT-revocation-update-support.patch ------------------------------------------------------------------ ------------------ 2022-5-4 - May 4 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.271.g70f710e4: * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) * fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) * fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) * fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) * fix(bluetooth): make hostonly configuration files optional (bsc#1195047) ++++ kdump: - kdumptool calibrate: add more margin to reservation calculations (bsc#1196728) - remount target filesystem r/w for fadump (bsc1197125) - stop reloading FADump on CPU hot-add event (jsc#IBM-768) - mkdumprd: add option to run dracut in debug mode ++++ kernel-default: - ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061). - ixgbe: add improvement for MDD response functionality (bsc#1196426 CVE-2021-33061). - ixgbe: add the ability for the PF to disable VF link state (bsc#1196426 CVE-2021-33061). - ixgbevf: Rename MSGTYPE to SUCCESS and FAILURE (bsc#1196426 CVE-2021-33061). - commit 2fd39fc - objtool: Fix code relocs vs weak symbols (git-fixes). - commit 81c18f2 - objtool: Fix type of reloc::addend (git-fixes). - commit 5275283 - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - commit 5ffcf97 - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - commit a2d2d45 - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - commit a8720fd - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - commit 3e3920e - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - commit 0cca427 - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - commit b2af869 - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - commit 246426c - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - commit 31f1720 - blacklist.conf: misattributed - commit 756ddb2 - blacklist.conf: misattributed - commit be08eef ++++ salt: - Fixes for Python 3.10 - Added: * fixes-for-python-3.10-502.patch ------------------------------------------------------------------ ------------------ 2022-5-3 - May 3 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.0.0~rc3 - Add Snapshot interface - Reworked signal handling: All public signals are sent from the main thread now, keeping the same sender for everything - Implement D-Bus call "Execute" for Transactions - Implement interface for listing Snapshots - Implement Reboot interface - Fix bug when using --continue on old snapshots - Fix hypothetical integer overflow in snapshot list [bsc#1196826] - Fix wrong sort order in status command [gh#openSUSE/transactional-update#80] ++++ kernel-default: - maple: fix wrong return value of maple_bus_init() (git-fixes). - commit d0d35dc - blacklist.conf: build fix selecting option we also switch on anyway - commit 6f69579 - staging: most: dim2: use device release method (git-fixes). - commit d4c20d1 - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - commit 1ea304e - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - commit 969c772 - blacklist.conf: kABI - commit 8e45e34 - blacklist.conf: kABI - commit 5d5e0d0 - blacklist.conf: sysfs API changed - commit c5b9546 - staging: vc04_services: shut up out-of-range warning (git-fixes). - commit 9d74580 - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - commit 7bbf632 - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - commit 08ac3f2 - staging: vchiq: Refactor vchiq cdev code (git-fixes). - commit 9db9b52 - bnx2x: fix napi API usage sequence (bsc#1198217). - commit fc7abbc - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e - blacklist.conf: Append 'drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP' - commit b961f67 - blacklist.conf: Append 'drm/i915: Drop all references to DRM IRQ midlayer' - commit 3e918db - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - commit 6f2bdc4 - drm/vmwgfx: Remove unused compile options (bsc#1190786) - commit f42c964 ++++ Mesa: - _constraints: * raised requirements to 9 GB disk space and added aarch64 architecture (bsc#1199040) ++++ yast2: - Show what product is being installed (bsc#1196674) - 4.4.49 ------------------------------------------------------------------ ------------------ 2022-5-2 - May 2 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 ++++ kernel-default: - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - commit 46f9e01 - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - commit 7e012e8 - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - Revert "ibmvnic: Add ethtool private flag for driver-defined queue limits" (bsc#1121726 ltc#174633 git-fixes). - commit 31a517e - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - commit f661d38 - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - commit 43d19fc - USB: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - commit 15f3b27 - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - commit b6b3f56 - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - commit f643026 - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - commit f2e5e0c - Revert "fbcon: Disable accelerated scrolling" (bsc#1190786) - commit 4f27b8d ++++ nftables: - add 0001-cache-check-for-NULL-chain-in-cache_init.patch: this fixes rare crashes that could occur e.g. in firewalld (bsc#1197606). ++++ openssl-1_1: - FIPS: Added signature verification test to bsc1185319-FIPS-KAT-for-ECDSA.patch ++++ libxml2: - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build ++++ libxml2-python: - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build ------------------------------------------------------------------ ------------------ 2022-5-1 - May 1 2022 ------------------- ------------------------------------------------------------------ ++++ ovmf: - Respin amd-sev and amd-sev-es features After more testing, we found that not all descriptors can support both amd-sev with amd-sev-es. So we removed all amd-sev and amd-sev-es feature tags but only keep them in ovmf-x86_64-2m.json and 60-ovmf-x86_64.json. (bsc#1198246#c75) ------------------------------------------------------------------ ------------------ 2022-4-29 - Apr 29 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ++++ cockpit-tukit: - Initial package with version 0.0.3~git0.d4aa7e9: * Switch to ExecuteAndReboot * Add no-reboot actions to snapshot menus * Add some "write" actions * Disable actions during updates checking * Add updates error to status * Add _service file comment * Add OBS service definition * Fix license and files in spec * Switch cockpit-devel lib to last stable * Add missing global variables ++++ curl: - Security fix: [bsc#1198608, CVE-2022-27774] * Credential leak on redirect * Add curl-CVE-2022-27774-2.patch + openssl: don't leak the SRP credentials in redirects either + this is a follow up patch after the initial patch. ++++ docker: - Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191. bsc#1193930 bsc#1197284 * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++ e2fsprogs: - libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add sanity check to extent manipulation (bsc#1198446 CVE-2022-1304) ++++ kernel-default: - Update patches.suse/net-x25-Fix-null-ptr-deref-caused-by-x25_disconnect.patch references (add CVE-2022-1516 bsc#1199012). - commit defb183 - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - commit 7175383 - Update config files (bsc#1199024). arm LIBNVDIMM y->m ppc64le ND_BLK ->m - commit 8d0e602 ++++ libapparmor: - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ++++ systemd: - Call pam_loginuid when creating user@.service (bsc#1198507) It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d. ++++ liburing2: - avoid requiring kernel-default (bsc#1193522) ++++ samba: - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); ------------------------------------------------------------------ ------------------ 2022-4-28 - Apr 28 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.252.g4988b0bf: * fix(resume): do not add this module if there is no suitable swap (bsc#1198095) * feat(resume): improve sanity check by verifying volatile swap (bsc#1198095) * feat(resume): sanity check (bsc#1197192) ++++ kernel-default: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a - Restore kabi after Revert "NFSv4: Handle the special Linux file open access mode" (git-fixes). - commit d756a21 - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - Revert "NFSv4: Handle the special Linux file open access mode" (git-fixes). - commit 84eb02f - Refresh patches.suse/nfsd-Fix-a-write-performance-regression.patch. Add correct git-commit - commit cd70e53 ++++ sqlite3: - update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. ------------------------------------------------------------------ ------------------ 2022-4-27 - Apr 27 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). ++++ kernel-default: - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - commit 7a0d7a4 - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - commit 3134a62 - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit de1e36e - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - commit e3d62d0 - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: libsas: Don't always drain event workqueue for HA resume (bsc#1198802). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 8be5c1e ++++ libapparmor: - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#139 - fix sysconfig parsing (bsc#1198828) - 0.939 ++++ samba: - Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour "old password allowed period"; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); ------------------------------------------------------------------ ------------------ 2022-4-26 - Apr 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: cleanup only - commit 41987a6 ++++ permissions: - Update to version 20201225: * backport of apptainer whitelisting (bsc#1196145, bsc#1198720) ------------------------------------------------------------------ ------------------ 2022-4-25 - Apr 25 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - Add s390-add-z16-name.diff for bsc#1198751. ++++ kernel-default: - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - commit 364f54b - Update patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch (bsc#1196018 CVE-2022-28748). added CVE number - commit 8cafecb - random: check for signal_pending() outside of need_resched() check (git-fixes). - Refresh patches.suse/0001-char-random-wire-up-userspace-interface-to-SP800-90B.patch. - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - commit 50fb6ca ++++ libslirp: - Fix a dhcp regression [bsc#1198773] +libslirp-fix-dhcp-1.patch +libslirp-fix-dhcp-2.patch ++++ python-contextvars: - Add the package to SUSE Linux Enterprise 15 (jsc#SLE-24404) ++++ python-immutables: - Add the package to SUSE Linux Enterprise 15 (jsc#SLE-24404) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#588 - support leap port of armv7hl (bsc#1198302) - 16.57.20 ++++ yast2-trans: - Update to version 84.87.20220422.7945491fb3: * Translated using Weblate (Russian) * Translated using Weblate (Korean) * New POT for text domain 'storage'. * Translated using Weblate (Russian) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2022-4-24 - Apr 24 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - commit f70a9a5 ------------------------------------------------------------------ ------------------ 2022-4-23 - Apr 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - commit 52b6651 - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - commit df91c32 - arm64: mm: fix p?d_leaf() (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - commit 9d80194 ------------------------------------------------------------------ ------------------ 2022-4-22 - Apr 22 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-podman: - Remove translate-toolkit which is not available in SLE ++++ curl: - Security fix: [bsc#1198766, CVE-2022-27776] * Auth/cookie leak on redirect * Add curl-CVE-2022-27776.patch - Security fix: [bsc#1198723, CVE-2022-27775] * Bad local IPv6 connection reuse * Add curl-CVE-2022-27775.patch - Security fix: [bsc#1198608, CVE-2022-27774] * Credential leak on redirect * Add curl-CVE-2022-27774.patch * Disable test 1568, which is broken by upstream patch. - Add curl-CVE-2022-27774-disabletest-1568.patch - Security fix: [bsc#1198614, CVE-2022-22576] * OAUTH2 bearer bypass in connection re-use * Add curl-CVE-2022-22576.patch ++++ kernel-default: - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016 bsc#1197227). - commit f4b3822 - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - commit a6e141d - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - commit 4ca374b - net: netvsc: remove break after return (git-fixes). - commit 60b2404 - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - commit 8963c13 - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - commit 56f520a - net: mana: Reuse XDP dropped page (bsc#1195651). - commit 5137284 - net: mana: Add counter for XDP_TX (bsc#1195651). - commit 6a2ff8f - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - commit 25e80a8 - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - commit abeccbd - hv_balloon: rate-limit "Unhandled message" warning (git-fixes). - commit f0e08f0 - drivers: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - commit 136ee4c - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - commit 6b202b9 - Drivers: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - commit 30aeb52 - Drivers: hv: Rename 'alloced' to 'allocated' (git-fixes). - commit 566f23a - Drivers: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - commit 92b3ee9 - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#927455 bsc#1198585). - commit 4b86303 - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - commit 194abd1 ++++ libtirpc: - check for nullpointer in check_address (bsc#1198176) update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch ++++ openssh: - Add openssh-do-not-send-empty-message.patch: Prevent empty messages from being sent. This avoids a superfluous new line (bsc#1192439). ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#590 - use parse-zdev.sh from s390-tools for device activation (bsc#1198326) - 16.57.19 ------------------------------------------------------------------ ------------------ 2022-4-21 - Apr 21 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix Power10 LPAR error "The partition fails to activate as partition went into invalid state" (bsc#1198714) * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch ++++ branding-openSUSE: - Skip *.tr files in /etc/bootsplash/themes/openSUSE/bootloader ++++ kernel-default: - Revert "iavf: Fix deadlock occurrence during resetting VF interface" (jsc#SLE-18385). - veth: Ensure eth header is in skb's linear part (git-fixes). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - qede: confirm skb is allocated before using (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - ice: Clear default forwarding VSI during VSI release (git-fixes). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - net: sfc: add missing xdp queue reinitialization (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - Revert "RDMA/core: Fix ib_qp_usecnt_dec() called when error" (jsc#SLE-19249). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - commit f0e50a2 - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - commit 5a9f922 - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - commit 7969c20 - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amd/display: don't ignore alpha property on pre-multiplied mode (git-fixes). - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - commit e33589b ++++ gcc11: - Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] ++++ openssl-1_1: - FIPS: add bsc1185319-FIPS-KAT-for-ECDSA.patch * Known answer test for ECDSA * bsc#1185319 - FIPS: add bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch * Enable tests for Deterministic Random Bit Generator * bsc#1198207 - Bypass a regression test that fails in FIPS mode. * [openssl-1_1-shortcut-test_afalg_aes_cbc.patch] ++++ suse-build-key: - still ship the old ptf key (was not added to documentation by mistake). (bsc#1198504) ------------------------------------------------------------------ ------------------ 2022-4-20 - Apr 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bfq: Do not let waker requests skip proper accounting (bsc#1184318). Refresh: patches.suse/bfq-Drop-pointless-unlock-lock-pair.patch patches.suse/bfq-Remove-pointless-bfq_init_rq-calls.patch - commit 4b6502a - Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch (bsc#1065729 bsc#1198660 ltc#197803). - commit 5963e52 - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - commit aa5ea63 - Move upstreamed scsi lpfc patches into sorted section - commit 115220a ++++ gcc11: - Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635 * includes gcc11-pr104931.patch * includes fix for Firefox ICE [gcc#105256] ++++ raspberrypi-firmware-dt: - Switch back to platform driver until upstream gain support for VEC clock in clk-raspberrypi driver. Add following patch to fix immediate issue described in bsc#1198061. Revert-dt-Move-VEC-clock-to-clk-raspberrypi.patch ------------------------------------------------------------------ ------------------ 2022-4-19 - Apr 19 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.358 (bsc#1196332): + Updated pci, usb and vendor ids. ++++ kernel-default: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - commit 15c93ee - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - commit e524b28 - Refresh patches.suse/drm-amd-Check-if-ASPM-is-enabled-from-PCIe-subsystem.patch. Alt-commit - commit 624f694 - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - commit fe97565 - Refresh patches.suse/drm-amd-pm-correct-the-sequence-of-sending-gpu-reset.patch. Alt-commit - commit b60107a - Refresh patches.suse/drm-amd-pm-fix-hwmon-node-of-power1_label-create-iss.patch. Alt-commit - commit b1b4026 - Refresh patches.suse/drm-amd-avoid-suspend-on-dGPUs-w-s2idle-support-when.patch. Alt-commit - commit 37b6b68 - Refresh patches.suse/drm-amd-display-dc-calcs-dce_calcs-Fix-a-memleak-in-.patch. Alt-commit - commit 47a3604 - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - commit 7e940eb - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - commit 2931008 - drm/amdkfd: remove unused function (git-fixes). - commit dc0eb04 - Refresh patches.suse/drm-amd-display-Set-optimize_pwr_state-for-DCN31.patch. Alt-commit - commit 8cb9616 - Refresh patches.suse/drm-amd-display-Send-s0i2_rdy-in-stream_count-0-opti.patch. Alt-commit - commit fba46ba - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - commit b76c062 - Refresh patches.suse/drm-amd-display-Set-exit_optimized_pwr_state-for-DCN.patch. Alt-commit - commit df22983 - Refresh patches.suse/drm-vc4-kms-Wait-for-the-commit-before-increasing-ou.patch. Alt-commit - commit 0448552 - Refresh patches.suse/drm-i915-fb-Fix-rounding-error-in-subsampled-plane-s.patch. Alt-commit - commit 7fc481a - Refresh patches.suse/drm-i915-hdmi-Turn-DP-TMDS-output-buffers-back-on-in.patch. Alt-commit - commit 2f0d2ce - Update patches.suse/RDMA-rtrs-clt-Fix-possible-double-free-in-error-case.patch (bsc#1198515 CVE-2022-29156). Added CVE reference. - commit 97b74da - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - commit 42f88a5 ++++ libglvnd: - provide/obsolete Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 packages (bsc#1196576) ++++ ceph: - Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export ++++ systemd: - Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b 6256b14446 test: adapt install_pam() for openSUSE 3ea5b7e295 test: add test checking tmpfiles conf file precedence e63e641ee8 test tmpfiles: add a test for 'w+' b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails - Move coredumpctl completion files into systemd-coredump sub-package. ++++ qemu: - enable aio=io_uring on all kvm architectures (bsc#1197699) ++++ yast2-trans: - Update to version 84.87.20220419.0c85b52778: * New POT for text domain 'migration_sle'. * New POT for text domain 'hana-update'. * New POT for text domain 'firstboot'. * New POT for text domain 'control'. * New POT for text domain 'cc-control'. * Fixed control.xml translations * Fixed control.xml translations * Fixed control.xml translations * Translated using Weblate (Finnish) ------------------------------------------------------------------ ------------------ 2022-4-18 - Apr 18 2022 ------------------- ------------------------------------------------------------------ ++++ yast2-trans: - Update to version 84.87.20220415.000649bca9: * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Russian) * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Translated using Weblate (Slovak) * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Fixed translations * Fixed translations * Fixed messages extracted from XML files * Fixed firstboot translations * New POT for text domain 'iscsi-client'. * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'firstboot'. ------------------------------------------------------------------ ------------------ 2022-4-16 - Apr 16 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) ++++ libapparmor: - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) ------------------------------------------------------------------ ------------------ 2022-4-15 - Apr 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - commit 1c4d1b6 - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - net: mdio: don't defer probe forever if PHY IRQ provider is missing (git-fixes). - commit 5f385f4 - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - commit 7a30bc1 - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - commit 001f843 - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - commit e05cfa3 ------------------------------------------------------------------ ------------------ 2022-4-14 - Apr 14 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Modify NetworkManager.spec: Split into a few small subpackages (bsc#1198128). ++++ cloud-regionsrv-client: - Update to version 10.0.3 (bsc#1198389) - Descend into the extension tree even if top level module is recommended - Cache license state for AHB support to detect type switch - Properly clean suse.com credentials when switching from SCC to update infrastructure - New log message to indicate base product registration success ++++ containerd: - Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517 ++++ docker: - Update to Docker 20.10.14-ce. See upstream changelog online at . bsc#1197517 CVE-2022-24769 ++++ jeos-firstboot: - Update to version 1.2.0: * Make use of SPDX identifiers * Read dialog output into a variable directly * Drop broken error handling for dialog * Fix dialog asking about wicked network reconfiguration * Start nmtui in jeos-firstboot if no active connection could be detected * Load network modules dynamically * Only list applicable modules in jeos-config * Convert network configuration to a module * Fix size of the "No root password set" dialog ++++ kernel-default: - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - init/main.c: return 1 from handled __setup() functions (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - commit c050331 - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Don't take process mutex for svm ioctls (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - cfg80211: don't add non transmitted BSS to 6GHz scanned channels (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - commit b3a4420 ++++ multipath-tools: - Update to version 0.8.9+42+suse.45974f11: * Logging improvements * Fix busy loop with delayed_reconfigure (bsc#1199342) * multipathd: use remove_map_callback for delayed reconfigure * multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345) * Fix handling of path addition in read-only arrays on NVMe * Updates of built-in hardware database - Update to upstream 0.8.9 * libmultipath: only warn once about unsupported dev_loss_tmo * Otherwise code-identical to 0.8.8+64 ++++ libgcrypt: - FIPS: extend the service indicator [bsc#1190700] * introduced a pk indicator function * adapted the approved and non approved ciphersuites * Add libgcrypt_indicators_changes.patch * Add libgcrypt-indicate-shake.patch ++++ openldap2: - bsc#1191157 - Correct version specification in ppolicy to allow submission to SP3 for TLS1.3 ------------------------------------------------------------------ ------------------ 2022-4-13 - Apr 13 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); ++++ hwinfo: - merge gh#openSUSE/hwinfo#112 - fix bug in determining serial console device name (bsc#1198043) - 21.81 ++++ kernel-default: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - hv_netvsc: Add check for kvmalloc_array (git-fixes). - commit cf67f52 - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - commit ee70023 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - commit 7eb114d - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 - media: rockchip/rga: do proper error checking in probe (git-fixes). - commit e57e042 ++++ kexec-tools: - kexec-tools-print-error-if-kexec_file_load-fails.patch: print error if kexec_file_load fails (bsc#1197176). ++++ libapparmor: - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); ++++ mozilla-nss: - Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This makes the PBKDF known answer test compliant with NIST SP800-132. ++++ libpsl: - fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4 - added patches https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56 + libpsl-fix-test-data.patch ++++ rust-keylime: - Update to version 0.1.0+git.1649449492.59856c2: * errors_handler: Add handler for 404 error * errors_handler: Add tests for error handlers * main: Add handler for actix request parsing errors * main: Add default handlers for each scope * main: Use actix middleware to log requests * common: Change status code type from u32 to u16 * common: Use trait ToString for status on JsonWrapper::error * quotes_handler: Add used measured boot path to warning message * common: Rename JsonWrapper::new as JsonWrapper::success * Generalize error JSON wrapping * main: Use scopes to organize API * Use JSON wrapper on error responses * quotes_handler: Simplify integrity quote structures * quotes_handler: Improve query parameters parsing * quotes_handler: Add missing log messages * keys_handler: Add API to verify derived key * keys_handler: Remove workaround for missing JSON Content-Type * keys_handler: Fix test for 256-bits keys * Use shared JSON wrapper for HTTP responses * ima: Avoid using unwrap() or panic!() * Apply changes suggested by cargo fmt and cargo clippy * ima: Read IMA measurement list begining at n-th entry. * ima: Get ima_ml_entry from HTTP request * version_handler: Introduce /version REST endpoint (#313) * main: Do not error if payload_script is not found * Remove revocation actions naming restriction * Revert API version to 2.0 * Set working directory via KEYLIME_DIR env variable ++++ suseconnect-ng: - Update to version 0.0.8~git0.16545bf: * Allow reloading CA certs pool (bsc#1195220) ++++ wicked: - version 0.6.69 - redfish: decode smbios and setup host interface Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) structure and expose it as wicked `firmware:redfish` configuration to setup a Host Network Interface (to the BMC) using the `Redfish over IP` protocol allowing access to the Redfish Service (via redfish-localhost in /etc/hosts) used to manage the computer system. Tech Preview (jsc#SLE-17762). - buffer: fix size_t length downcast to uint, add guards to init functions - wireless: fix to not expect colons in 64byte long wpa-psk hex hash string - xml-schema: reference counting fix to not crash at exit on schema errors - compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl, remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: fix reading of sysctl addr_gen_mode to wrong variable - auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - removed obsolete patch included in the master sources (bsc#1194392) [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] ------------------------------------------------------------------ ------------------ 2022-4-12 - Apr 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch (bsc#1198400). - Update patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch (bsc#1198400). - commit bd2ea09 - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - commit 93194fb - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - commit 3ba588c - blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler - commit 8e485bf - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - commit fdeab39 - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - commit ade0b01 - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - commit f7beadf - Update patch references of drm fixes (CVE-2022-1280 bsc#1197914) - commit 3e03d02 - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 - nfsd: Replace use of rwsem with errseq_t (bsc#1196960). - commit b9035c0 - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - commit 5eae731 - vsprintf: Fix potential unaligned access (bsc#1198379). - commit 91a2f17 ++++ salt: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Added: * fix-regression-with-depending-client.ssh-on-psutil-b.patch * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch ------------------------------------------------------------------ ------------------ 2022-4-11 - Apr 11 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). ++++ audit-secondary: - Drop buildrequire on C++ compiler. - Modernize specfile constructs. ++++ kernel-default: - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - commit 7f08b1b - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: elx: efct: Don't use GFP_KERNEL under spin lock (git-fixes). - commit 1cd7361 - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - commit 53121f2 ++++ kernel-firmware: - Update to version 20220411 (git commit f219d616f42b): * mediatek: Add mt8192 SCP firmware * linux-firmware: Update AMD cpu microcode (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, bsc#1199459) * nvidia: add GA102/GA103/GA104/GA106/GA107 signed firmware * brcm: rename Rock960 NVRAM to AP6356S and link devices to it * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * amdgpu: update green sardine VCN firmware * amdgpu: update renoir VCN firmware * amdgpu: update navi14 VCN firmware * amdgpu: update navi12 VCN firmware * amdgpu: update navi10 VCN firmware * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * rtw88: 8821c: Update normal firmware to v24.11.00 * ice: Add wireless edge file for Intel E800 series driver * ice: update ice DDP comms package to 1.3.31.0 * amdgpu: update PSP 13.0.8 firmware * amdgpu: update GC 10.3.7 firmware * rtl_bt: Add firmware and config files for RTL8852B - Update aliases ++++ libapparmor: - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). ++++ audit: - Modernize specfile constructs. ++++ samba: - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); ++++ yast2-trans: - Update to version 84.87.20220410.9099c51b0c: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * New POT for text domain 'users'. * Translated using Weblate (Ukrainian) * Translated using Weblate (German) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'packager'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2022-4-10 - Apr 10 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ++++ kernel-default: - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - commit c8b4e90 - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - udmabuf: validate ubuf->pagecount (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - spi: Fix invalid sgs value (git-fixes). - commit 63be40f - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - commit 553891e - mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - commit c5b9dfd - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - commit ae662c1 - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - commit 5f7ed73 - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - LSM: general protection fault in legacy_parse_param (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - commit fda3c99 - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: don't use BACO for reset in S3 (git-fixes). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)" (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - commit 77645db - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - commit 3fa84f4 - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/simpledrm: Add "panel orientation" property on non-upright mounted LCD panels (git-fixes). - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - commit 8beb689 - Documentation: update stable tree link (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - commit 246144e - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13" (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - commit 2873a81 - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - commit 707bb46 - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag" (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - commit 402ae64 ++++ libapparmor: - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ------------------------------------------------------------------ ------------------ 2022-4-9 - Apr 9 2022 ------------------- ------------------------------------------------------------------ ++++ yaml-cpp: - Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20573, bsc#1121227) - Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20574, bsc#1121230) - Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2019-6285, bsc#1122004) - Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in yaml-cpp which cause DOS by stack consumption (CVE-2019-6292, bsc#1122021) - Added patch cve-2018-20574.patch ------------------------------------------------------------------ ------------------ 2022-4-8 - Apr 8 2022 ------------------- ------------------------------------------------------------------ ++++ ignition: - Use /bin/sh instead of /usr/bin/sh (for backwards compatibility with SLE Micro 5.1) [bsc#1196679] ++++ kernel-default: - livepatch: Don't block removal of patches that are safe to unload (bsc#1071995). - commit c6239c2 - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - commit 964a11d ++++ libnvme: - Update to version 1.0: * tree: Remove default port setting for TCP and RDMA ports * tree: add 'f_args' argument to pass user data to the filter function * tree: remove 'ctrl_get_ana_state()' * tree: add namespace path iterators * tree: filter out namespaces * tree: update nvme_scan_filter_t usage ++++ nvme-cli: - Update to version 2.0: * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243) * fabrics: Set KATO for discovery controller when connecting * fabrics: Do no modify default config for discovery controller * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858) * fabrics: Support connect even when no /etc/nvme/hostnqn file exists * nvme: update to nvme_scan_filter_t modifications (bsc#1195938) * plugins/intel: make 'buckets' a json array * plugins: Update WDC capabilities command with new commmands * plugins: Add OCP plugin ++++ release-notes-leap-micro: - Update to version 5.2.20220325: * Initial release of openSUSE Leap Micro 5.2 ------------------------------------------------------------------ ------------------ 2022-4-7 - Apr 7 2022 ------------------- ------------------------------------------------------------------ ++++ gzip: - Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062) * bsc1198062.patch * bsc1198062-2.patch ++++ kernel-default: - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (bsc#1197386 CVE-2022-0494). - commit b39e97b ++++ xz: - Fix ZDI-CAN-16587 Fix escaping of malicious filenames (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) * bsc1198062.patch ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#138 - grub2/install: reset error code when passing through recover code (bsc#1198197) - 0.938 ++++ python-M2Crypto: - Add missing bug references to this changelog. ++++ yast2-trans: - Update to version 84.87.20220406.6a9f225e0e: * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'autoinst'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Catalan) * Translated using Weblate (Vietnamese) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Catalan) * New POT for text domain 'network'. * New POT for text domain 'country'. ------------------------------------------------------------------ ------------------ 2022-4-6 - Apr 6 2022 ------------------- ------------------------------------------------------------------ ++++ augeas: - add augeas-sysctl_parsing.patch (bsc#1197443) * backport original patch and rebase ++++ open-iscsi: - Updated to latest upstream, including bug fixes and cleanups. Changes included: * add handling name/value pairs for firmware login (bsc#1196113), including man page update for same * Fix bug where some package parts were installed using DESTDIR twice * general build cleanup (in prep for removing DB files from /etc/iscsi some day soon) Also, now delivering a "package config" file for libopeniscsiusr. ++++ kernel-default: - Split kABI fixup into a separate patch: - block: Fix up kabi after blkcg merge fix (bsc#1198020). - Refresh patches.suse/block-don-t-merge-across-cgroup-boundaries-if-blkcg-.patch. - commit 8147dd9 - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - commit cc68d33 - xen: fix is_xen_pmu() (git-fixes). - commit bdd8f73 - Revert "xen-netback: Check for hotplug-status existence before watching" (git-fixes). - commit 419da4f - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" (git-fixes). - commit 76e6147 - xen/blkfront: fix comment for need_copy (git-fixes). - commit fa11d3f - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - commit 825429b - blacklist.conf: misattributed in upstream - commit ea7b484 - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - commit 9d44a68 - blacklist.conf: breaks kABI for minor benefit - commit f4b6164 - ray_cs: Check ioremap return value (git-fixes). - commit a31a159 - blacklist.conf: cleanup not a fix, still breaking kABI - commit 4c935c8 - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - commit 842f7c4 - blacklist.conf: kABI - commit aeb59e1 ++++ ldb: - Update to version 2.4.2 + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. ++++ yast2: - Show file conflict checking progress in delayed popup (bsc#1195608) PR: https://github.com/yast/yast-yast2/pull/1250 - 4.4.48 ------------------------------------------------------------------ ------------------ 2022-4-5 - Apr 5 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - SUSE_bsc_1189517.patch is https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79 which belongs to https://github.com/apple/cups/issues/5288 that fixes bsc#1189517 "cups printservice takes much longer than before with a big number of printers" see in particular https://github.com/apple/cups/issues/5288#issuecomment-921626381 - SUSE_bsc_1195115.patch is https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44 which belongs to https://github.com/apple/cups/issues/5538 that fixes bsc#1195115 "CUPS PreserveJobHistory doesn't work with seconds" ++++ dnsmasq: - bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch: Heap use after free in dhcp6_no_relay ++++ dracut: - Update to version 055+suse.248.g92d06110: * fix(resume): correct call to block_is_netdevice function (bsc#1197737) * chore(suse): remove fipscheck requirement (bsc#1198065) ++++ ignition: - ignition-mount-initrd-fstab.service: - Don't ignore errors in loops - Unmount mount points recursively - a new submount may have appeared - Split umount part into own service file: - ignition-umount-initrd-fstab.service: - Unmounts the additional mounts as soon as they are not required for Ignition any more; the ExecStop operation is running quite late in initrd and may unmount essential mount points flagged with "x-initrd.mount" (e.g. when storing /usr on a separate mount point). In theory this will also affect Ignition itself, but it hasn't been reported as a problem so far. ++++ kernel-default: - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - ice: don't allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - drivers: net: xgene: Fix regression in CRC stripping (git-fixes). - qed: display VF trust config (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: Correctly print AQ errors if completions aren't received (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Don't send reset commands if FW isn't running (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - commit 2f5db63 - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - commit 5766155 - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - commit 4e37660 - cifs: fix bad fids sent over wire (bsc#1197157). - commit b21504e - cifs: do not skip link targets when an I/O fails (bsc#1194625). - commit 7c93536 - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - commit 425221a - blacklist.conf: Blacklist edb0872f44ec - commit 7354a4a - blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460) - commit 484de8a - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (CVE-2022-0854 bsc#1196823). - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854 bsc#1196823). - commit a1cbe57 - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - commit 1b61a49 - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Fix "unsigned 'retval' is never less than zero" smatch warning (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - commit 90c1643 - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - commit 402bd87 - blacklist.conf: add unwanted commit - commit f1c213e - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (git-fixes). - NFS: Don't loop forever in nfs_do_recoalesce() (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error (git-fixes). - SUNRPC don't resend a task on an offlined transport (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - nfsd: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - commit cfe5259 ++++ libcbor: - do not build manual page for 15sp4, it does not succeed [bsc#1197743] - added sources + libcbor.1 ++++ systemd: - Import commit e62acb68de9bccfa272bef98fe5b38effc37528a b70267d883 journald: make use of CLAMP() in cache_space_refresh() 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut 05499d5a30 fs-util: fix typos in comments 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new() 4d07c034da fs-util: add openat_report_new() wrapper around openat() 258c04836d meson: build kernel-install man page when necessary 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093) 9145684460 build: include status of TPM2 in the feature string show by --version ++++ osinfo-db: - bsc#1197958 - request support for SLE15-SP4 in the osinfo database - Add support for SUSE linux Enterprise Micro 5.2 add-slem5.2-support.patch ------------------------------------------------------------------ ------------------ 2022-4-4 - Apr 4 2022 ------------------- ------------------------------------------------------------------ ++++ ignition: - Don't include non-MarkDown files in documentation ++++ kernel-default: - net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028). - commit d3ec4a7 - ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027). - ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205 bsc#1198027). - ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205 bsc#1198027). - ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205 bsc#1198027). - ax25: fix UAF bugs of net_device caused by rebinding operation (CVE-2022-1205 bsc#1198027). - ax25: fix reference count leaks of ax25_dev (CVE-2022-1205 bsc#1198027). - commit 72a596a - Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028) - commit 97843ec - ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199 bsc#1198028). - ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199 bsc#1198028). - commit e523403 - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (CVE-2022-1198 bsc#1198030). - commit bab29a1 - Update patch reference for hamradio fix (CVE-2022-1195 bsc#1198029) - commit 8321418 - hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195 bsc#1198029). - hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195 bsc#1198029). - commit 68521ee - Update patch references for can fixes (CVE-2022-28390 bsc#1198031 CVE-2022-28389 bsc#1198033 CVE-2022-28388 bsc#1198032) - commit 0fd0cef - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - commit ea99a8c - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - commit cad1621 - blacklist.conf: Blacklist 1241ebeca3f94 - commit 003ad35 - blacklist.conf: Blacklist dd21bfa425c0 - commit aec1aaa - blacklist.conf: Blacklist 538f4f022a46 - commit 8edaa91 - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - commit bdfee77 - mm, thp: lock filemap when truncating page cache (bsc#1198023). - commit 382907f - block: limit request dispatch loop duration (bsc#1198022). - commit b262164 - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - commit 0114530 - block: don't merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - commit 3495d8e - block: don't delete queue kobject before its children (bsc#1198019). - commit 0b8dd0c - block: update io_ticks when io hang (bsc#1197817). - commit f6e696b - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - commit f6b885a - blktrace: fix use after free for struct blk_trace (bsc#1198017). - commit 510769a - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - commit 6b88c11 - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - commit 801ee75 - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - commit 3406ce6 - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - commit 197d88f - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - commit f37b7e0 - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - commit 79eb6a9 - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - commit ad01732 - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - commit 512daa8 - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - commit 4e05a80 - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - commit e38d9fe - blacklist.conf: Blacklist 057178cf518e - commit 0fa088a - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - commit ea8f21b - block/mq-deadline: Improve request accounting further (bsc#1198009). - commit 2be2d53 - Add another git-commit tag: patches.suse/blk-cgroup-blk_cgroup_bio_start-should-use-irq-safe-.patch. - commit 7f19cc3 - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - commit 01ad534 - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - commit 4b5ab70 - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - commit 3cfa0bf - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - commit 0dab437 - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - commit 1ed0aec - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 - add mainline tags for three hyperv patches - commit 5355614 - proc: bootconfig: Add null pointer check (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: fix co-processor register typo (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - audit: improve audit queue handling when "audit=1" on cmdline (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - commit 0ded242 ++++ systemd: - spec: make sure /lib exists when installing conf files in /lib/modprobe.d ------------------------------------------------------------------ ------------------ 2022-4-3 - Apr 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - modpost: restore the warning message for missing symbol versions (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - commit 8440850 ------------------------------------------------------------------ ------------------ 2022-4-2 - Apr 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - commit 6188b50 - Move upstreamed input patch into sorted section - commit a3b7f82 - Move upstreamed ALSA fix into sorted section - commit 051af6b ------------------------------------------------------------------ ------------------ 2022-4-1 - Apr 1 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Install nfs dispatcher script in /usr/lib/NetworkManager, not /etc ++++ kernel-default: - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - commit 436dc43 - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - commit d461f04 - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - commit 035a406 - powerpc/64s: Don't use DSISR for SLB faults (bsc#1194869). - commit fc040c2 - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/perf: Don't use perf_hw_context for trace IMC PMU (bsc#1156395). - commit cb14232 - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - commit dbc61cd - fsnotify: Don't insert unmergeable events in hashtable (bsc#1197922). - commit 952689a - blacklist.conf: Blacklist dabe729dddca - commit c7ed171 - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - commit 47e73fb - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - commit 24b2386 - ext2: correct max file size computing (bsc#1197820). - commit 327f163 - ext4: avoid trim error on fs with small groups (bsc#1191271). - commit cf203a4 - blacklist.conf: Blacklist 81dedaf10c20 - commit 2c9c489 - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - commit 5035cbf - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - commit 524f075 - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - commit ceb1ef5 - fs: handle circular mappings correctly (bsc#1197918). - commit 4d59e0a - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - commit c36bf42 - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - commit 273281c - nfsd: Fix a write performance regression (bsc#1197016). - commit 3827cd1 - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - commit f007cc7 - printk: disable optimistic spin during panic (bsc#1197894). - commit 70af8b1 - printk: Add panic_in_progress helper (bsc#1197894). - commit cb51b3b - blacklist.conf: printk: cosmetic problem - commit 232518f - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - commit f47b241 - Revert "module, async: async_synchronize_full() on module init iff async is used" (bsc#1197888). - commit 8d797c5 - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - commit 49909d3 - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - commit 819b0ac - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - commit 18d8ff4 ++++ mozilla-nss: - Mozilla NSS 3.68.3 (bsc#1197903) This release improves the stability of NSS when used in a multi-threaded environment. In particular, it fixes memory safety violations that can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume that with enough effort these memory safety violations are exploitable. * Remove token member from NSSSlot struct (bmo#1756271). * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots (bmo#1755555). * Check return value of PK11Slot_GetNSSToken (bmo#1370866). ++++ gcc11: - Add provides/conflicts to glibc crosses since only one GCC version for the same target can be installed at the same time. - Add provides/conflicts to libgccjit. ++++ libnvme: - Update to version 1.0-rc8: * types: Add support for get log - MI Command Supported * types: Add new Identify constant * types: Update persistent event entry struct added new fields * types: Add Host Initiated Data Gen Number to telemetry log struct * tree: always allocate config file in nvme_read_config() * tree: rework nvme_scan_subsystem() * tree: make subsystem name mandatory in nvme_scan_ctrl() * tree: move nvme_init_subsystem() into nvme_lookup_subsystem() * tree: do not return error when filtering out subsystems * tree: add debugging messages during scanning * tree: Handle NULL subsysname in nvme_scan_ctrl() * tree: Fix subsystem initialization in nvme_scan_ctrl() * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace() * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL * tree: Clarify NULL return values from nvme_get_attr() * fabrics: Invoke nvmf_dim() with provided tas argument * fabrics: add 'nvmf_update_config()' * fabrics: Avoid out of bounds string chomping * fabrics: Free old traddr in nvmf_add_ctrl * fabrics: update log level for write failures * fabrics: Streamlining documentation * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry() * fabrics: Add missing break in a switch * ioctl: Remove attribute packed and alignedof for args structs * ioctl: Align arguments indentation with braces * json: fix endless loop scanning for controllers * Remove nvme_init_id_ns * Add lbstm support for create-ns * documentation updates ++++ nfs-utils: - Add 0023-cache.c-removed-a-couple-warning.patch Fix compilation with new glibc (SLE15-SP4) (bsc#1197788) ++++ nvme-cli: - Update to version 2.0-rc8: * fabrics: Add DIM command * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076) * fabrics: Free non-matching controller during discovery * fabrics: add 'nvme config' command * fabrics: Correctly stringify discovery.conf and config.json paths * nvme-print: Add human readable print for nsattr field * nvme-print: Update Persistent Event log fields * nvme-print: print discovery async event support * nvme-rpmb: Fix spelling for 'Partition' * nvme-copy: add missing field to the command * nvme: add get_mi_cmd_support_effects_log command * nvme: Fixup namespace filtering yet again * nvme: Use type bool for OPT_FLAG * nvme: use filter for 'list-subsys ' (bsc#1195938) * Add lbstm option to create-ns * argconfig: Do not use default value loading by getopt_long_only * argconfig: Rename CFG_NONE to CFG_FLAG * plugins: Use type bool for OPT_FLAG * documenation updates - Drop 'ProtectKernelTunables=true' (bsc#1197076) ++++ pam: - Do not include obsolete libselinux header files flask.h and av_permissions.h. [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch] ++++ permissions: - Update to version 20201225: * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649) ++++ python-evtx: - bsc#1197837 - FTBFS: python-evtx won't compile on SP4 python-evtx.spec ------------------------------------------------------------------ ------------------ 2022-3-31 - Mar 31 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-wicked: - Version 4.3: * Update a few dependencies to address security concerns (gh#134). * Fix wicked wireless configuration parser (bsc#1196528). ++++ kdump: - pull sources directly from git using obs_scm - fix bsc#1190299, bsc#1186272 - remove patches included in upstream git: kdump-calibrate-include-af_packet.patch, kdump-calibrate-fix-nic-naming.patch, kdump-calibrate.conf-depends-on-kdumptool.patch ++++ kernel-default: - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - commit d529509 - s390/kexec: fix return code handling (git-fixes). - commit 7207d12 - s390/setup: avoid reserving memory above identity mapping (git-fixes). - commit 22ee7f5 - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - commit 8cd02d8 - blacklist.conf: s390x fix not needed with CONFIG_VMAP_STACK=y - commit df05de4 - net: asix: add proper error handling of usb read errors (git-fixes). - commit cec1c41 - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - commit 08f1628 - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - commit ca4a34b - bpf: Add check_func_arg_reg_off function (git-fixes). - commit 5c52201 - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - commit 7654d6c ++++ ceph: - Update to v16.2.7-654-gd5a90ff46f0 + (bsc#1196733) remove build directory during %clean ++++ libvirt: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 ++++ perl: - Stabilize Socket::VERSION comparisons [bnc#1193489] new patch: perl-Stabilize-Socket-VERSION-comparisons.patch ++++ salt: - Fix salt-ssh opts poisoning (bsc#1197637) - Added: * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch - Fix multiple security issues (bsc#1197417) * Sign authentication replies to prevent MiTM (CVE-2022-22935) * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) * Prevent job and fileserver replays (CVE-2022-22936) * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) - Added: * fix-multiple-security-issues-bsc-1197417.patch ++++ qemu: - Support the SGX feature (bsc#1197807) * Patches added: doc-Add-the-SGX-numa-description.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch ------------------------------------------------------------------ ------------------ 2022-3-30 - Mar 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - commit 3817fbc - bpf, selftests: Add various ringbuf tests with invalid offset (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - commit 7e4daf8 - tracing: Have trace event string test handle zero length strings (git-fixes). - commit d722f48 - ext4: fix ext4_fc_stats trace point (git-fixes). - commit 76c15f8 - blacklist.conf: 2f293651eca3 ("livepatch: Fix build failure on 32 bits processors") 32bit (powerpc) live patching is not supported. - commit 9af010a - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - commit 36b1af6 - bpf, selftests: Add test case for atomic fetch on spilled pointer (git-fixes bsc#1193883 bsc#1194826 CVE-2022-0264). - commit 1e154c0 - selftests/bpf: Some more atomic tests (git-fixes bsc#1193883 bsc#1194826 CVE-2022-0264). - commit 0010236 - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - commit 6d1d264 - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - commit 3ebe846 ++++ libosinfo: - bsc#1197769 - FTBFS: libosinfo won't compile on SP4 libosinfo.spec ++++ ceph: - Update to v16.2.7-652-gf5dc462fdb5 + (bsc#1194875) [SES7P] include/buffer: include ++++ virt-manager: - bsc#1196806 - [jsc#SLE-18834][virt-install] ERROR SEV launch security requires a Q35 UEFI machine (epic: jsc#SLE-18732) virtman-add-sev-memory-support.patch - Add firmware features to description tooltip when mouse hovers over the selected firmware file. virtman-add-tooltip-to-firmware.patch ------------------------------------------------------------------ ------------------ 2022-3-29 - Mar 29 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) ++++ python-kiwi: - Bump version: 9.24.16 → 9.24.17 This version includes fixes for: * Fix booting GRUB submenu entries with hybrid images (linux/linuxefi) Variables assigned with "set" are not visible in submenus for some reason. Export $linux and $initrd, so that they also work in submenu entries. Fixes bsc#1192523 ++++ kernel-default: - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - commit 60d6aa2 - Revert "rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926)" This reverts commit beb790e1e013350f13ede349c015d8149c603787. - commit 122bc9d - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - commit d34af8f - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - commit 851556a - xfs: drop async cache flushes from CIL commits (bsc#1195669). - commit ed76e3d - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - commit ce609f9 - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - commit 0ff3f87 - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tpm: Fix error handling in async work (git-fixes). - commit 643f2cc - driver core: dd: fix return value of __setup handler (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - misc: sgi-gru: Don't cast parameter in bit operations (git-fixes). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - commit 95c9747 - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - commit 20a25b6 ++++ libapparmor: - ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) ++++ sqlite3: - update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. ++++ libvirt: - CVE-2022-0897: nwfilter: fix crash when counting number of network filters a4947e8f-nwfilter-CVE-2022-0897.patch bsc#1197636 ++++ podman: - Add patches to fix bsc#1196751: * 0002-Add-JSON-version-of-the-machine-list.patch * 0003-Add-completion-for-machine-list-format.patch * 0004-Not-all-fields-in-machine-list-were-set-properly.patch * 0005-Record-the-image-stream-along-with-the-path.patch * 0006-System-tests-fix-RHEL8-gating-tests.patch * 0007-buildah-bud-tests-skip-failing-tests.patch * 0008-Makefile-fix-darwin-detection.patch * 0009-Fix-images-since-after-tests.patch * 0010-Changes-of-docker-descriptions.patch * 0011-CI-DOCS-logformatter-handle-python-logs.patch * 0012-Disable-search-images-test.patch * 0013-v.3.4-vendor-containers-common-v0.44.5.patch * 0014-Bump-github.com-prometheus-client_golang-to-v1.11.1.patch * 0015-Backport-of-https-github.com-containers-podman-pull-.patch ++++ python-pytz: - update to 2022.1 * matches tzdata 2022a * declare python 3.10 compatibility ++++ qemu: - Backport CVE-2021-3929 (bsc#1193880) * Patches added: hw-nvme-fix-CVE-2021-3929.patch - The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) * Patches added: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch - Add missing patch from a PTFs (bsc#1194938) * Patches added: scsi-generic-check-for-additional-SG_IO-.patch ++++ raspberrypi-firmware-dt: - With recent Linux kernel gpio-ranges Device Tree property is now required. Add following patches to fix immediate issue described in bsc#1197578. ARM-dts-gpio-ranges-property-is-now-required.patch ARM-dts-Add-GPIO-line-names-for-downstream-RPis.patch We do not update whole package because this will create new issues like the one described in comment#12 in bsc#1193434 and comment#2 in bsc#1196632. Once patches referenced in bsc#1196632 are accepted upstream. _This_ package could be upgraded too. ++++ runc: - Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus "Intel RDT is not supported" error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) ------------------------------------------------------------------ ------------------ 2022-3-28 - Mar 28 2022 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Provide dummy firewalld-prometheus-config package (bsc#1197042) ++++ kernel-default: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae - drm/i915/ttm: ensure we unmap when purging (git-fixes). - commit 6b15818 - blacklist.conf: f3cb4a2de541 drm/i915/ttm: only fault WILLNEED objects - commit 64673e1 - Refresh patches.suse/drm-i915-dg2-Print-PHY-name-properly-on-calibration-.patch. Alt-commit - commit ee566a7 - Refresh patches.suse/drm-i915-Widen-the-QGV-point-mask.patch. Alt-commit - commit 29d981f - blacklist.conf: 068396bb21c8 drm/i915/ttm: Rework object initialization slightly - commit 404bf29 - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - commit b52421d - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - commit a6a01f1 - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit ad07b38 - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - commit cd09a05 - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - commit c338df3 ++++ multipath-tools: - If multipath-tools is newly installed, load dm-multipath (bsc#1196898) ++++ systemd: - spec: enable 'efi' support regardless of whether sd_boot is enabled or not We should support EFI systems even if systemd-boot is not enabled. ++++ lshw: - Update to version B.02.19.2+git.20220310: * Github PR85 Set product name for all netdevs sharing the same PCI number ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#585 - Fix creation of openslp user (bsc#1196331, bsc#1197222) - 16.57.18 ------------------------------------------------------------------ ------------------ 2022-3-27 - Mar 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Move upstreamed patches into sorted section - commit 8e8d2c1 - of: unittest: update text of expected warnings (git-fixes). - commit f6fd7da - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported "bus-frequency" (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - of/fdt: Don't worry about non-memory region overlap for no-map (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - commit aae6d8d - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Don't cancel work that is not initialized (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - commit 28e1425 - usb: gadget: eliminate anonymous module_init & module_exit (git-fixes). - usb: usbip: eliminate anonymous module_init & module_exit (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: serial: pl2303: fix GS type detection (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - commit 3442073 ------------------------------------------------------------------ ------------------ 2022-3-26 - Mar 26 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix buildrequire for openldap2-devel - audit doesn't require the (outdated) C++ binding, but the C headers that happen to be pulled in by buildrequiring the C++ devel package ++++ gnutls: - FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907] * Add gnutls-FIPS-Mark-HKDF-and-AES-GCM-as-approved-when-used-in-TLS.patch * Upstream issue: https://gitlab.com/gnutls/gnutls/issues/1311 ++++ gstreamer-plugins-base: - Add 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch: playsink: Complete reconfiguration on pad release. - Use ldconfig_scriptlets macro for post(un) handling. ++++ kernel-default: - kABI: Fix kABI after "x86/mm/cpa: Generalize __set_memory_enc_pgtable()" (jsc#SLE-19924). - commit e24bb1c - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c} (jsc#SLE-19924). - commit 250ae25 ------------------------------------------------------------------ ------------------ 2022-3-25 - Mar 25 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645) * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch - Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517) * add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch ++++ cni-plugin-dnsname: - Update to version 1.3.1: * Don't use LDFLAGS: made `dnsname` unable to build in some packaging systems (not ours). ++++ ignition: - Add ignition-touch-selinux-autorelabel.conf: Trigger SELinux autorelabel after Ignition runs; Ignition would support SELinux itself, however this is a compile time option, so it can't be used here. - Filter commented lines in ignition-mount-initrd-fstab.service ++++ kernel-default: - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - commit 5d0120a - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" (bsc#1197243). - commit 34f056c - Move upstreamed patches into sorted section Also resort series - commit f444242 - Drop HID multitouch fix patch (bsc#1197243) Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch. Replaced with another revert patch. - commit b38132c - lib: bitmap: fix many kernel-doc warnings (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - TOMOYO: fix __setup handlers return values (git-fixes). - commit 4c9613e - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/msm/dsi: Use "ref" fw clock instead of global name for VCO parent (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - iwlwifi: mvm: don't iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: Don't call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - commit 246c690 - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - commit 6c4107e - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu: don't do resets on APUs which don't support it (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/edid: Don't clear formats if using deep color (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - commit 6f749c2 - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - docs: sysctl/kernel: add missing bit to panic_print (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - commit 66bcea3 - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - commit 5a1e763 - bitfield: add explicit inclusions to the example (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - Revert "ath: add support for special 0x0 regulatory domain" (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - commit 5117e32 ++++ zlib: - CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459 * bsc1197459.patch ++++ libzypp: - ZConfig: Update solver settings if target changes (bsc#1196368) - version 17.30.0 (22) ++++ qemu: - Kill downstream patches around bifmt handling that makes cumbersome to run multi-arch containers, and switch to the upstream behavior, which is well documented and valid on all other distros. This is possible thanks to Linux kernel commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch - Fix update_git.sh wiping all the package file of the local checkout while cloning the git repository on demand (in case they don't exist and the user as to do so). ------------------------------------------------------------------ ------------------ 2022-3-24 - Mar 24 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ++++ bash: - Do use old legacy PreReq to get bash installed before bash-sh but do not require bash-sh by bash (bsc#1197448) ++++ chrony: - Fix config file handling in the spec file and remove "ntsdumpdir" from default config, because augeas-lenses cannot parse it during installation of SLE Micro on SLE-15-SP3 (bsc#1194220). ++++ combustion: - Bump version to 0.3 - Use the Wiki page as URL (boo#1195383) - Don't touch /sysroot/etc/ after creating a new snapshot, it ends up in the old snapshot's overlay ++++ gtk3: - Update to version 3.24.33+12: + icons: add legacy icons (boo#1197480). + Updated translations. ++++ kernel-default: - Update HyperV Jira references (jsc#SLE-24072, jsc#SLE-17855) - commit f9a043f - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - commit 640a02e - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - commit 4ef6549 - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: ov5648: Don't pack controls struct (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - commit b4a8bfb - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 - media: ov6650: Fix set format try processing path (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - commit 04703ec - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: camss: vfe-170: fix "VFE halt timeout" error (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: don't enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - commit ab62902 - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - commit 8a84a24 - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - commit 549be6b - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - commit 25d68ae - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - commit 8cdd72e - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - commit 4b012b4 ++++ libapparmor: - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ++++ ceph: - Update to 16.2.7-650-gd083eaa3886 + (pr#469) cephadm: update image paths to registry.suse.com + (pr#468) cephadm: use snmp-notifier image from registry.suse.de + (pr#467) cephadm: infer the default container image during pull + (pr#465) mgr/cephadm: try to get FQDN for inventory address + Sync _constaints file for IBS and OBS ++++ nfs-utils: - Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch Ensure "sloppy" is added correctly for newer kernels. Particularly required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. (boo#1197297) ++++ qemu: - Improve test reliability * Patches added: Fix-the-module-building-problem-for-s390.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-testrunner-Quote-case.patch ++++ suse-build-key: - No longer install 1024bit keys by default. (bsc#1197293) - SLE11 key moved to documentation - old PTF (pre March 2022) moved to documentation only ++++ suseconnect-ng: - Update to version 0.0.7~git0.3ef988e: * Fix product tree traversal (bsc#1197398) * Revert "Remove self from LD_PRELOAD (bsc#1196326)" * Remove self from LD_PRELOAD (bsc#1196326) ------------------------------------------------------------------ ------------------ 2022-3-23 - Mar 23 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - add audit-userspace-517-compat.patch ++++ combustion: - Disable ignition-mount.service's ExecStop instead of stopping the unit (boo#1197309) ++++ kernel-default: - Update patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch (stable-5.14.19 bsc#1197366 CVE-2021-45868). - commit a567e14 ++++ openldap2: - bsc#1191157 - allow specification of max/min TLS version with TLS1.3 * 0239-ITS-9422-Update-for-TLS-v1.3.patch * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch * 0241-TLS-set-protocol-version.patch - bsc#1197004 - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. ++++ spice: - Add patch to let spice build with gstreamer 1.20.x (https://gitlab.freedesktop.org/spice/spice/-/merge_requests/207) * fix-build-with-gstreamer-1.20.patch ++++ systemd: - spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE ++++ qemu: - Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall (bsc#1196924) * Patches added: tools-virtiofsd-Add-rseq-syscall-to-the-.patch ------------------------------------------------------------------ ------------------ 2022-3-22 - Mar 22 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.36.4: + The internal DHCPv4 client now discards NAKs packets coming from servers different from the one that sent the offer. + Fix activation of PPPoE connections with "pppoe.parent" unset. + Fix potential libnm crash when the client object initialization gets canceled. + Other various fixes and improvements. ++++ container-selinux: - Add udica templates to the package ++++ distribution-logos-openSUSE: - Initial Leap Micro 5.2 branding ++++ branding-openSUSE: - Bump to 15.4 ++++ kernel-default: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Don't use GFP_KERNEL in atomic context (git-fixes). - qed: return status of qed_iov_get_link (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - commit b4c6170 - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - commit c705616 - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: cavium/nitrox - don't cast parameter in bit operations (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: amlogic - call finalize with bh disabled (git-fixes). - commit 7b5cd0c - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: ccree - don't attempt 0 len DMA mappings (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: qat - don't cast parameter in bit operations (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Ensure the server has an up to date ctime before renaming (git-fixes). - commit 87a7953 ++++ libgcrypt: - FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] * Mark RSA public key encryption and private key decryption with padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks peer key assurance validation requirements per SP800-56Brev2. * Mark ECC as approved only for NIST curves P-224, P-256, P-384 and P-521 with check for common NIST names and aliases. * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. * Add libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt-FIPS-service-indicators.patch - Run the regression tests also in FIPS mode. * Disable tests for non-FIPS approved algos. * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch ++++ nvme-cli: - Fix install conflict caused by new bash completion script location (bsc#1197365). ++++ qemu: - Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 (bsc#1197018) * Patches added: hw-i386-amd_iommu-Fix-maybe-uninitialize.patch Silence-GCC-12-spurious-warnings.patch Ignore-spurious-GCC-12-warning.patch ------------------------------------------------------------------ ------------------ 2022-3-21 - Mar 21 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Be more --quiet with systemctl ++++ kernel-default: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - commit e84694f - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") - commit 7e857f7 - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - commit c0ccfb9 - blacklist.conf: Remove blacklist entries that are included in the tree via -stable These are preventing an update of SLE 15 SP4 RT due to a commit trigger. blacklisted: fb8c3a3c52400512fc8b3b61150057b888c30b0d Applied by: patches.suse/ath5k-fix-building-with-LEDS-m.patch blacklisted: 435b08ec0094ac1e128afe6cfd0d9311a8c617a7 Applied by: patches.suse/bpf-test-cgroup-Use-sk_-alloc-free-for-test-cases.patch blacklisted: 27730c8cd60d1574d8337276e7a9d7d2ca92e0d1 Applied by: patches.suse/perf-script-Fix-PERF_SAMPLE_WEIGHT_STRUCT-support.patch - commit 1f2accf - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - commit 899511b ++++ libsolv: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code [bsc#1196514] - support parsing of Debian's Multi-Arch indicator - bump version to 0.7.22 ++++ libzypp: - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - version 17.29.7 (22) ++++ makedumpfile: - makedumpfile-sadump-kaslr-fix-kaslr_offset-calculation.patch: sadump, kaslr: fix failure of calculating kaslr_offset (bsc#1196736). ++++ systemd-presets-branding-SMO: - disable the AppArmor systemd service (bsc#1197368) ------------------------------------------------------------------ ------------------ 2022-3-20 - Mar 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/mm-khugepaged-skip-huge-page-collapse-for-special-fi.patch (stable-5.14.16 bsc#1193983 CVE-2021-4148). - commit 6200b3c - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - iwlwifi: don't advertise TWT support (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" (git-fixes). - commit 8f6b7bc ------------------------------------------------------------------ ------------------ 2022-3-19 - Mar 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm: Use bash for %() expansion (jsc#SLE-18234). Since 15.4 alternatives for /bin/sh are provided by packages -sh. While the interpreter for the build script can be selected the interpreter for %() cannot. The kernel spec files use bashisms in %(). While this could technically be fixed there is more serious underlying problem: neither bash nor any of the alternatives are 100% POSIX compliant nor bug-free. It is not my intent to maintain bug compatibility with any number of shells for shell scripts embedded in the kernel spec file. The spec file syntax is not documented so embedding the shell script in it causes some unspecified transformation to be applied to it. That means that ultimately any changes must be tested by building the kernel, n times if n shells are supported. To reduce maintenance effort require that bash is used for kernel build always. - commit bb95fef - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - commit 45a01a1 - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - commit e115c05 - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - commit 976f997 ------------------------------------------------------------------ ------------------ 2022-3-18 - Mar 18 2022 ------------------- ------------------------------------------------------------------ ++++ bcm43xx-firmware: - Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286) ++++ cloud-regionsrv-client: - Update to version 10.0.2 + Fix name of logfile in error message + Fix variable scoping to properly detect registration error + Cleanup any artifacts on registration failure + Fix latent bug with /etc/hosts population + Do not throw error when attemting to unregister a system that is not registered + Skip extension registration if the extension is recommended by the baseproduct as it gets automatically installed - Update to version 10.0.1 (bsc#1197113) + Provide status feedback on registration, success or failure + Log warning message if data provider is configured but no data can be retrieved - Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564) + The repo enablement timer cannot depend on guestregister.service ++++ cockpit: - re-add suse-microos-branding.patch from GitHub - add hide-docs.patch (bsc#1197003) ++++ container-selinux: - Update to version 2.180.0 * Allow container domains to read/write kvm_device_t * Update kublet mappings to inlcude /usr/local/* * Allow container domains to use container runtime tcp and udp sockets * Alow containers to use unix_stream_sockets leaked from container runtimes * Allow userdomains to execute conmon_exec_t and use it as an entrypoint * Allow conmon_exec_t as an entrypoint * Add container_use_devices boolean to allow containers to use any device * Add explicit range transition for conmon * Add missing dbus class declaration into container_runtime_run() * Remove lockdown allow rules * Remove k3s fcontexts * Allow container domains to be used by user roles - Changed source url to allow for download via source service ++++ gdk-pixbuf: - Update to version 2.42.8 (boo#1201826): + Clear the pixbuf's memory buffer to avoid returning uninitialized memory. + Turn GdkPixbufModule functions into typed callbacks. + tiff: Use non-deprecated C99 integer types. + gif: Check for overflow when compositing or clearing frames. + Change png/jpeg/tiff build options from boolean to feature. + jpeg: Do not rely on UB around setjmp/longjmp. + Build fixes. + Documentation fixes. + Security fixes: CVE-2021-46829. + Updated translations. - Stop passing options to meson that just follow upstream default, just rely on upstream providing sane defaults, apart from where we want to deviate. ++++ gnutls: - FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch * Upstream: https://gitlab.com/gnutls/gnutls/merge_requests/1561 - Enable to run the regression tests also in FIPS mode. ++++ gstreamer: - Update to version 1.20.1: + deinterlace: various bug fixes for yadif, greedy and scalerbob methods + gtk video sink: Fix rotation not being applied when paused + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + jpegdec: fix RGB conversion handling + matroskademux: improved ProRes video handling + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio caps fields correctly when checking caps equality on input caps changes + videoaggregator fixes (negative rate handling, current position rounding) + soup http plugin: Lookup libsoup dylib files on Apple platforms; fix Cerbero static build on Android and iOS + Support build against libfreeaptx in openaptx plugin + Fix linking issues on Illumos distros + GstPlay: Fix new error + warning parsing API (was unusuable before) + mpegtsmux: VBR muxing fixes + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + Support build against libfreeaptx in openaptx plugin + webrtc: Various fixes to the webrtc-sendrecv python example + macOS: support a relocatable `GStreamer.framework` on macOS + macOS: fix applemedia plugin failing to load on ARM64 macOS + windows: ship wavpack library + gst-python: Fix build with Python 3.11 + various bug fixes, memory leak fixes, and other stability and reliability improvements + plugin loader: show the reason when spawning of gst-plugin-scanner fails + registry, plugin loading: fix dynamic relocation if GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory; improve GST_PLUGIN_SUBDIR handling + context: fix transfer annotation on gst_context_writable_structure() for bindings + baseparse: Don't truncate the duration to milliseconds in gst_base_parse_convert_default() + bufferpool: Deactivate pool and get rid of references to other objects from dispose instead of finalize ++++ gstreamer-plugins-base: - Update to version 1.20.1: + typefindfunctions: Fix WebVTT format detection for very short files + gldisplay: Reorder GST_GL_WINDOW check for egl-device + rtpbasepayload: Copy all buffer metadata instead of just GstMetas for the input meta buffer + codec-utils: Avoid out-of-bounds error + navigation: Fix Since markers for mouse scroll events + videoaggregator: Fix for unhandled negative rate + videoaggregator: Use floor() to calculate current position + video-color: Fix for missing clipping in PQ EOTF function + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + audiovisualizer: shader: Fix out of bound write ++++ kernel-default: - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - commit 23e8a22 - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - commit a812a07 - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 - fuse: fix fileattr op failure (bsc#1197292). - commit f14130a ++++ util-linux: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). ++++ openldap2: - jsc#PM-3288 - restore CLDAP functionality in CLI tools ++++ libnvme: - Update to version 1.0-rc7: * linux: fixup log page offset in nvme_get_log_page() * tree: Add support for default trsvcid for all controllers (bsc#1195858) * tree: fixup coredump during nvme discover ++++ openssl-1_1: - FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch ++++ libxml2: - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap. ++++ mdadm: - skip RAID assembly if DM_UDEV_DISABLE_OTHER_RULES_FLAG (bsc#1196054) * Add 0121-udev-md-raid-assembly.rules-skip-if-DM_UDEV_DISABLE_.patch ++++ nvme-cli: - Update to version 2.0-rc7: * netapp-nvme: fix smdevices segfault in json output (bsc#1195937) * fabrics: keep the backward compatibility * nvme: Do not slash escape strings in JSON output (bsc#1195937) * nvme: Print full device path * nvme-print: Make JSON keys consistent with nvme-cli 1.x * nvme-print: print generic device in list command * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061) * connect: Set errno to zero on nvmf_add_ctrl() success * documenation updates - Set path to systemctl via newly introduced config option - Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename - Moved bash completion script to /usr/share/bash-completion/completions/nvme ++++ libxml2-python: - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap. ++++ util-linux-systemd: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). ------------------------------------------------------------------ ------------------ 2022-3-17 - Mar 17 2022 ------------------- ------------------------------------------------------------------ ++++ grep: - Make profiling deterministic (bsc#1040589, SLE-24115) ++++ kernel-default: - Update patch reference for vpda fix (CVE-2022-0998 bsc#1197247) - commit 39fa540 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit c787e8b - Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245) - commit 251a2e6 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - commit c768141 - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - commit 0ad5f72 ++++ timezone: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ------------------------------------------------------------------ ------------------ 2022-3-16 - Mar 16 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Do not requires dhcp-client, NM is using its internal client by default for a long time now. - Convert iproute2 and iputils requires to recommends, they should not be hard requires. ++++ firewalld: - Add patch which fixes the zone configuration (bsc#1191837) * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch ++++ jeos-firstboot: - Update to version 1.1.1.1: * Quick'n'dirty NetworkManager support - Switch git URL to https - Require NetworkManager or wicked ++++ kernel-default: - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). When dependency cycles are encountered package dependencies may not be fulfilled during zypper transaction at the time scriptlets are run. This is a problem for kernel scriptlets provided by suse-module-tools when migrating to a SLE release that provides these scriptlets only as part of LTSS. The suse-module-tools that provides kernel scriptlets may be removed early causing migration to fail. - commit ab8dd2d - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - rpm/*.spec.in: remove backtick usage - commit 87ca1fb - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - commit 646c90c - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ gcc11: - Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406 * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] - Add gcc11-pr104931.patch to fix miscompile of embedded premake in 0ad on i586. [bsc#1197065] ++++ sqlite3: - Remove obsolete configure flags - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ++++ systemd: - Import commit 5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c (merge of v249.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/23b6a8633186a2b5b2487621c81ec7e7bb068db1...5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c - Import commit 23b6a8633186a2b5b2487621c81ec7e7bb068db1 f19292f18d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) 3349f636dc man: tweak description of auto/noauto (bsc#1191502) ++++ pam: - Between allocating the variable "ai" and free'ing them, there are two "return NO" were we don't free this variable. This patch inserts freaddrinfo() calls before the "return NO;"s. [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch] ------------------------------------------------------------------ ------------------ 2022-3-15 - Mar 15 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - make package compatible with OBS version (bsc#1197224): * move branding images to distribution-logos-SLE package * re-add dependency on distribution-logos * remove branding patch and assets (suse-microos-branding.patch, suse-microos-branding.tar.gz); moved to GitHub fork * remove local __python3 macro * apply SLE specific patches only on SLE ++++ glib2-branding-openSUSE: - Update .gschema.override.in: Change default libreoffice startup entry to libreoffice-startcenter.desktop according to the libreoffice update (bsc#1195836, bsc#1196951). ++++ kernel-default: - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - commit 231bfb2 - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - commit 6874f7f - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - commit f088cf6 - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. Update number of SETUP_EFI_SECRET_KEY from 7 to 16 to make room for future upstream patches taking numbers from 7 upwards, as discussed with Joey Lee. - commit cd78c9f - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - commit 77e00d5 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-firmware: - Update to version 20220309 (git commit cd01f857da28): * iwlwifi: add new FWs from core68-60 release * ath11k: add links for WCN6855 hw2.1 * ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 * ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin * ath10k/ath11k: mark notice.txt as "File:" * linux-firmware: add firmware for MT7986 * amdgpu: add firmware for SDMA 5.2.7 IP block * amdgpu: add firmware for PSP 13.0.8 IP block * amdgpu: add firmware for DCN 3.1.6 IP block * amdgpu: add firmware for GC 10.3.7 IP block * rtw89: 8852a: update fw to v0.13.36.0 * iwlwifi: update 9000-family firmwares to core68-60 * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * amdgpu: update picasso VCN firmware * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2021-46744, CVE-2021-26339, bsc#1199470, bsc#1199459) * rtw89: 8852a: update fw to v0.13.35.0 ++++ openssl-1_1: - Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch - Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. [bsc#1194187, bsc#1004463] ++++ ceph: - Update to 16.2.7-640-gceb23c7491b + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade ++++ qemu: - Proactive fix * Patches added: hw-nvram-at24-return-0xff-if-1-byte-addr.patch ++++ ovmf: - TPM_ENABLE got renamed to TPM2_ENABLE and TPM_CONFIG_ENABLE removed (except on ARM for some reason) (boo#1197104) ++++ samba: - Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); ++++ supportutils: - Spec file adjusted for usr-merge ------------------------------------------------------------------ ------------------ 2022-3-14 - Mar 14 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Hide links pointing to RHEL docs, hide-docs.patch (bsc#1197003) ++++ dracut: - Update to version 055+suse.244.g2f624182: * fix(resume): only exclude this module when swap is netdev (bsc#1194915) ++++ kernel-default: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb - kABI: fix rndis_parameters locking (git-fixes). - commit b56edcd - tracing/osnoise: Force quiescent states while tracing (git-fixes). - commit 1b74679 - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - commit 0d97063 - Refresh patches.suse/x86-kvm-add-guest-support-for-detecting-and-enabling-sev-live-migration-feature - Refresh patches.suse/x86-sev-move-common-memory-encryption-code-to-mem_encrypt-c - Refresh patches.suse/x86-sev-rename-mem_encrypt-c-to-mem_encrypt_amd-c Bring patches.suse/x86-kvm-add-guest-support-for-detecting-and-enabling-sev-live-migration-feature closer to upstream to avoid future conflicts. Update other patches as required by this. - commit 8b29535 - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - commit 81cb0af ++++ libarchive: - Fix CVE-2021-36976 use-after-free in copy_string (CVE-2021-36976, bsc#1188572) * fix-CVE-2021-36976.patch - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2017-5601, bsc#1022528, bsc#1189528 ++++ openldap2: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults. ++++ pcre2: - version update to 10.39 * Fix incorrect detection of alternatives in first character search in JIT * Update to Unicode 14.0.0 - 0001-Fixed-atomic-group-backtracking-bug.patch released for 15:Update due to bsc#1187937 is already upstreamed https://bugzilla.suse.com/show_bug.cgi?id=1187937#c7 ++++ sssd: - Fix shell command injection in sssctl via the logs-fetch and cache-expire subcommands; (CVE-2021-3621); (bsc#1189492); Add 0002-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch ++++ libzypp: - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - version 17.29.6 (22) ++++ python-iniconfig: - Include in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972) ++++ python-py: - Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972) - Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0 ++++ yast2-trans: - Update to version 84.87.20220313.3dfcfc0d1f: * Translated using Weblate (Hindi) * Translated using Weblate (Polish) * New POT for text domain 'base'. * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * New POT for text domain 'packager'. * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Indonesian) ------------------------------------------------------------------ ------------------ 2022-3-13 - Mar 13 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + change lvm.conf item external_device_info_source from none to udev + bug-1179691_config-set-external_device_info_source-none.patch ++++ lvm2: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + change lvm.conf item external_device_info_source from none to udev + bug-1179691_config-set-external_device_info_source-none.patch ++++ sqlite3: - update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. - add upstream patch to run atof1 tests only on x86_64 sqlite-src-3380100-atof1.patch ------------------------------------------------------------------ ------------------ 2022-3-12 - Mar 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - commit 8e490b2 - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - slip: fix macro redefine warning (git-fixes). - commit 7dc768d ++++ libvirt: - qemu: Fixes and improvements for SEV(-ES) guests d248e3dc-virsh-domsetlaunchsecstate-report-error.patch, 07ddb4c6-qemuDomainSetLaunchSecurityState-check-params.patch, 29605313-qemuDomainSetLaunchSecurityState-nocache.patch, 82be0ffe-conf-validate-serial-port-model.patch, aab943a6-support-firmware-debug.patch, 7714034e-qemu-debug-console-tests.patch, 3ef9b51b-qemu-fix-pflash-formatting.patch, 5adfb347-qemu-honor-user-nvram-path.patch, 08101bde-qemu-inline-nvram-path-code.patch, 24adb6c7-qemu-dont-regen-nvram-path.patch, 392292cd-tests-dont-use-autogen-nvram-path.patch, 32b9d8b0-qemu-support-fw-descriptor-mode.patch, 823a62ec-qemu-fix-undefine-crash.patch bsc#1196806 ------------------------------------------------------------------ ------------------ 2022-3-11 - Mar 11 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) * 0001-install-fix-software-raid1-on-esp.patch ++++ kernel-default: - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - commit 8f9c7a1 - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit a54f4ff - Update patch reference for virtio BT fix (CVE-2022-26878 bsc#1197035) - commit a9d561c - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - commit 1341b7c ++++ libnvme: - Update to version 1.0-rc6: * tree: add nvme_ctrl_get_ana_state() (bsc#1195938) * tree: link paths to namespaces in nvme_subsystem_scan_namespace() (bsc#1195938) * ioctl.h: ns list bug fix (wrong cns value) * types.h: Key Value Command Set Identifier added (NVME_CSI_KV) * types: fix status code type bug (wrong masking) ++++ protobuf: - Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570, bsc#1195258 * Add protobuf-CVE-2021-22570.patch ++++ libvirt-dbus: - Update to version 1.4.1: * Release of libvirt-dbus 1.4.1 * tests: allow running our tests against installed libvirt-dbus * tests: report proper error if `abs_top_builddir` is not defined * gitlab: use --fatal-meson-warnings in builds * meson: add git_werror option and only set if -Dwerror is not set * meson: honour meson warning_level setting * gitlab: adapt to use meson for libvirt-glib build * ci: refresh containers for CentOS-8 PowerTools repo rename * gitlab: replace "libvirt-" prefix with "ci-" in dockerfiles * gitlab: refresh containers with lcitool for fully minimized base * Dropped patches: libvirt-dbus-systemd.diff - Add source service file - Change system-user-libvirt-dbus subpackage to noarch - Require libvirt group in system-user-libvirt-dbus subpackage bsc#1196968 ++++ mdevctl: - spec: Add /etc/mdevctl.d/scripts.d directory to %files ++++ nvme-cli: - Update to version 2.0-rc6: * nvme: print out ANA state for 'list-subsys' (bsc#1195938) * nvme: Explicit initialize all command line options (bsc#1195945) * nvme: Explicit initialize passthru command line options * nvme: list_ns bug fix (csi option enable) * nvme: nvme write bug fix (no parse for option) * documenation updates ++++ permissions: - Update to version 20201225: * whitelist ksysguard network helper (bsc#1151190) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#582 - include all of s390-tools in initrd (bsc#1195914, bsc#1196923) - 16.57.17 ++++ yast2: - Extend the Package module to force using PackageSystem or PackageAI without having the mode into account. - AutoYaST: properly detect whether firewalld, bind and yast2-dns-server packages are installed when cloning a system (bsc#1196963). - 4.4.47 ------------------------------------------------------------------ ------------------ 2022-3-10 - Mar 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require virt-install and qemu display drivers needed to start new VMs (bsc#1196971) ++++ dracut: - Update to version 055+suse.242.g76ae5ce4: * fix(multipath): align multipathd.service type with upstream (bsc#1196958) * fix(systemd-sysusers): use split systemd sysuser configs (bsc#1196223) ++++ grub2: - Fix riscv64 build error * 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) * 0001-grub-install-bailout-root-device-probing.patch ++++ kernel-default: - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - commit b18f008 - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - commit 6463ef3 - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - commit 764dcf8 - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - commit 530a7dd - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - commit 9d51706 - arm: kprobes: Make space for instruction pointer on stack (bsc#1193277). - commit 9a408f3 - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - commit 309553d - x86/ptrace: Fix xfpregs_set()'s incorrect xmm clearing (bsc#1190497). - commit be27a82 - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - EDAC/altera: Fix deferred probing (bsc#1190497). - commit 054e83a - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - commit 771d37d - Add cherry-picked IDs to DRM patches - commit cf6526e - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - commit 5be8bf8 ++++ rdma-core: - Update spec file from upstream - install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) - fix build support for riscv - Added cmake-Make-modprobe.d-path-configurable.patch - Backport from upstream to allow modprobe files to be installed in a configurable directory ++++ openssl-1_1: - FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch * bsc#1190652 - Provide a service to output module name/identifier and version ++++ mdevctl: - Update to version v1.1.0 (jsc#SLE-18449): * use imported std::env for CARGO_PKG_VERSION in build.rs directly * fix build.rs to allow specify exact path or name of the rst2man * Don't call unnecessary to_string() * Report a useful error when /etc/mdevctl.d doesn't exist * Handle FS permissions problems for defined devices * Fix needless borrow warning from clippy * tests: read stdin in callout test scripts * Report root error when a callout can't be executed * Don't emit warning for files in /etc/mdevctl.d/scripts.d * env: add function to get base scripts directory ++++ osinfo-db: - bsc#1196965 - openSUSE Tumbleweed unattended installation with libvirt fails opensuse-autoyast-desktop.patch ++++ ovmf: - Update to edk2-stable202202 - Features (https://github.com/tianocore/edk2/releases): OvmfPkg Add new target for Cloud Hypervisor Add TDVF to OvmfPkg Add new APIs to UefiCpuPkg/UefiCpuLib Add AMD Secure Nested Paging Support Add SSDT PCI generator in DynamicTablesPkg Support ACPI 6.4 PPTT changes Add FdtHwInfoParser library Add DynamicPlatRepo library Make package and platform builds reproducible across source format changes Add Uncrustify CI Plugin Apply uncrustify changes to all package C and H files - Patches (git log --oneline --reverse edk2-stable202111~..edk2-stable202202): bb1bba3d77 NetworkPkg: Fix invalid pointer for DNS response token on error ef9a059cdb EmulatorPkg/Win/Host: Update CC_FLAGS 69877614fd .pytool/Plugin/EccCheck: Remove RevertCode() 854462bd34 .pytool/Plugin/EccCheck: Remove temp directory on exception 3019f1bbab .pytool/Plugin/EccCheck: Add performance optimizations 99f84ff473 .pytools/Plugin/LicenseCheck: Use temp directory for git diff output 76a1ce4d5f .azurepipelines/templates: Update max pipeline job time to 2 hours 365dced2c3 ArmPkg: Update YAML to ignore specific ECC files/errors 1939fc9569 ArmPlatformPkg: Update YAML to ignore specific ECC files/errors c97fee87f0 ArmVirtPkg: Update YAML to ignore specific ECC files/errors d5744ecba8 CryptoPkg: Update YAML to ignore specific ECC files/errors d7d30e8f21 EmulatorPkg: Update YAML to ignore specific ECC files/errors 9deb937076 MdeModulePkg: Update YAML to ignore specific ECC files/errors df790cd6b3 MdePkg: Update YAML to ignore specific ECC files/errors 60fa40be45 SecurityPkg: Update YAML to ignore specific ECC files/errors 9944508e85 ShellPkg: Update YAML to ignore specific ECC files/errors c30c40d6c6 StandaloneMmPkg: Update YAML to ignore specific ECC files/errors c057347977 UefiPayloadPkg: Update YAML to ignore specific ECC files/errors f0f3f5aae7 UnitTestFrameworkPkg: Update YAML to ignore specific ECC files/errors dfafa8e453 MdeModulePkg/DxeCorePerformanceLib:Variable Initial a4a582e180 ArmPkg: Change use of EFI_D_* to DEBUG_* 1d2482e1e3 ArmPlatformPkg: Change use of EFI_D_* to DEBUG_* c5b3a56e4f ArmVirtPkg: Change use of EFI_D_* to DEBUG_* a1878955b2 EmbeddedPkg: Change use of EFI_D_* to DEBUG_* 9c7da8d804 EmulatorPkg: Change use of EFI_D_* to DEBUG_* 917e98f3e5 FatPkg: Change use of EFI_D_* to DEBUG_* 87000d7708 MdeModulePkg: Change use of EFI_D_* to DEBUG_* 5f289f3ae3 MdePkg: Change use of EFI_D_* to DEBUG_* c49ca4a29e NetworkPkg: Change use of EFI_D_* to DEBUG_* 47719926e8 OvmfPkg: Change use of EFI_D_* to DEBUG_* ca56749b0e PcAtChipsetPkg: Change use of EFI_D_* to DEBUG_* e905fbb05a SecurityPkg: Change use of EFI_D_* to DEBUG_* 4a1aee13d8 ShellPkg: Change use of EFI_D_* to DEBUG_* 586fda4800 SourceLevelDebugPkg: Change use of EFI_D_* to DEBUG_* 96e1cba5c1 UefiCpuPkg: Change use of EFI_D_* to DEBUG_* 1871d28eaf ArmPkg: Change OPTIONAL keyword usage style 2863ba97ca ArmPlatformPkg: Change OPTIONAL keyword usage style 9607597a74 ArmVirtPkg: Change OPTIONAL keyword usage style c8f46130f8 CryptoPkg: Change OPTIONAL keyword usage style fe2d81892f DynamicTablesPkg: Change OPTIONAL keyword usage style 792433088c EmbeddedPkg: Change OPTIONAL keyword usage style c69fc80c80 EmulatorPkg: Change OPTIONAL keyword usage style 9c721071d3 FmpDevicePkg: Change OPTIONAL keyword usage style e3917e22e7 MdeModulePkg: Change OPTIONAL keyword usage style d0e2f8232a MdePkg: Change OPTIONAL keyword usage style 8874fa199d NetworkPkg: Change OPTIONAL keyword usage style 79d49e162e OvmfPkg: Change OPTIONAL keyword usage style 237295f46d PcAtChipsetPkg: Change OPTIONAL keyword usage style dc8fe5ec95 RedfishPkg: Change OPTIONAL keyword usage style 12710fe93b SecurityPkg: Change OPTIONAL keyword usage style 9b8507cabe ShellPkg: Change OPTIONAL keyword usage style 18908e6131 SignedCapsulePkg: Change OPTIONAL keyword usage style f9c9215b55 SourceLevelDebugPkg: Change OPTIONAL keyword usage style 902e76de19 StandaloneMmPkg: Change OPTIONAL keyword usage style 4ec586b9f6 UefiCpuPkg: Change OPTIONAL keyword usage style e35dd32821 UefiPayloadPkg: Change OPTIONAL keyword usage style 78bc3bdd2a UnitTestFrameworkPkg: Change OPTIONAL keyword usage style ea85f0fe13 ArmVirtPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() e3b855f283 CryptoPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 4a9d411662 DynamicTablesPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() db52c7f755 MdeModulePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 098307e082 MdePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() ed7f7c9168 NetworkPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 8e875037bf OvmfPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() deba54761a PcAtChipsetPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() f9f4fb2329 SecurityPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 7c2a6033c1 UefiCpuPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 429309e0c6 ArmPkg: Apply uncrustify changes 40b0b23ed3 ArmPlatformPkg: Apply uncrustify changes 2b16a4fb91 ArmVirtPkg: Apply uncrustify changes 7c34237831 CryptoPkg: Apply uncrustify changes 731c67e1d7 DynamicTablesPkg: Apply uncrustify changes e7108d0e96 EmbeddedPkg: Apply uncrustify changes a550d468a6 EmulatorPkg: Apply uncrustify changes bcdcc4160d FatPkg: Apply uncrustify changes 45ce0a67bb FmpDevicePkg: Apply uncrustify changes 111f2228dd IntelFsp2Pkg: Apply uncrustify changes 7c7184e201 IntelFsp2WrapperPkg: Apply uncrustify changes 1436aea4d5 MdeModulePkg: Apply uncrustify changes 2f88bd3a12 MdePkg: Apply uncrustify changes d1050b9dff NetworkPkg: Apply uncrustify changes ac0a286f4d OvmfPkg: Apply uncrustify changes 5220bd211d PcAtChipsetPkg: Apply uncrustify changes 39de741e2d RedfishPkg: Apply uncrustify changes c411b485b6 SecurityPkg: Apply uncrustify changes 47d20b54f9 ShellPkg: Apply uncrustify changes b878648967 SignedCapsulePkg: Apply uncrustify changes c1e126b119 SourceLevelDebugPkg: Apply uncrustify changes 91415a36ae StandaloneMmPkg: Apply uncrustify changes 053e878bfb UefiCpuPkg: Apply uncrustify changes e5efcf8be8 UefiPayloadPkg: Apply uncrustify changes 7c0ad2c338 UnitTestFrameworkPkg: Apply uncrustify changes dc453b5164 .pytool/Plugin/UncrustifyCheck: Add Uncrustify CI plugin 1832eb15aa UefiPayloadPkg/UefiPayloadPkg.fdf: Update DXE Apriori list ca78281c25 UefiPayloadPkg/PayloadEntry: Inherit 4/5-level paging from bootloader b2f7ee2ded UefiPayloadPkg: Increase SystemMemoryUefiRegionSize from 32M to 64M 94e0a7bddb UefiPayloadPkg: Add missing Guid gUefiAcpiBoardInfoGuid 2527723de9 UefiPayloadPkg: Add performance measurement feature ffdde9d719 UefiPayloadPkg: Skip ModuleInfo HOB in Payload 965292135b UefiPayloadPkg/UefiPayloadPkg.dsc:Add BootManagerLib for BootManagerMenuApp 85a678bf76 UefiPayloadPkg: Add integration instruction for coreboot common error 7b28310008 BaseTools: Increase the DevicePath length for support more PCD value. d25b803e51 MdeModulePkg/Bus/Pci/UhciDxe: Fix the UsbHc memory allocate and free issue c82ab4d8c1 BaseTools/VfrCompile: Correct Bit Field Flags for numeric/one of 2ddacfb6b8 OvmfPkg/SecMain: move SEV specific routines in AmdSev.c e2289d19d8 UefiCpuPkg/MpInitLib: move SEV specific routines in AmdSev.c 2fe8edfe55 OvmfPkg/ResetVector: move clearing GHCB in SecMain 3053183d41 OvmfPkg/ResetVector: introduce SEV metadata descriptor for VMM use 707c71a01b OvmfPkg: reserve SNP secrets page cca9cd3dd6 OvmfPkg: reserve CPUID page f2dc28f0b6 OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase 34819f2cac OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values d9822304ce OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() 7c3b2892ea OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest d2b998fbdc OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values a19b648952 OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest 19914edc5a OvmfPkg/AmdSevDxe: do not use extended PCI config space ade62c18f4 OvmfPkg/MemEncryptSevLib: add support to validate system RAM d706f8fec2 OvmfPkg/MemEncryptSevLib: add function to check the VMPL0 11b15336f0 OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM d39f8d88ec OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase 202fb22be6 OvmfPkg/SecMain: validate the memory used for decompressing Fv 8eb79b5f4f OvmfPkg/PlatformPei: validate the system RAM when SNP is active 26210f9436 MdePkg: Define ConfidentialComputingGuestAttr 504ae26b80 OvmfPkg/PlatformPei: set PcdConfidentialComputingAttr when SEV is active b95908e043 UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV status f4e3ce5f53 UefiCpuPkg: add PcdGhcbHypervisorFeatures f5a6e1bab5 OvmfPkg/PlatformPei: set the Hypervisor Features PCD 2c354252be MdePkg/GHCB: increase the GHCB protocol max version 9c703bc0f1 UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled d4d7c9ad5f UefiCpuPkg/MpInitLib: use BSP to do extended topology check b928eb44d5 OvmfPkg/MemEncryptSevLib: change the page state in the RMP table b7b8872031 OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address ea3a12d970 OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map 67484aed69 OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table 06544455d0 UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs 0f1d7477c0 OvmfPkg: Remove unused print service driver (PrintDxe) 30631f0a26 MdePkg: Add missing Cache ID (in)valid define 0077c22f6d MdePkg: Remove PPTT ID type structure a50b65ce22 ShellPkg: Update Acpiview PPTT parser to ACPI 6.4 8cf2bdfcfb ShellPkg: Add Cache ID to PPTT parser b2bbe3df54 DynamicTablesPkg: Remove PPTT ID structure from ACPI 6.4 generator e139829dd6 DynamicTablesPkg: Update PPTT generator to ACPI 6.4 e81a81e584 DynamicTablesPkg: Add CacheId to PPTT generator 9afcd48a94 OvmfPkg: Handle Cloud Hypervisor host bridge 2ccefa32a6 OvmfPkg: Create global entry point for SMBIOS parsing d8ef774346 OvmfPkg: Retrieve SMBIOS from Cloud Hypervisor 66bce05f6d OvmfPkg: Generalize AcpiPlatformDxe 7594c5bfe2 OvmfPkg: Install ACPI tables for Cloud Hypervisor f6df289a1c OvmfPkg/OvmfXen: Fix Xen build 2b20a34fd5 OvmfPkg-EmuVariableFvbRuntimeDxe: Support Access To Memory Above 4G d5efc875ef MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware a124cd4ef9 SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib 8c06c53b58 SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib adf070ff56 OvmfPkg/Microvm: add PcdConfidentialComputingGuestAttr 2686468c43 OvmfPkg/Bhyve: add MemEncryptSevLib 61be49e0f7 OvmfPkg/PlatformCI: factor out PlatformBuildLib.py 21ee379407 OvmfPkg/PlatformCI: add QEMU_SKIP 64bccda534 OvmfPkg/PlatformCI: add BhyveBuild.py 04eacd3943 OvmfPkg/PlatformCI: add MicrovmBuild.py 8b8ae609a7 OvmfPkg/PlatformCI: add AmdSevBuild.py 2722856a87 OvmfPkg/PlatformCI: dummy grub.efi for AmdSev 1203eba58e OvmfPkg/PlatformCI: add XenBuild.py 64ef0dd1d3 OvmfPkg/Microvm/fdt: add device tree support 79dcaf7054 OvmfPkg/Microvm/fdt: load fdt from fw_cfg c802f8935c OvmfPkg/Microvm/fdt: add empty fdt 2a68abf6ee OvmfPkg/Microvm/virtio: add virtio-mmio support e07d27e24d OvmfPkg/Microvm: add README 7f1861be2b DynamicTablesPkg: AML Code generation for memory ranges 0e7147fe75 DynamicTablesPkg: AML Code generation to create a named Package() fd5fc4bbb7 DynamicTablesPkg: AML Code generation to create a named ResourceTemplate() b2b8def4e3 DynamicTablesPkg: AML Code generation to add _PRT entries 69ddfee1c3 DynamicTablesPkg: Add AmlAttachNode() ce306e48eb DynamicTablesPkg: Add Pci related objects e35a746cf5 DynamicTablesPkg: SSDT Pci express generator ec37fd9c1f DynamicTablesPkg: Fix multiple objects parsing 557dede8a6 OvmfPkg/PlatformPei: ScanOrAdd64BitE820Ram improvements 759e3c6d21 OvmfPkg/PlatformPei: prefer etc/e820 for memory detection 41d8bb3038 OvmfPkg/PlatformPei: stop using cmos for memory detection 7a6e6ae933 EmulatorPkg: Update lldbefi.py to work with current lldb which uses python3 4d30352445 ArmPkg: Add SMC helper functions c039fa7ff0 ArmPkg: Update SMC calls to use the new ArmCallSmc0/1/2/3 functions 90ad4b3b34 DynamicTablesPkg: Definition for HwInfoParser interface d59c5a20f8 DynamicTablesPkg: FdtHwInfoParser: CM Object descriptor helper 5d8b5d171c DynamicTablesPkg: FdtHwInfoParser: Add FDT utility functions 8d2691c3d5 DynamicTablesPkg: FdtHwInfoParser: Add Boot Arch parser 3ebe1ff5c9 DynamicTablesPkg: FdtHwInfoParser: Generic Timer Parser 51941f7558 DynamicTablesPkg: FdtHwInfoParser: Add Serial port parser e366a41ef0 DynamicTablesPkg: FdtHwInfoParser: Add GICC parser 0fa1217726 DynamicTablesPkg: FdtHwInfoParser: Add GICD parser b04cf355a0 DynamicTablesPkg: FdtHwInfoParser: Add MSI Frame parser d250d408cf DynamicTablesPkg: FdtHwInfoParser: Add ITS parser 7b6c8b30a5 DynamicTablesPkg: FdtHwInfoParser: Add GICR parser 26bf034a59 DynamicTablesPkg: FdtHwInfoParser: Add GIC dispatcher c67bf628c8 DynamicTablesPkg: FdtHwInfoParser: Add PCI config parser deb01dfd7f DynamicTablesPkg: Add FdtHwInfoParser library 9006967c8d DynamicTablesPkg: Handle 16550_WITH_GAS id b2d0ed20fd DynamicTablesPkg: Definition for DynamicPlatRepoLib interface 2e2db65e39 DynamicTablesPkg: DynamicPlatRepo: Add TokenGenerator 740e3bb634 DynamicTablesPkg: DynamicPlatRepo: Add TokenFixer 5fe5b6f94f DynamicTablesPkg: DynamicPlatRepo: Add TokenMapper 38f6d78c3b DynamicTablesPkg: Add DynamicPlatRepo library f14fff5135 StandaloneMmPkg/FvLib: Support large file with EFI_FFS_FILE_HEADER2. 3a72ec71cd OvmfPkg: remove unused TPM options from MicrovmX64.dsc b47575801e OvmfPkg: move tcg configuration to dsc and fdf include files 5711ff4d0b OvmfPkg: drop TPM_CONFIG_ENABLE b819388772 OvmfPkg: create Tcg12ConfigPei.inf 4de8d61bce OvmfPkg: rework TPM configuration e6ea1464a8 OvmfPkg/PlatformPei: Revert "stop using cmos for memory detection" a6c0418651 ArmPkg/SmbiosMiscDxe: Remove duplicate HII string definition 45e3842970 ArmPkg/SmbiosMiscDxe: Get full SMBIOS strings from OemMiscLib b451c69088 ArmPkg/ProcessorSubClassDxe: Get serial and part number from OemMiscLib 8ed8568922 SecurityPkg: Debug code to audit BIOS TPM extend operations 195f011973 SecurityPkg: Reallocate TPM Active PCRs based on platform support ab5ab2f603 SecurityPkg: TPM must go to Idle state on CRB command completion c63a10ecb7 EmbeddedPkg/AcpiLib: Add more helper functions f129b1f06f OvmfPkg/Bhyve: fix tls-enabled build ee1f8262b8 OvmfPkg: Call PlatformInitializeConsole for GPU passthrough case de9e5b7dc7 IntelFsp2WrapperPkg : FSPM/S UPD data address based on Build Type 9ec2cc1f31 IntelFsp2WrapperPkg : Remove EFIAPI from local functions. ae8272ef78 MdeModulePkg/UsbBusDxe: fix NOOPT build error 15c596aeeb OvmfPkg: Bhyve: Delete unused AcpiTables/Ssdt.asl file 6612ff8561 UefiCpuPkg: Extend measurement of microcode patches to TPM e910f076ad BaseTools: Fix the bug of --cmd-len build option 7935be0fbd IntelFsp2Pkg/FspSecCore: ExtendedImageRevision was not printed. c095122d4b MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP d463c56ddd MdeModulePkg: Replace with UFS_UNIT_DESC to fix timeout problem 45920941d9 MdeModulePkg: Refactoring UFS DME request and fix timing problem 13d9e8ec98 MdeModulePkg: Put off UFS HCS.DP checking to fix timing problem 079a58276b OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved 9dd14fc91c MdePkg: Add registers of boot partition feature 14a731096d UnitTestFrameworkPkg: CI YAML: Grant cmockery spell check exception 6062002bd5 MdeModulePkg/PartitionDxe: Add break to handle invalid LBA0 in MBR 7438a85bf1 BaseTools: Fix wrong variable header size c712ce2bb1 OvmfPkg/CloudHv: Add new target for Cloud Hypervisor a2da72b2ca OvmfPkg/CloudHv: Replace legacy 8254 PIT with local APIC timer 6ecdda71fe OvmfPkg/CloudHv: Connect serial console 1552050ce7 OvmfPkg/CloudHv: Remove legacy 8259 PIC support fdcea7ff6f OvmfPkg/CloudHv: Remove Q35 specifics 71082d3d1b OvmfPkg/CloudHv: Reduce dependency on QemuFwCfg 196be601f9 OvmfPkg/CloudHv: Remove video support 7b6cbe0a81 OvmfPkg/CloudHv: Remove USB support e73d1bf96a OvmfPkg/CloudHv: Remove CSM support b66056ef21 OvmfPkg/CloudHv: add Maintainers.txt entry 5302bd81d9 OvmfPkg: Add CloudHvX64 to the CI 59c48c9314 UefiPayloadPkg: Change the user interface name of the Uiapp 5801910013 UefiPayloadPkg: Not use BaseCpuTimerLib by default. 772c5bb8dc FmpDevicePkg/FmpDxe: Update FmpDeviceCheckImageWithStatus() handling 7709988dd8 RedfishPkg/RedfishRestExDxe:Simplify status check 21320ef669 MdeModulePkg/Variable: Make only EFI_VARIABLE_NON_VOLATILE invalid 7e5c603cba MdeModulePkg/SdMmcPciHcDxe: Robust improvements for SD card 1.8V switch ee67067f17 MdeModulePkg: VariableSmmRuntimeDxe: Fix Variable Policy Message Length 5b39832e18 MdePkg: MmCommunication2: Update MM communicate2 function description ce37f45955 ArmPkg: MmCommunicationDxe: MM communicate function argument attributes 541a077bd1 ArmPkg: MmCommunicationDxe: Update MM communicate `CommBuffer**` checks 1aa1ec4574 ArmPkg: MmCommunicationDxe: Update MM communicate `CommSize` check 8cc5590eab ArmPkg: MmCommunicationDxe: Update MM communicate `MessageLength` check 6777e67383 EmbeddedPkg: Fix a build error in FwVol.c in X64 arch a867f3a704 UefiPayloadPkg: Use BaseCpuTimerLib for Universal Payload by default f4b7b473b4 MdeModulePkg/UefiBootManagerLib: Convert BmLoadOption to Variable Policy 76b3d45b75 ShellPkg: Add the missing VariablePolicyHelperLib in ShellPkg.dsc 8542fc5f95 NetworkPkg: Add the missing VariablePolicyHelperLib in NetworkPkg.dsc ae35314e7b Maintainers.txt: Add Sami Mujawar as reviewer for ArmPkg 862ea6e836 OvmfPkg: change qemu default resolution to 1280x800 e95b44c90e ArmVirtPkg: change qemu default resolution to 1280x800 929804b172 OvmfPkg: add PcdVideoResolutionSource 7f25ddbc03 OvmfPkg/QemuVideoDxe: simplify InitializeBochsGraphicsMode 336da55ca8 OvmfPkg/QemuVideoDxe: drop QEMU_VIDEO_BOCHS_MODES->ColorDepth 55c05427b9 OvmfPkg/QemuVideoDxe: factor out QemuVideoBochsAddMode 49a2d8cbf5 OvmfPkg/QemuVideoDxe: parse edid blob, detect display resolution ba79becd55 OvmfPkg/BaseCachingPciExpressLib: Migrate BaseCachingPciExpressLib 103fa647d1 ArmPkg: Replace CoreId and ClusterId with Mpidr in ARM_CORE_INFO struct 742dafd2cc DynamicTablesPkg: Print specifier macro for CM_OBJECT_ID 13136cc311 DynamicTablesPkg: FdtHwInfoParserLib: Parse Pmu info 5751d60821 DynamicTablesPkg: AmlLib: AmlAddPrtEntry() to handle GSI 5816bd3eab DynamicTablesPkg: AcpiSsdtPcieLibArm: Remove link device generation dc1118fa0d ArmVirtPkg: Add cspell exceptions 0dbd356983 ArmVirtPkg/Kvmtool: Add DSDT ACPI table 312ef7a0a4 ArmVirtPkg/Kvmtool: Add Configuration Manager 17a02163bd ArmVirtPkg/Kvmtool: Enable ACPI support 5b3c682d91 ArmVirtPkg/Kvmtool: Enable Acpiview 017564d637 ArmPkg/ArmMmuLib AARCH64: avoid EL0 accessible mappings 45b1612659 DynamicTablesPkg: Add Memory32Fixed function 007a95055b DynamicTablesPkg: Remove redundant cast in AmlCodeGenReturn 33189f0527 DynamicTablesPkg: Add AmlCodeGenMethodRetInteger function a4b7aa362d MdeModulePkg/Bus/Pci/PciBusDxe: Support platform PCI ROM override 6fb09da89f ShellPkg: Fix incorrect PPTT FlagName dereference c09dbc92e9 BaseTools/Conf: Add new macro for customizing dll file reduction. d4ac53aa91 BaseTools: Fix error leg in DscBuildData.py f78b937c95 MdeModulePkg/RuntimeDxe: clear mVirtualMapMaxIndex 96b8b5fd10 MdeModulePkg/UiApp: Fix spelling of 'FRONTPAGE' bd676f080a Maintainers.txt: add missing github IDs to OvmfPkf/Fdt reviewers 1f54eaa725 Maintainers.txt: update email for Leif Lindholm b360b0b589 Maintainers.txt: Update email address c9b7c6e0cc BaseTools: Update CLANG{35,38}_WARNING_OVERRIDES to ignore unused vars 42af706dfb BaseTools: Update brotli submodule 1193aa2dfb MdeModulePkg: update brotli submodule 85589ddbf6 OvmfPkg/VmgExitLib: Fix uninitialized variable warning with XCODE5 c28e376edc OvmfPkg/FvbServicesSmm: use the VmgExitLibNull 8a57673316 ShellPkg: Fix Ping GetTimerPeriod API failure b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite - Add amd-sev-es to the following descriptors because James Fehlig tested them (bsc#1196879): 60-ovmf-x86_64.json 60-ovmf-x86_64-2m.json 60-ovmf-x86_64-ms.json 60-ovmf-x86_64-2m-ms.json - Backported patches in ovmf-bsc1196879-sev-fix.patch for fixing SEV: de463163d9 OvmfPkg/AmdSev: reserve snp pages 63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea ------------------------------------------------------------------ ------------------ 2022-3-9 - Mar 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - commit e10650c - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - commit d02af4d - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - commit a01d77e - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - commit 80cb641 - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - commit e002527 - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - commit 08196a4 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - commit dd47f7b - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - commit 68439a4 - blacklist.conf: cleanup breaking kABI - commit a79d591 - blacklist.conf: cleanup breaking kABI - commit ec5c72f - blacklist.conf: cleanup breaking kABI - commit c887153 - blacklist.conf: cleanup breaking kABI - commit d93970a - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - commit a5449ea - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - Refresh patches.suse/PCI-mvebu-Do-not-modify-PCI-IO-type-bits-in-conf_wri.patch. - commit 389addb - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - commit d5ec48e - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - commit 6d1bad6 ++++ net-snmp: - Decouple snmp-mibs from net-snmp version to allow major version upgrade (bsc#1196955). ------------------------------------------------------------------ ------------------ 2022-3-8 - Mar 8 2022 ------------------- ------------------------------------------------------------------ ++++ haproxy: - (bsc#1196408) VUL-0: CVE-2022-0711: haproxy: Denial of service via set-cookie2 header o Apply upstream patch: 0001-BUG-MAJOR-http-htx-prevent-unbounded-loop-in-http_ma.patch ++++ hwdata: - Update to version 0.357 (bsc#1196332): + Updated pci, usb and vendor ids. ++++ kernel-default: - iwlwifi: mvm: don't crash on invalid rate w/o STA (git-fixes). - commit c6f1f37 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - commit 20abbb1 - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868). - commit ac61211 - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - commit 7ff92d6 - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - commit 3757e25 - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ wireless-tools: - Fix URLs (wireless-tools home page has been migrated to github.io) ++++ libnvme: - Update License information. The library is released under LGPL-2.1-or-later and not LGPL-2.1-only. ++++ ceph: - Update to 16.2.7-596-g7d574789716 + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) ++++ systemd: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) The script 'upgrade-from-pre-210.sh' used to initialize the default target during migration from sysvinit to systemd. However it created symlinks to runlevel targets, which are deprecated and might be missing when systemd-sysvcompat package is not installed. If such symlinks are found the script now renames them to point to 'true' systemd target units. - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. In most cases it will do the right thing anyway. - systemd.spec: minor simplification by assuming that %{bootstrap} is always defined. - Make sure to create 'systemd-coredump' system user when systemd-coredump is installed (follow-up for the split of the sysusers config files). ++++ libtirpc: - add option to enforce connection via protocol version 2 first (bsc#1196647) add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch ++++ libxml2: - Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling. ++++ libxml2-python: - Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling. ++++ slirp4netns: - security update - added patches fix CVE-2020-29130 [bsc#1179467], out-of-bounds access while processing ARP packets + slirp4netns-CVE-2020-29130.patch ++++ xkeyboard-config: - U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch * Backport French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) ++++ yast2: - Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326) - 4.4.46 ------------------------------------------------------------------ ------------------ 2022-3-7 - Mar 7 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.36.2: + When the list of plugins is not specified via "main.plugins" in NetworkManager.conf and no build-time default is set with "--with-config-plugins-default" configure argument, now all known plugins found in the plugin directory are loaded (and the built-in "keyfile" plugin is preferred over others). + Preserve external ports during checkpoint rollback. + Fix removal of ovsdb entry when an OVS interface goes away. + Fix DNS configuration for WWAN connections. ++++ kernel-default: - sr9700: sanity check for packet length (bsc#1196836). - commit 93a1690 - tracing: Fix return value of __setup handlers (git-fixes). - commit 70f4989 - tracing/histogram: Fix sorting on old "cpu" value (git-fixes). - commit c9173be - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490 bsc#1196830). - commit b6213c4 - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - commit e6bcfd5 - Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584) - commit 211dab3 - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - veth: fix races around rq->rx_notify_masked (git-fixes). - commit 60dae36 - Move upstreamed patches into sorted section - commit 1900045 ++++ gcc11: - drop armv5tel, merge arm and armv6hl - use --with-cpu rather than specifying --with-arch/--with-tune ++++ qemu: - Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch Makefile-fix-build-with-binutils-2.38.patch - qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch ++++ samba: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. ++++ yast2-trans: - Update to version 84.87.20220305.ba29422b84: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Swedish) * Translated using Weblate (Finnish) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Finnish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Finnish) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * New POT for text domain 'autoinst'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Slovak) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) ------------------------------------------------------------------ ------------------ 2022-3-6 - Mar 6 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.0.0~rc2 - Fix missing prompt in "shell" command [bsc#1196580] - Add output of tukit commands to log file - Fix compilation error with GCC12 [boo#1194876] - Fixed (non-critical) security review comments [boo#1196149] - Fixed selfupdate - Code cleanup ------------------------------------------------------------------ ------------------ 2022-3-5 - Mar 5 2022 ------------------- ------------------------------------------------------------------ ++++ gtk3: - Update to version 3.24.33: + No changes. ++++ open-iscsi: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). ++++ kernel-default: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - commit 81b566b ++++ expat: - Security fixes: * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict - Added expat-CVE-2022-25236-relax-fix.patch ------------------------------------------------------------------ ------------------ 2022-3-4 - Mar 4 2022 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Fix modprobe.d directory for SLE15 SP3 - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ grub2: - Support saving grub environment for POWER signed grub images (jsc#SLE-23854) * 0001-Add-grub_envblk_buf-helper-function.patch * 0002-Add-grub_disk_write_tail-helper-function.patch * 0003-grub-install-support-prep-environment-block.patch * 0004-Introduce-prep_load_env-command.patch * 0005-export-environment-at-start-up.patch - Use enviroment variable in early boot config to looking up root device * grub2.spec ++++ gtk3: - Update to version 3.24.32: + GtkCellRendererProgress: Use tabular figures. + GtkFontChooser: - Fix the build with older Pango. - Fix axis name handling. + Theme: Fix border color for tiled windows. + Accessibility: Fix cell accessible leak. + Wayland: - Support new high-contrast setting. - Only update scale when on any outputs. + Updated translations. ++++ ignition: - Remove /var/lib/YaST2/reconfig_system if a config was provided: * ignition-remove-reconfig_system.service - Add support for NetworkManager in dracut: * ignition-enable-network.service, ignition-enable-network.sh ++++ kernel-default: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - batman-adv: Don't expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - commit 81727a5 - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ util-linux: - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). ++++ wireless-tools: - install modprobe.conf files in %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ openssl-1_1: - Security fix: [bsc#1192820, CVE-2002-20001] * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE calculation. * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST * Rebase openssl-DEFAULT_SUSE_cipher.patch ++++ ceph: - Update to 16.2.7-577-g3e3603b5dd1 + Update prometheus-server version ++++ raspberrypi-firmware: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ raspberrypi-firmware-config: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ rust-keylime: - Add work_dir directory in /var/lib/keylime - Add subpackage rust-keylime-python to execute revocation payload in Python ++++ samba: - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). ++++ supportutils: - Changes to version 3.1.20 + Added command blkid #114 + Added s390x specific files and output #115 + Fix for invalid argument during updates (bsc#1193204) + Optimized conf_files, conf_files_text and log_cmd functions #118 + Fixed iscsi initiator name (bsc#1195797) + Added rpcinfo -p output #116 + Included /etc/sssd/conf.d configuration files #100 ++++ util-linux-systemd: - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). ------------------------------------------------------------------ ------------------ 2022-3-3 - Mar 3 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Support the dracut network-manager module ++++ containerd: - Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441 - Remove upstreamed patch: - CVE-2022-23648.patch ++++ kernel-default: - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - commit 6c02e38 - blacklist.conf: Add 51e50fbd3efc psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n - commit 5389513 - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 - kABI workaround for fxls8962af iio accel drivers (git-fixes). - commit dfedd1c - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - commit b45b17b ++++ util-linux: - Make uuidd lock state file usable and time based UUIDs safe again (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). - Fix "su -s" bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). ++++ Mesa: - baselibs.conf: readded mistakenly removed packages * Mesa-libVulkan-devel * Mesa-vulkan-device-select * Mesa-vulkan-overlay ++++ libnvme: - Update to version 1.0-rc5: * ioctl: Set lsp to action in nvme_get_log_persistent_event (bsc#1196121) * tree: Ignore traddr case in nvme_lookup_ctrl() (bsc#1194025) * fabrics: Do not swap bytes for system uuid (bsc#1196565) * documentation updates ++++ nvme-cli: - Update to version 2.0-rc5: * nvme: passthru bugfix(wrong jump, wrong file descriptor) * nvme-cli: Ignore traddr case (bsc#1194025) * nvme: fix segfault in nvme telemetry-log error handling * fabrics: ensure zero kato for non-persistent controllers * documenation updates ++++ sudo: - Add sudo-1.9.9-honor-T_opt.patch * the -T option of sudo does nothing even when 'Defaults user_command_timeouts' is present in the configuration. * [bsc#1193446] * Credit to Jaroslav Jindrak ++++ systemd-rpm-macros: - Bump version to 11 - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406) Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d... ++++ util-linux-systemd: - Make uuidd lock state file usable and time based UUIDs safe again (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). - Fix "su -s" bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). ------------------------------------------------------------------ ------------------ 2022-3-2 - Mar 2 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Add patch for CVE-2022-23648. bsc#1196441 + CVE-2022-23648.patch ++++ python-kiwi: - Stick to pytest v6.x.y Signed-off-by: David Cassany - Don't exit the script on deprecated function use (bsc#1196644) The "exit 0" there stops processing of the calling script with a success exit code, which leads to incomplete and broken images. ++++ kernel-default: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - commit 5aa7d3e - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-default-base: - Add binfmt_misc (boo#1196373) ++++ gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] ++++ systemd: - update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) * change scripts-udev-convert-rules.sh ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Add patch psmisc-22.21-semaphores.patch * Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Add patch psmisc-22.21-statx.patch * Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process at all (bsc#1194172) ++++ virt-manager: - bsc#1196202 - virt-install crashes on a time-of-check time-of-use (TOCTOU) race condition Resolved by upgrade to version 4.0.0 (jsc#SLE-18261) virt-manager-4.0.0.tar.gz - Other features and bug fixes (bsc#1027942) virt-install –os-variant/–osinfo is now a hard requirement for most cases Add ‘Enable shared memory’ UI checkbox (Lin Ma) add UI preference to default to UEFI for new VMs (Charles Arnold) Add virtiofs filesystem driver UI option Fill in all –cputune, –cpu, –shmem, –input, and –boot suboptions (Hugues Fafard) virt-* mdev improvements (Shalini Chellathurai Saroja) bhyve improvments (Roman Bogorodskiy) Revive network portgroup UI enable a TPM by default when UEFI is used (Daniel P. Berrangé) Use cpu host-passthrough by default on qemu x86 use virtio-gpu video for most modern distros Default to extra pcie root ports for q35 set discard=unmap by default for sparse disks and block devices We now require xorissofs for –location ISO We now use setuptools rather than just plain distutils - Add virtman-revert-use-of-AyatanaAppIndicator3.patch - Drop the following patches 0e15cd51-virt-manager-enable-MDEV-support.patch 143c6bef-virtinst-fix-error-message-format-string.patch 4d0e3232-virtinst-Fix-TOCTOU-in-domain-enumeration.patch 8bb64ad5-console-Dont-block-console-reconnect-for-non-error.patch 9363e1e6-virt-xml-add-support-for-mediated-devices.patch 965480e8-virt-install-add-mediated-device.patch 9d4002ee-tests-verify-MDEV-support.patch cf93e2db-console-fix-error-with-old-pygobject.patch d3c627f1-volumeupload-Use-1MiB-read-size.patch d9b5090e-Fix-forgetting-password-from-keyring.patch e7222b50-addstorage-Dont-pass-None-to-widget.set_active.patch f87e96d3-hostdev-use-method-get_mdev_uuid.patch fe8722e7-createnet-Remove-some-unnecessary-max_length-annotations.patch virtinst-graphics-add-check-for-qemu-modules-in-spice-graphic.patch virtman-add-firmware-preferences.patch virtman-legacy-bios-support.patch virtman-show-no-firmware-for-xenpv.patch ++++ yast2: - New doc: Invoking External Commands in YaST (in doc/) ------------------------------------------------------------------ ------------------ 2022-3-1 - Mar 1 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Remove obsolete openSUSE 12.2 conditionals in spec file - Clean up powerpc certificate handling. ++++ kernel-default: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes). - commit 368c894 ++++ kernel-default-base: - Add quota modules (bsc#1196585) - Add nfs layout modules ++++ Mesa: - autoselect libvulkan_intel package via hardware supplements on Intel GPUs - autoselect libvulkan_radeon package via hardware supplements on AMD GPUs - no longer install libvulkan_lvp package (lavapipe=Software Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages by default, i.e. no longer have libvulkan_intel/libvulkan_radeon and libvulkan_lvp packages installed at the same time (boo#1180522) - libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require Mesa-vulkan-device-select package, not the other way round! (baselibs.conf also adjusted) ++++ openssl-1_1: - FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch that were removed in the update to 1.1.1l [bsc#1185313] - FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num * Rebase openssl-DH.patch [bsc#1194327] - Merge openssl-keep_EVP_KDF_functions_version.patch into openssl-1.1.1-evp-kdf.patch - Add function codes for pbkdf2, hkdf, tls and ssh selftests. Rebase patches: * openssl-fips-kdf-hkdf-selftest.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch ++++ libseccomp: - add python-rpm-macros (bsc#1194758). ++++ osinfo-db: - Update to database version 20220214 osinfo-db-20220214.tar.xz ++++ patterns-microos: - make the salt_minion pattern visible - 5.2.1 ++++ rust-keylime: - Update to version 0.1.0+git.1645537954.2f1447d: * Make zmq an optional dependency * notifications_handler: Introduce /notifications/revocation REST endpoint * revocation: Move out revocation message processing * revocation: Make get_revocation_cert_path() public * Install systemd unit file ++++ suseconnect-ng: - Update to version 0.0.6~git9.33e5847: * Delegate free() calls back to Go (bsc#1195729) * Pass "insecure" to zypper addservice * Workaround system cert reloading after import (bsc#1195220) * Extract setupHTTPClient for easier reuse * Exit with code 64 on connection refused like Ruby ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#581 - always include bash -> sh links (jsc#SLE-18234) - 16.57.16 ------------------------------------------------------------------ ------------------ 2022-2-28 - Feb 28 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - add hide-pcp.patch to hide references to PCP (Performance Co-Pilot) and metric collection (bsc#1195943). The cockpit-pcp package is not included in SLE Micro 5.2 base and these parts require it. ++++ kernel-default: - Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC" (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5: DR, Don't allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - commit 9564d58 - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - commit bd2a633 - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - commit 2cd9b58 - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: don't return an error from nvme_configure_metadata (git-fixes). - commit c11b169 - x86/kvmclock: Fix Hyper-V Isolated VM's boot issue when vCPUs > 64 (bsc#1183682). - x86/kvm: Don't waste memory if kvmclock is disabled (bsc#1183682). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - commit fe9b9a8 - Drivers: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - commit 63ae3fa - pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - commit cf40913 ++++ kernel-firmware: - Update to version 20220224 (git commit 9cab94f59b23): * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406 * wfx: update to firmware 3.14 * wfx: add antenna configuration files * wfx: rename silabs/ into wfx/ * linux-firmware: update firmware for mediatek bluetooth chip(MT7921) * linux-firmware: Update firmware patch for Intel Bluetooth 8260 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Intel BT 7265: Fix Security Issues (CVE-2021-33139,CVE-2021-33155,INTEL-SA-00604,bsc#1195786) - Update license.txt for wfx - Temporary fix for WHENCE for wfx: wfx-WHENCE-fix.diff ++++ sssd: - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte; (bsc#1190775); (gh#SSSD/sssd#4893); Add patch 0001-ldap-ignore-unreadable-references.patch ++++ salt: - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Fix issues found around pre_flight_script_args - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Fix salt-call event.send with pillar or grains - Update generated documentation to 3004 - Added: * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch * state.orchestrate_single-does-not-pass-pillar-none-4.patch * prevent-shell-injection-via-pre_flight_script_args-4.patch * fix-salt-call-event.send-call-with-grains-and-pillar.patch ++++ yast2-trans: - Update to version 84.87.20220227.6bd7ce0ef2: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2022-2-27 - Feb 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - commit d9a821b ------------------------------------------------------------------ ------------------ 2022-2-26 - Feb 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - commit c407884 - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - Revert "USB: serial: ch341: add new Product ID for CH341A" (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - commit f19b8b6 - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - commit dbb24c6 - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - commit d2c23ea ++++ python3-core: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ sqlite3: - update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like "--wrap N", "--wordwrap on", and "--quote" to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON ++++ python3: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ------------------------------------------------------------------ ------------------ 2022-2-25 - Feb 25 2022 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Add support for zstd, needed to inspect kernel modules (bsc#1196510) ++++ kernel-default: - Update kabi files. - commit c453b5c - blacklist.conf: 03ee5956781b drm/i915/ttm: only fault WILLNEED objects - commit dbdf3fe - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - commit 609b3e3 - drm/i915: Widen the QGV point mask (git-fixes). - commit b495032 ++++ libcap: - Use "or" in the license tag to avoid confusion (bsc#1180073) ++++ libsolv: - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime - bump version to 0.7.21 ++++ yast2-trans: - Leap 15.4 Beta translations poo#99990 bump to version 84.87.20220224.fc95951c18: * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * New POT for text domain 'registration'. * New POT for text domain 'nis_server'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * New POT for text domain 'installation'. * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Ukrainian) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Spanish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Spanish) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (French) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (German) * Translated using Weblate (Catalan) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Finnish) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Vietnamese) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) ------------------------------------------------------------------ ------------------ 2022-2-24 - Feb 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.36.0: + The handling of Layer 3 configurations has been substantially reworked. While this is mostly internal change, it results in more robust behavior when addressing information from multiple sources (DHCP, manually configured, VPN) need to be applied simultaneously. Overall performance and memory use have also slightly improved. + Manually configured addresses can no longer expire even if the same addresses are also obtained dynamically. + Code for systemd-based DHCP and DHCPv6 clients has been updated from upstream. + NTP servers obtained via DHCPv6 are now exposed on the DBus API, visible in nmcli and available for use by dispatcher scripts. + 5G NR (New Radio) modems are now supported. + The "rd.znet_ifnames" kernel command line option is now honored on network bootups on an IBM s390 platform. + Wi-Fi P2P support does now work with the IWD backend, in addition to wpa_supplicant backend. + Support for special route types have been added: "prohibit", "blackhole" and "unreachable". + Routes managed by routing daemons are now ignored. This is done to address a performance bottleneck on specialized routers. + Handling of IP addressing and routing information is now slightly more efficient and uses less memory. This is apparent on systems with large amount of IP configuration information. + It is now possible to start NetworkManager without root user privileges. This is experimental doesn't necessarily result in a working daemon. NetworkManager service already drops many of capabilities available to the root user. + WPA3 Wi-FI network security have been improved by enabling new H2E (hash to element) method for generating SAE password element. + It is now possible to select the default Wi-Fi backend (wpa_supplicant or IWD) at build-time. + Replies from broken DHCP servers that send duplicate address or mask options are now handled gracefully. + Bridge support has gained the possibility of turning off MAC ageing. + "configure-and-quit" mode and nm-iface-helper have been removed. + A number of bugs that could cause NetworkManager to crash in rare conditions have been fixed. - Drop pkgconfig(libteam) BuildRequires and stop passing teamdctl=true to meson: No longer build teamdctl support. - Drop patches fixed upstream: + 4685651e7671e064b911a3a05f096908e5ef0580.patch + 471e987add98b36520ece72ee493176fc7bc863c.patch + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch + 634e023e72d4729788a022ea1fae665af28d1b0f.patch + aadf0fb64f491f94b2771058621dc140c562b62b.patch - Drop nm-dhcp-use-valid-lease-on-timeout.patch: Patch was rejected upstream. - Rebase patches with quilt. ++++ kernel-default: - mm/page_alloc: Do not prefetch buddies during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - commit 40059fa - Move upstreamed SCSI fix into sorted section - commit c28a141 - bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1196261 CVE-2022-0500). - bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem (bsc#1196261 CVE-2022-0500). - bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM (bsc#1196261CVE-2022-0500). - bpf: Convert PTR_TO_MEM_OR_NULL to composable types (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Introduce MEM_RDONLY flag (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - Refresh patches.suse/bpf-Fix-out-of-bounds-access-for-ringbuf-helpers.patch. - Refresh patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. - bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch. - Refresh patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. - bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Introduce composable reg, ret and arg types (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 4db4b9b - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - commit 91cec19 - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: send uevent on connection up (jsc#SLE-23643). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: send uevent on connection up (jsc#SLE-23643). - commit d19ac19 - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - lib/iov_iter: initialize "flags" in new pipe_buffer (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - drm/atomic: Don't pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems" (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - drm/amdgpu: fix logic inversion in check (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - commit 680fa3f ++++ systemd: - Fix a regression caused by the split of the sysusers config files shipped by systemd (bsc#1196322) Calls to %sysusers_create were not updated accordingly. ++++ libzypp: - Hint on ptf<>patch resolver conflicts (bsc#1194848) - version 17.29.5 (22) ++++ pam: - Define _pam_vendordir as "/%{_sysconfdir}/pam.d" The variable is needed by systemd and others. [bsc#1196093, macros.pam] ++++ zypper: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) - version 1.14.52 ------------------------------------------------------------------ ------------------ 2022-2-23 - Feb 23 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update -addon-azure to 1.0.2 (bsc#1196305) + The is-registered() function expects a string of the update server FQDN. The regionsrv-enabler-azure passed an Object of type SMT. Fix the call in regionsrv-enabler-azure. - Update -plugin-azure to 2.0.0 (bsc#1196146) + Lower case the region hint to reduce issues with Azure region name case inconsistencies ++++ kernel-default: - Update patches.suse/powerpc-kexec_file-Add-KEXEC_SIG-support.patch (jsc#SLE-18145 bsc#1192295 bsc#1195993 jsc#SLE-18138). Use the secondary keyring rather than platform keyring for KEXEC_SIG on powerpc. Platform keyring is not available on powerpc. - commit 78a342a - udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079 CVE-2022-0617). - commit 0553b1c - udf: Fix NULL ptr deref when converting from inline format (bsc#1196079 CVE-2022-0617). - commit 1523b04 - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - Update config files. - commit d62343d - arch/x86/mm/numa: Do not initialize nodes twice (bsc#1195752 bsc#1196248). - commit a9cb651 - sfc: Use swap() instead of open coding it (bsc#1196306). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - commit dd06e3b - Delete ACPI patch that broke s2idle (bsc#1196213) Deleted: patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch A new kABI compat patch was added instead - Delete ACPI patches that broke s2idle (bsc#1196213) Deleted: patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch patches.suse/ACPI-PM-s2idle-Cancel-wakeup-before-dispatching-EC-G.patch A new kABI compat patch was added instead - commit 99c6bc9 ++++ libslirp: - security update - added patches fix CVE-2021-3592 [bsc#1187364], invalid pointer initialization may lead to information disclosure (bootp) + libslirp-CVE-2021-3592.patch fix CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to information disclosure (udp) + libslirp-CVE-2021-3594.patch fix CVE-2021-3595 [bsc#1187366], invalid pointer initialization may lead to information disclosure (tftp) + libslirp-CVE-2021-3595.patch ++++ systemd: - %_pam_vendordir is still wrong on SLE, let's define our own definition for now. ++++ samba: - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). ------------------------------------------------------------------ ------------------ 2022-2-22 - Feb 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/64s/hash: Make hash faults work in NMI context (bsc#1195655 ltc#1195655). - commit 9801a29 - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - commit 06289db ++++ libnvme: - Update to version 1.0-rc4: * fabrics: add default port number for NVMe/TCP I/O controllers * linux: Update size when telemetry controller initiated data is unavailable * add cdw13 for set_feature_args structure * Add support for TP8010 * Documentation cleanups ++++ python3-core: - Add patch support-expat-245.patch: * Support Expat >= 2.4.5 ++++ systemd: - Add in quarantine the following patches: 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch They might help with predictable network device naming issues. They will be moved to the git repo if nothing wrong happens. - Import commit d150ab3db99dea63a546567b3227baf0d85e4265 (merge of v249.10) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/26736aafa1df67d222fe46c54bf74b5c7a44d8a1...d150ab3db99dea63a546567b3227baf0d85e4265 - Import commit 26736aafa1df67d222fe46c54bf74b5c7a44d8a1 8973cb2462 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23866) ++++ nvme-cli: - Update to version 2.0-rc4: * netapp-nvme: free the nsdescs pointer after use * netapp-nvme: fix ontapdevices segfault in json output * nvme-print: fix 'nvme list -o json' segfault * nvme: get_ns_id command fails on nvme device * wdc: updated products list for telemetry (--type) argument * docs: fix typo in Data Set Management section * Fix ctrlist for attach-ns and detach-ns * netapp-nvme: fix nvme ns desc uuid handling for ontapdevices * wdc: Fix use-after-free access of cbs_data * Fixed regression with 'open namespace exclusive' (bsc#1195945) ++++ python3: - Add patch support-expat-245.patch: * Support Expat >= 2.4.5 ++++ rust-keylime: - Update to version 0.1.0+git.1645023877.811a869: * Make clippy happy. * Add a --help message. * Depend on Rust-TSS-ESAPI 7.0.0 stable * main: Return error on initialization if python shim is missing * common: Add hardcoded config defaults for revocation * main: Add execution permissions to revocation actions * revocation: Log revocation actions output * revocation: Fix get_revocation_cert_path() comment * gitignore: Add filters for some temporary files * revocation: Do not ignore revocation actions from config * revocation: Implement python actions support * tests: Implement proof-of-concept python shim * revocation: Implement lookup_action() function * common: Add revocation actions configurations * revocation: Enforce local action naming restriction * revocation: Remove duplicate logger initialization * crypto: unfiy import_x509 and load_x509 * update Cargo.lock * common: update API version to v2.0 * tpm: drop zlib compression in quotes * run agent webserver with mTLS enabled and add mtls_cert to registrar * crypto: load and generate X509 certificates, mTLS context generation * keylime.conf: add setting for Keylime CA * Bump tss-esapi crate to 7.0.0-beta.1 * Update to fix typo * Use Path and PathBuf consistently to represent paths * Bump versions of some dependencies * quotes_handler: Check quotes in tests * tpm: Remove hard-coded struct sizes with std::mem::size_of * tpm: Let compiler to infer arch-dependent integer types * Use CString as the first argument of libc::chown * keys_handler: Add API to get public key (#284) * crypto: Fix algorithms used for revocation signature (#275) * revocation: Use revocation certificate set by configuration (#300) * common: Add revocation_cert to the global configuration structure * ima_emulator: Fix running hash calculation on resumption * keys_handler: Add test with encrypted payload * main: Use condition variable to wait for payload encryption key * main: Use Option to represent a combined key * main: Redefine KeySet as a vector * keys_handler, main: Move crypto operations to crypto module * keys_handler: Make use of type safe payload deserialization * Remove unused imports * Remove duplicate CODEOWNERS file * Remove panic when running rev action * move global configuration into a single struct * Add codeowners ------------------------------------------------------------------ ------------------ 2022-2-21 - Feb 21 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add upstream bug fix patches: + 4685651e7671e064b911a3a05f096908e5ef0580.patch: glib-aux: fix nm_ref_string_equal_str() Fix comparison with a NULL string + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch: libnm/tests: fix maybe-uninitialized warning in "test-setting" + aadf0fb64f491f94b2771058621dc140c562b62b.patch: libnm/tests: fix maybe-uninitialized warning in "test-libnmc-setting" + 471e987add98b36520ece72ee493176fc7bc863c.patch: device: initialize nm_auto variable in _ethtool_features_reset() + 634e023e72d4729788a022ea1fae665af28d1b0f.patch: glib-aux: workaround maybe-uninitialized warning with LTO in nm_uuid_generate_from_string_str() ++++ cyrus-sasl: - CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036) o add upstream patch: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch ++++ kbd: - Fix build without %_distconfdir (see bsc#1195679) ++++ kernel-default: - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - Revert "mm/gup: small refactoring: simplify try_grab_page()" (git fixes (mm/gup)). - commit 6ff1bff - Refresh patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch. Update upstream git commit ID. - commit 1f491cb - Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235) - commit 1003159 - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - commit 0ec0c5d - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - commit dfd4bbb - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: qcom-cci: don't put a device tree node before i2c_add_adapter() (git-fixes). - i2c: qcom-cci: don't delete an unregistered adapter (git-fixes). - commit 06371e5 - supported.conf: move kmem and dax_hmem to support list Moved kmem and dax_hmem to support list. (bsc#1195953) - commit fdf232f ++++ expat: - Security fixes: * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs - Added expat-CVE-2022-25236.patch * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context. - Added expat-CVE-2022-25235.patch * (CVE-2022-25313, bsc#1196168) Stack exhaustion in build_model() via uncontrolled recursion - Added expat-CVE-2022-25313.patch - The fix upstream introduced a regression that was later amended in 2.4.6 version + Added expat-CVE-2022-25313-fix-regression.patch * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString - Added expat-CVE-2022-25314.patch * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames - Added expat-CVE-2022-25315.patch ++++ sg3_utils: - Update to version 1.47+4.82fb156: * rescan_scsi_bus.sh: restore numeric ordering of hosts (bsc#1196244) ++++ sssd: - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common to fix bsc#1182058 and baselibs.conf was not updated accordingly; (bsc#1196166); ++++ systemd: - Fix build if %_distconfdir is not defined (see bsc#1195679) ++++ selinux-policy: - Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987) ++++ swtpm: - Update to version 0.5.3 - swtpm: - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) - Fix --print-capabilities for 'swtpm chardev' - swtpm_localca: - Test for available issuercert before creating CA - swtpm_cert: - Rename deprecated libtasn1 types - man pages: - Update the doc of the flag to connect to TPM via UnixIO socket ++++ systemd-presets-branding-SMO: - enable transactional-update-cleanup.timer (required by transactional-update 4.0.0) ++++ toolbox: - adjusted the patch to the toolbox container in registry ------------------------------------------------------------------ ------------------ 2022-2-20 - Feb 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-firmware: - Update to version 20220218 (git commit c53073d4e148): * rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A * rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D * rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D * amdgpu: Update yellow carp firmware from 21.50 * amdgpu: Update vega20 firmware from 21.50 * amdgpu: Update vega12 firmware from 21.50 * amdgpu: Update vega10 firmware from 21.50 * amdgpu: Update vangogh firmware from 21.50 * amdgpu: Update renoir firmware from 21.50 * amdgpu: Update raven2 firmware from 21.50 * amdgpu: Update raven firmware from 21.50 * amdgpu: Update picasso firmware from 21.50 * amdgpu: Update beige goby firmware from 21.50 * amdgpu: Update dimgrey cavefish firmware from 21.50 * amdgpu: Update navy flounder firmware from 21.50 * amdgpu: Update sienna cichlid firmware from 21.50 * amdgpu: Update navi14 firmware from 21.50 * amdgpu: Update navi12 firmware from 21.50 * amdgpu: Update navi10 firmware from 21.50 * amdgpu: Update cyan skillfish2 firmware from 21.50 * amdgpu: Update green sardine firmware from 21.50 * amdgpu: Update arcturus firmware from 21.50 * amdgpu: Add aldebaran firmware from 21.50 * LICENSE.amdgpu: update copyright date * linux-firmware: Update AMD cpu microcode * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: Amphion: Add VPU firmwares for NXP i.MX8Q SoCs * i915: Add DMC firmware v2.16 for ADL-P * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.7 - Add entry for amphion - Update spec template - Update aliases ------------------------------------------------------------------ ------------------ 2022-2-19 - Feb 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: don't leak PM reference in error path (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - commit 0bb3bde - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - commit 5c27957 - Move upstreamed sound fixes into sorted section - commit 651a728 ------------------------------------------------------------------ ------------------ 2022-2-18 - Feb 18 2022 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Update to version 1.18.6: + The ModemManager.service file for systemd integration provided in the sources is updated as follows: ++ 'CAP_NET_ADMIN' is now required in the 'CapabilityBoundingSet' field. ++ 'AF_NETLINK' and 'AF_QIPCRTR' are now required in the 'RestrictAddressFamilies' field. + The LEGACY and PARANOID filter types that were allowed options in the '--filter-policy' option in the ModemManager daemon were deprecated in version 1.16.0 and have now been completely removed, along with the vid:pid blacklist of devices and the vid:pid greylist of RS232<->USB adapters. + The ModemManager daemon can run now in a 'quick suspend/resume' mode, in which no explicit data disconnection is triggered on suspend, and no explicit device re-probing from scratch is launched on resume. Instead, the daemon will try to refresh the state of all interfaces upon suspend, e.g. to see if the module keeps registered to the same operator, to see if it is still connected, and so on. + core: added support for the new 'WWAN' subsystem in Linux kernel 5.13, enabling PCIe-only modules. + core: The charset conversion methods rework, including the avoiding of the iconv() + qmi: the logic managing allowed/preferred modes was fixed for multimode devices like the MC7304, making sure the acquisition order preference always had the same items. + serial: when modem is connected with AT+PPP, ignore forced disconnections, so that we don't take ownership of the PPP port before pppd has released it. + foxconn: added support for the T99W175 (SDX55) module, including built-in FCC unlock procedure. + foxconn: added new MBIM QDU firmware update method. - Move the dbus-1 system.d file to /usr (bsc#1196170) - Use source verification - Update Supplements to new format - Add BRs needed for new tests: * python3-gobject-Gdk * python3-dbus-python ++++ NetworkManager: - Use meson LTO setup as NM makes changes to CFLAGS ++++ distribution-logos-openSUSE: - Fix the obsoleted and provided versions of the old systemd logo branding package ++++ dracut: - Update to version 055+suse.238.gacab0df5: * fix(cpio): correct dev_t -> rmajor/rminor mapping (bsc#1195808) * ci(cpio): add test_archive_dev_maj_min (bsc#1195808) * ci(cpio): add TempWorkDir.create_tmp_mknod helper (bsc#1195808) ++++ kernel-default: - Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155) - commit 97dc820 - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - commit c52c801 - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (bsc#1195501) - commit 21498fa - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - iwlwifi: mvm: don't send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - commit 73136b7 - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - commit 2b4dffe ++++ rdma-core: - Add srp_daemon-Detect-proper-path-to-systemctl.patch to fix path to systemctl (bsc#1195874) ++++ libvirt: - libxl: Fix libvirtd crash on domain restore 454b927d-libxl-fix-dom-restore.patch bsc#1196115 ++++ qemu: - Include vmxcap in the qemu-tools package (is being very useful for debugging bsc#1193364) - The qemu package should require qemu-x86, qemu-arm, etc, as there's no point installing it without _any_ of them. Additionally, right now, the user does not get a working qemu, if recommended packages are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087 - Give clearer instructions on how to modify the package patches from the output of update_git.sh (docs change only, no functional change) - qemu,kvm: potential privilege escalation via virtiofsd (bsc#1195161, CVE-2022-0358) * Patches added: virtiofsd-Drop-membership-of-all-supplem.patch * Patches added: block-backend-Retain-permissions-after-m.patch iotest-065-explicit-compression-type.patch iotest-214-explicit-compression-type.patch iotest-302-use-img_info_log-helper.patch iotest-303-explicit-compression-type.patch iotest-39-use-_qcow2_dump_header.patch iotests-60-more-accurate-set-dirty-bit-i.patch iotests-bash-tests-filter-compression-ty.patch iotests-common.rc-introduce-_qcow2_dump_.patch iotests-declare-lack-of-support-for-comp.patch iotests-drop-qemu_img_verbose-helper.patch iotests-massive-use-_qcow2_dump_header.patch iotests-MRCE-Write-data-to-source.patch iotests.py-filter-out-successful-output-.patch iotests.py-img_info_log-rename-imgopts-a.patch iotests.py-implement-unsupported_imgopts.patch iotests.py-qemu_img-create-support-IMGOP.patch iotests.py-rewrite-default-luks-support-.patch iotests-specify-some-unsupported_imgopts.patch qcow2-simple-case-support-for-downgradin.patch tests-qemu-iotests-Fix-051-for-binaries-.patch ++++ vim: - Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0413.patch - Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c / vim-8.0.1568-CVE-2021-3796.patch - Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch - Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch - Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch - Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch - Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch - Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c / vim-8.0.1568-CVE-2021-3778.patch - Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read / vim-8.0.1568-CVE-2021-4193.patch - Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch - Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch - Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() / vim-8.0.1568-CVE-2022-0351.patch - Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch - Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c / vim-8.0.1568-CVE-2022-0413.patch ------------------------------------------------------------------ ------------------ 2022-2-17 - Feb 17 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - remove avahi-mono* subspecfiles, they are no longer required by anything. this makes the spec file slightly more readable. ++++ dracut: - Update to version 055+suse.234.gbdaf66ff: * fix(tpm2-tss): install SUSE specific files (bsc#1195984) * fix(systemd-sysusers): override systemd-sysusers.service (bsc#1195983) ++++ librsvg: - Update to version 2.52.6: + Fix incorrect text rendering when text has different scales in the X/Y axes. This regressed after librsvg 2.52.5, when Pango had to revert its fix for the same bug. Now librsvg renders all text as paths, and does the scaling itself. Please file a bug if you have evidence that this presents a performance problem for you. ++++ jeos-firstboot: - Update to version 1.1.1.0: * Drop use of /var/log/jeos * Avoid "Terminated console_subproc" message from wait * Skip broken consoles (bsc#1195975) ++++ kernel-default: - Update kabi files. Update after the nvme-fc map_queues callback addition. - commit ba2de57 - Update patch reference for USB gadget fix (CVE-2022-25258 bsc#1196095) - commit 8127da0 - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch Also update blacklist - commit dd99303 - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - commit 87ae6f4 - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - commit ca196b7 - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - commit 799343b - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - commit 13bf810 - nvme-fc: add support for ->map_queues (bsc#1195823). - commit f890a27 - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - commit f8ddb24 - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - commit 155b588 - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - Refresh patches.suse/thermal-drivers-int340x-Fix-RFIM-mailbox-write-comma.patch. - Refresh patches.suse/thermal-drivers-int340x-processor_thermal-Suppot-64-.patch. - commit 13f8316 - mmc: block: fix read single on recovery logic (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured" (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - commit 8276a70 ++++ systemd: - Always create systemd-network system user, even if systemd-networkd is not installed (bsc#1195559) - Don't rely on %{_distconfdir}, it's broken on SLE (bsc#1195998) ++++ ovmf: - Sort file lists for reproducible build results ++++ suse-build-key: - extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - extended expiry of SUSE SLES11 key (bsc#1194845) - added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#576 - use signed grub.elf on ppc64 (bsc#1196070) - 16.57.15 ++++ yast2: - do not strip surrounding white space in CDATA XML elements (bsc#1195910) - 4.4.45 ------------------------------------------------------------------ ------------------ 2022-2-16 - Feb 16 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - Replace avahi-0.6.31-systemd-order.patch with avahi-add-resolv-conf-to-inotify.patch: re-read configuration when resolv.conf changes, per discussion on the bug (boo#1194561). ++++ growpart-generator: - Get the parent device with lsblk - Improve the partition number extraction to work with device names containing multiple numbers (bsc#1196101) ++++ kernel-default: - Refresh patches.suse/mm-page_alloc-Fetch-the-correct-pcp-buddy-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Free-pages-in-a-single-pass-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Limit-number-of-high-order-pages-on-PCP-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Simplify-how-many-pages-are-selected-per-pcp-list-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Track-range-of-active-PCP-lists-during-bulk-free.patch. - commit 7ca072e - sched/preempt: Tell about PREEMPT_DYNAMIC on kernel headers (bsc#1194889). - commit 1c083dc - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - commit f1ccb25 - Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch - commit 563eb84 - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - commit 5a50415 - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - commit a0f28e5 - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - commit e4cd5bb - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - commit dff7f20 - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - commit d46bad1 - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - commit a185abb - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - commit e9e3cbc - selftests: kvm: Remove absent target file (git-fixes). - commit a89d5ba - mm/page_alloc: Limit number of high-order pages on PCP during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Free pages in a single pass during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Drain the requested list first during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Simplify how many pages are selected per pcp list during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Track range of active PCP lists during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Fetch the correct pcp buddy during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - commit a445f59 - tracing: Don't inc err_log entry count if entry allocation fails (git-fixes). - commit dea8cf9 - mm/khugepaged: disable READ_ONLY_THP_FOR_FS (bsc#1195774). - commit c4a885b - tracing: Propagate is_signed to expression (git-fixes). - commit 165e9d8 - blacklist.conf: b59f2f2b865c ("tracing: Fix smatch warning for do while check in event_hist_trigger_parse()") Cosmetic only. - commit 903ff8e - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - commit baca8c4 - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - commit 6c74ba2 - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - commit 2931b4d - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - commit ea76821 ++++ multipath-tools: - Update to version 0.8.8+64+suse.f265f7e0: * libmultipath: fix printing native nvme multipath topology (bsc#1196011) * libmultipath: add %L path wildcard for 64-bit hex LUN * libmultipath: support host adapter name lookup for s390x ccw bus ++++ mdadm: - Monitor: print message before quit for no array to monitor (bsc#1183229) 0120-Monitor-print-message-before-quit-for-no-array-to-mo.patch ++++ qemu: -Backport patch from upstream, bsc#1194063 CVE-2021-4158 * Patches added: acpi-validate-hotplug-selector-on-access.patch ++++ sudo: - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) * feature-upstream-restrict-sudo-U-other-l.patch ++++ yast2: - Keep the user defined $Y2STYLE and $XCURSOR_THEME environment variables, allow changing the installer theme via these environment variables (related to jsc#SLE-20547) - 4.4.44 ------------------------------------------------------------------ ------------------ 2022-2-15 - Feb 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - commit e2c5ef4 - f2fs: fix to do sanity check on inode type during garbage collection (CVE-2021-44879 bsc#1195987). - commit 6e1c3da - tipc: improve size validations for received domain records (bsc#1195254, CVE-2022-0435). - commit 8dead82 - brcmfmac: firmware: Fix firmware loading (bsc#1195501) - commit 01c98dd - brcmfmac: firmware: Allow per-board firmware binaries (bsc#1195501) - commit 4c87ae7 - Delete patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch (bsc#1196589). We did not have enough time to stablize ADL-P graphics so restore the experimental flag. - Delete patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch. We did not have enough time to stablize ADL-P graphics so restore the experimental flag. - commit 0cc030f - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959 bsc#1195897). - commit 5e032d3 - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - commit 0c858b7 - NFSD: Fix READDIR buffer overflow (git-fixes bsc#1196346). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Don't skip directory entries when doing uncached readdir (git-fixes). - NFS: Don't overfill uncached readdir pages (git-fixes). - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFS: Ensure the server has an up to date ctime before hardlinking (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (git-fixes). - NFS: don't store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - nfsd: fix crash on COPY_NOTIFY with special stateid (git-fixes). - Revert "nfsd: skip some unnecessary stats in the v4 case" (git-fixes). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (git-fixes). - commit a149497 - Refresh patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch. Add upstream commit - commit f607fe3 ++++ multipath-tools: - Update to version 0.8.8+60+suse.4c5922cb: * multipathd: add suppport for FC Fabric Performance Impact Notifications (FPIN) (bsc#1195506) ------------------------------------------------------------------ ------------------ 2022-2-14 - Feb 14 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.230.g3fdde49a: * fix(dasd_rules): correct udev dasd rules parsing (bsc#1195309) * revert(lvm): remove 69-dm-lvm-metad.rules (bsc#1195604) ++++ open-iscsi: - Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains bug fixes and cleanups. See the Changelog for more details. ++++ kernel-default: - Update kabi files. - commit f6a01f9 - usb: gadget: clear related members when goto fail (CVE-2022-24958 bsc#1195905). - usb: gadget: don't release an existing dev->buf (CVE-2022-24958 bsc#1195905). - commit eaa2838 - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with pool->migrate_lock (bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). - commit e42cd64 - Move upstreamed i915 and ibmvnic patches into sorted section - commit a7ec0e0 - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: usb-audio: Don't abort resume upon errors (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - commit eaeb544 - moxart: fix potential use-after-free on remove path (bsc#1194516 CVE-2022-0487). - commit 4e8eccc - brcmfmac: use separate firmware for 43430 revision 2 (bsc#1195501) - commit 5b616d7 - memcg: do not tweak node in alloc_mem_cgroup_per_node_info (bsc#1195752). - mm: make free_area_init_node aware of memory less nodes (bsc#1195752). - mm, memory_hotplug: reorganize new pgdat initialization (bsc#1195752). - mm, memory_hotplug: drop arch_free_nodedata (bsc#1195752). - mm: handle uninitialized numa nodes gracefully (bsc#1195752). - mm, memory_hotplug: make arch_alloc_nodedata independent on CONFIG_MEMORY_HOTPLUG (bsc#1195752). - commit 8bbe670 - cpuidle: menu: Bias selection of a shallower c-state when CPU idles for IO (bnc#1193353). - commit 3f1a503 - nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - commit ed38bd2 ++++ libqmi: - update to 1.30.4: * * meson: switch to use the new python module in meson. * * meson: added a new boolean 'man' option in the meson setup to explicitly enable or disable building the man pages. * * meson: removed the option to detect if rmnet is supported. * * meson: multiple updates to use newer meson features like install_dir(), install_mode() or summary(). * * meson: options 'mbim_qmux' and 'qrtr' are enabled by default and must be explicitly disabled if they're not needed, there is no attempt to autodetect whether they can be enabled or not. * qmi-proxy: * * Remove assert when attempting to close ghost device. * qmi-firmware-update: * * Use defaults if FLASH variables not reported, enabling support to flash the new Sierra Wireless EM9190 and EM9191 modules. * Several other minor improvements and fixes. ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Determine the namespace of a process only once to speed up the parsing of fdinfo (bsc#1194172). ++++ rpm-config-SUSE: - Remove definition of _distconfdir, as this should not be defined for SLE-15. Else this will conflict with our non-usr-merged environment and cause problems with transactional-update, openssh and other packages (bsc#1195679) ++++ samba: - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). ++++ yast2-trans: - Update to version 84.87.20220211.620fde21a3: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 's390'. * New POT for text domain 'dns-server'. * Translated using Weblate (Turkish) * New POT for text domain 'packager'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'nfs'. * New POT for text domain 'network'. ------------------------------------------------------------------ ------------------ 2022-2-13 - Feb 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - commit 1b423e6 - static_call: Fix tools headers (bsc#1194975). - commit e04353c ++++ harfbuzz: - update to 3.4.0: + Perform sanity checks on shaping results is now part of “harfbuzz” library and can be enabled by setting the buffer flag HB_BUFFER_FLAG_VERIFY + Arabic Mark Transient Reordering Algorithm have been updated to revision 6 + ISO 15924 code for mathematical notation, ‘Zmth’, now maps to the OpenType ‘math’ tag + It is now possible to get at once all math kerning values for a given glyph at a given corner + Fix locale_t portability issues on systems the typedef’s it to a void pointer ------------------------------------------------------------------ ------------------ 2022-2-12 - Feb 12 2022 ------------------- ------------------------------------------------------------------ ++++ glib2-branding-openSUSE: - Drop gnome-documents from favorite-apps for both openSUSE and SLED, package is archived upstream. ++++ kernel-default: - arm64: Add Cortex-A510 CPU part definition (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - commit 1fd20fb ------------------------------------------------------------------ ------------------ 2022-2-11 - Feb 11 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Port bash-sh package approach back to SLE-15-SP4 (jsc#SLE-18234) ++++ glib2: - Update to version 2.70.4: + Bugs fixed: glgo#GNOME/GLib!2462 “Fix memory leak in gio/gdbusauthmechanismsha1.c” to glib-2-70. + Updated translations. ++++ kernel-default: - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - commit bb988d4 - BTF: Don't break ABI when debuginfo is disabled (jsc#SLE-18805). This makes re-enabling BTF for modules possible once fix for bsc#1194501 is available. - commit afc52cd - Revert "Update config files: disable DEBUG_INFO_BTF_MODULES (bsc#1194501)." This reverts commit b07bf3e61cc5aa7a5cd1b9b5289bc10db746a416. - commit 6f689d6 - constraints: Also adjust disk requirement for x86 and s390. - commit 9719db0 - constraints: Increase disk space for aarch64 - commit 09c2882 - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - commit 68e8f68 ++++ libnvme: - Update to version v1.0-rc3: * Properly create manuals/documentation * Fix memleaks in __nvme_free_ns() and nvme_scan_subsystem() * nvme: get log domain id included in Log Specific Identifier * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns * ioctl: Add identify ioctl for CNS 09h, 0Ah * nvme: Add Enhanced Controller Meta Data(FID: 0x7D) * nvme: Add Supported Capacity Configuration List log page(LID: 0x11) * tree: do not set dhchap_key to 'none' * tree: restart controller lookup * tree: fixup memory leak in nvme_scan_ctrl() * Rename nvme_path_get_subsystem() * Remove nvme_reset_topology() - Use precompiled documentation instead regenerating it ++++ openssl-1_1: - Pull libopenssl-1_1 when updating openssl-1_1 with the same version. [bsc#1195792] ++++ makedumpfile: - Turn on zstd in Tumbleweed. ++++ nvme-cli: - Update to version v2.0-rc3: * nvme-print: Fix json output for list-subsys * nvme: Allow --verbose flag to increase log level * Added telemetry log fetch support for SN810, SN530 and SN740 series NVMe SSDs through wdc vs-internal-log command * nvmf: Remove --matching from systemd service file (bsc#1195665) * nvme: Fix --force flag inversion (bsc#1195637) * nvme: Add support for data area 4 to get-telemetry-log * nvme: Add Supported Capacity Configuration List log page(LID: 0x11) * nvme: Add Enhanced Controller Meta Data(FID: 0x7D) * nvme-print: Add NVME_FEAT_FID_ENH_CTRL_METADATA to nvme_feature_to_string * nvme-print: remove unused nvme_show_id_ctrl function * nvme: Add nvm-id-ns-lba-format(CNS 0Ah) command from TP4095 * nvme: Add NVM Command Set specific identify namespace command * nvme: Add id-ns-lba-format(CNS 09h) command from TP4095 * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns - Include precompiled documentation ++++ update-alternatives: - break bash <-> update-alternatives cycle by coolo's rewrite of %post in lua [bsc#1195654] ------------------------------------------------------------------ ------------------ 2022-2-10 - Feb 10 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog - remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff - refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch ++++ grub2: - Set grub2-check-default shebang to "#!/bin/bash", as the the code uses many instructions which are undefined for a POSIX sh. (boo#1195794). ++++ kernel-default: - KVM: s390: Return error on SIDA memop on normal guest (bsc#1195516 CVE-2022-0516). - commit 3db2d99 - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - commit 9b78867 ++++ libapparmor: - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog - remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff - refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch ++++ gcc11: - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] ++++ podman: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost ++++ wpa_supplicant: - Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch, CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch SAE/EAP-pwd side-channel attack update 2 (CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733) ------------------------------------------------------------------ ------------------ 2022-2-9 - Feb 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - commit 9e29e45 - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - locking: Make owner_on_cpu() into (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - commit 8887152 - KVM: selftests: Don't skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - commit 5056d9e - Update kabi files. update for the latest scheduler changes - commit cd3c5e1 - ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - commit 32cdbed - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs (bsc#1192120). - sched/fair: Improve consistency of allowed NUMA balance calculations (bsc#1192120). - commit 6c87519 - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - commit 156924b - Revert ASoC mediatek patch Reverted in stable tree as it causes a regression on Chromebooks - commit 037ce32 - NFSv4: Handle case where the lookup of a directory fails (bsc#1195612 CVE-2022-24448). - commit 3f047de ++++ multipath-tools: - Version 0.8.8+57+suse.dfb672fe * kpartx.rules: skip MD devices (bsc#1195644) * libmultipath: hwtable: use ALUA for all LIO targets (bsc#1195649) * multipathd.service: drop ExecStartPre for loading dm-multipath (bsc#1195397) ++++ gcc11: - Put libstdc++6-pp Requires on the shared library and drop to Recoomends. ++++ pango: - Update to version 1.50.4: + Tweak synthetic space size. + itemize: Try harder to avoid NULL fonts. + docs: Some additions. + Pass synthetic slant to harfbuzz. + Make sloped carets work with uneven scales. + Fix serialiation on arm. + Avoid an uninitialized variable warning. + Reinstate previous behavior of pango_attr_list_splice. + Deprecated pango_coverage_ref/unref. + Fix serialization on non-glibc systems. + Fix allow-breaks handling. ++++ sssd: - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) ------------------------------------------------------------------ ------------------ 2022-2-8 - Feb 8 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.356: + Updated pci, usb and vendor ids. ++++ kdump: - Exclude i586 from SLE builds. ++++ kernel-default: - cgroup-v1: Require capabilities to set release_agent (bsc#1195543 CVE-2022-0492). - commit 80c2825 - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - commit 906a8df - Update patch reference for HD-audio fix (bsc#1183872) - commit 4c0efd7 - RDMA/mlx4: Don't continue event handler after memory allocation failure (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: Don't treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - commit 8c4be7e - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - commit 588dbf8 ++++ openldap2: - jsc#PM-3288 - restore CLDAP functionality in CLI tools ++++ sg3_utils: - Update to version 1.47+3.adb7276: * rescan-scsi-bus.sh: fix garbled output (bsc#1195621) ++++ libvirt: - qemu: fix inactive snapshot revert 76deb656-qemu-fix-snapshot-revert.patch boo#1195690 ++++ libzypp: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. - version 17.29.4 (22) ++++ salt: - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Added: * add-missing-ansible-module-functions-to-whitelist-in.patch ------------------------------------------------------------------ ------------------ 2022-2-7 - Feb 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mptcp: add missing documented NL params (git-fixes). - commit 6ddf1d2 - EDAC/xgene: Fix deferred probing (bsc#1190497). - commit f77b4a3 - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - commit 4a310dd - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit 5da0923 - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - commit cbb053e - bfq: Limit waker detection in time (bsc#1184318). - commit ef96b3e - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - commit d13944f - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - commit 118f855 ++++ harfbuzz: - update to 3.3.2: + Revert splitting of pair positioning values introduced in 3.3.0 as it proved problematic - includes changes from 3.3.1: + Fix heap-use-after-free in harfbuzz-subset introduced in previous release - includes changes from 3.3.0: + Improved documentation, code cleanup + The low 16-bits of face index will be used by hb_face_create() to select a face inside a font collection file format, while the high 16-bits will be used by hb_font_create() to load the named instance + Glyph positions and other font metrics now apply synthetic slant set by hb_font_set_synthetic_slant(), for improved positioning for synthetically slanted fonts + Fixed unintentional locale dependency in hb_variation_to_string() for decimal point representation + When applying pair positioning (kerning) the positioning value is split between the two sides of the pair for improved cursor positioning between such pairs + Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in conjunction with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing re-shaping during line breaking. Check the documentation for further details + Improved handling of macrolanguages when mapping BCP 47 codes to OpenType tags ++++ polkit: - CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542) added CVE-2021-4115.patch ++++ libvirt: - libxl: Mark auto-allocated graphics ports to used on reconnect e0241f33-libxl-mark-allocated-graphics-ports.patch - libxl: Release all auto-allocated graphics ports 18ec405a-libxl-release-graphics-ports.patch bsc#1191668 ++++ linux-glibc-devel: - Delete RDMA-mlx5-Add-DCS-offload-support.patch (bsc#1191550) - Update from current 15 SP4 kernel (jsc#SLE-17360) * Refresh linux-stable-version-update.patch + kvm-sev-add-support-for-sev-intra-host-migration (jsc#SLE-19924) + PCI-Add-PCI_EXP_DEVCTL_PAYLOAD_-macros.patch (stable-5.14.19) + ethtool-fix-ethtool-msg-len-calculation-for-pause-st.patch (stable-5.14.19) + uapi-fix-linux-nfc.h-userspace-compilation-errors.patch (git-fixes) + nfc-uapi-use-kernel-size_t-to-fix-user-space-builds.patch (git-fixes) + cifs-remove-pathname-for-file-from-SPDX-header.patch (bsc#1193629) + uapi-Fix-undefined-__always_inline-on-non-glibc-syst.patch (git-fixes) + tty-Partially-revert-the-removal-of-the-Cyclades-pub.patch (git-fixes) + um-virt-pci-fix-uapi-documentation (git-fixes) + net-sched-act_skbmod-Add-SKBMOD_F_ECN-option-support.patch (bsc#1189998) + stddef-Introduce-struct_group-helper-macro.patch (jsc#SLE-18978) + net-smc-add-support-for-user-defined-EIDs (jsc#SLE-18331) + net-smc-add-generic-netlink-support-for-system-EID (jsc#SLE-18331) + net-smc-add-netlink-support-for-SMC-Rv2 (jsc#SLE-18331) + net_sched-refactor-TC-action-init-API.patch (bsc#1189998) + 0001-mm-mempolicy-add-MPOL_PREFERRED_MANY-for-multiple-pr.patch (jsc#SLE-23098) + 0003-mm-mempolicy-wire-up-syscall-set_mempolicy_home_node.patch (jsc#SLE-23098) + devlink-report-maximum-number-of-snapshots-with-regi.patch (jsc#SLE-19253) + x86-arch_prctl-add-controls-for-dynamic-xstate-components.patch (jsc#SLE-18931) + 0005-efi-generate-secret-key-in-EFI-boot-environment.patch (fate#316350) + mptcp-add-missing-documented-NL-params (git-fixes) + stddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch (git-fixes) ++++ samba: - libldb version mismatch in Samba dsdb component; (bsc#1118508); ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#573 - adjust to recent samba re-packaging (bsc#1195627) - 16.57.14 ++++ yast2-trans: - Update to version 84.87.20220206.a953ff83bc: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'S390'. * New POT for text domain 's390'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Finnish) * Translated using Weblate (Catalan) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'dns-server'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'printer'. * New POT for text domain 'kdump'. * Translated using Weblate (Catalan) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Ukrainian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Ukrainian) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Ukrainian) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'sap-installation-wizard'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'hana-update'. * New POT for text domain 'hana-ha'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. ------------------------------------------------------------------ ------------------ 2022-2-5 - Feb 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - commit e8caa02 - Input: wm97xx: Simplify resource management (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - commit a59bc15 - Move upstreamed sound fix into sorted section - commit 80571bb - Refresh patches.suse/Input-elan_i2c-Add-deny-list-for-Lenovo-Yoga-Slim-7.patch Fix section mistmatch warning - commit af02a31 - Delete patches.suse/net-sched-disable-nolock-pfifo-fast.patch. (bsc#1187428) This patch was a temporary workaround for bsc#1183405 race condition. As SLE15-SP4 is based on 5.14 kernel which contains the upstream fix for the race condition, disabling lockless implementation of pfifo_fast is not actually needed. - commit dd7ef49 ------------------------------------------------------------------ ------------------ 2022-2-4 - Feb 4 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.0 (bsc#1195414, bsc#1195564) + Refactor removes check_registration() function in utils implementation + Only start the registration service for PAYG images - addon-azure sub-package to version 1.0.1 ++++ gstreamer: - Update to version 1.20.0: + Development in GitLab was switched to a single git repository containing all the modules + GstPlay: new high-level playback library, replaces GstPlayer + WebM Alpha decoding support + Encoding profiles can now be tweaked with additional application-specified element properties + Compositor: multi-threaded video conversion and mixing + RTP header extensions: unified support in RTP depayloader and payloader base classes + SMPTE 2022-1 2-D Forward Error Correction support + Smart encoding (pass through) support for VP8, VP9, H.265 in encodebin and transcodebin + Runtime compatibility support for libsoup2 and libsoup3 (libsoup3 support experimental) + Video decoder subframe support + Video decoder automatic packet-loss, data corruption, and keyframe request handling for RTP / WebRTC / RTSP + mp4 and Matroska muxers now support profile/level/resolution changes for H.264/H.265 input streams (i.e. codec data changing on the fly) + mp4 muxing mode that initially creates a fragmented mp4 which is converted to a regular mp4 on EOS + Audio support for the WebKit Port for Embedded (WPE) web page source element + CUDA based video color space convert and rescale elements and upload/download elements + NVIDIA memory:NVMM support for OpenGL glupload and gldownload elements + Many WebRTC improvements + The new VA-API plugin implementation fleshed out with more decoders and new postproc elements + AppSink API to retrieve events in addition to buffers and buffer lists + AppSrc gained more configuration options for the internal queue (leakiness, limits in buffers and time, getters to read current levels) + Updated Rust bindings and many new Rust plugins + Improved support for custom minimal GStreamer builds + Support build against FFmpeg 5.0 + Linux Stateless CODEC support gained MPEG-2 and VP9 + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + Lots of new plugins, features, performance improvements and bug fixes - Use ldconfig_scriptlets macro for post(un) handling where possible. - Update Source url. - Update to version 1.18.6: + gstplugin: Fix for UWP build + gst-ptp-helper: Do not disable multicast loopback + concat: fix qos event handling + pluginfeature: Fix object leak + baseparse: fix invalid avg_bitrate after reset + multiqueue: Fix query unref race on flush + gst: Initialize optional event/message fields when parsing + bitwriter: Fix the trailing bits lost when getting its data + multiqueue: never consider a queue that is not waiting + input-selector: Use proper segments when cleaning cached buffers ++++ gstreamer-plugins-base: - Update to version 1.20.0: + Development in GitLab was switched to a single git repository containing all the modules + GstPlay: new high-level playback library, replaces GstPlayer + WebM Alpha decoding support + Encoding profiles can now be tweaked with additional application-specified element properties + Compositor: multi-threaded video conversion and mixing + RTP header extensions: unified support in RTP depayloader and payloader base classes + SMPTE 2022-1 2-D Forward Error Correction support + Smart encoding (pass through) support for VP8, VP9, H.265 in encodebin and transcodebin + Runtime compatibility support for libsoup2 and libsoup3 (libsoup3 support experimental) + Video decoder subframe support + Video decoder automatic packet-loss, data corruption, and keyframe request handling for RTP / WebRTC / RTSP + mp4 and Matroska muxers now support profile/level/resolution changes for H.264/H.265 input streams (i.e. codec data changing on the fly) + mp4 muxing mode that initially creates a fragmented mp4 which is converted to a regular mp4 on EOS + Audio support for the WebKit Port for Embedded (WPE) web page source element + CUDA based video color space convert and rescale elements and upload/download elements + NVIDIA memory:NVMM support for OpenGL glupload and gldownload elements + Many WebRTC improvements + The new VA-API plugin implementation fleshed out with more decoders and new postproc elements + AppSink API to retrieve events in addition to buffers and buffer lists + AppSrc gained more configuration options for the internal queue (leakiness, limits in buffers and time, getters to read current levels) + Updated Rust bindings and many new Rust plugins + Improved support for custom minimal GStreamer builds + Support build against FFmpeg 5.0 + Linux Stateless CODEC support gained MPEG-2 and VP9 + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + Lots of new plugins, features, performance improvements and bug fixes - Rebase add_wayland_dep_to_tests.patch. - Drop gstreamer-plugins-base-gl-deps.patch: Fixed upstream - Stop using service due to upstreams new mono-repo, just use tarballs for now. - Update to version 1.18.6: + tagdemux: Fix crash when presented with malformed files (security fix) + videoencoder: make sure the buffer is writable before modifying metadata + video-converter: Fix for broken gamma remap with high bitdepth YUV output + sdpmessage: fix mapping single char fmtp params + oggdemux: fix a race in push mode when performing the duration seek + uridecodebin: Fix critical warnings + audio-converter: Fix resampling when there's nothing to output + tcp: fix build on Solaris + uridecodebin3: Nullify current item after all play items are freed. + audio-resampler: Fix segfault when we can't output any frames + urisourcebin: Handle sources with dynamic pads and pads already present + playbin2/3: autoplug/caps: don't expand caps to ANY + uridecodebin3/urisourcebin: Reusability fixes + rtspconnection: Only reset timeout when socket is unused + gstvideoaggregator.c: fix build with gcc 4.8 - Drop service, use source url, upstream changes in git. ++++ kernel-default: - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: synaptics: retry query upon error (bsc#1194086). - commit 54e65d3 - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - commit d1f0342 ++++ openssl-1_1: - FIPS: Fix function and reason error codes [bsc#1182959] * Add openssl-1_1-FIPS-fix-error-reason-codes.patch ++++ procps: - Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is ignore SIGURG ++++ python3-core: - Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. ++++ python3: - Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. ------------------------------------------------------------------ ------------------ 2022-2-3 - Feb 3 2022 ------------------- ------------------------------------------------------------------ ++++ jeos-firstboot: - Update to version 1.1.0.3: * Don't make a snapshot if /etc is not part of it * Use mountpoint with -q * Don't attach jeos-firstboot-snapshot.service to the TTY ++++ kernel-default: - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - commit c1f5ec0 - This is about really old Lenovo laptop HW/firmware issues It's very likely that this has been fixed in firmware or in acpi subsystem with another patch/blacklist whatsoever. Removing for cleanup reasons: - Delete patches.suse/acpi_thermal_passive_blacklist.patch. - Delete patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch. - commit a21f3a8 - selftest: KVM: Add open sev dev helper (bsc#1194526). - commit 995bc50 - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - commit 6db3f57 - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - commit 4af276f - Update kabi files. - Initial import from 2022-02-02 weekly submission (commit 0d67d764121814add0f9e5468b80f3b8c8866bc7) - The kABI Soft Freeze. - Update kabi files. - Initial import from 2022-02-02 weekly submission - the kABI Soft Freeze. - commit 2ba84fd - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - commit 908b6a9 ++++ openssl-1_1: - Enable zlib compression support [bsc#1195149] - Remove the openssl-has-RSA_get0_pss_params provides as it is now fixed in the nodejs16 side [bsc#1192489] ++++ sysstat: - Fix possible segfault in read_task_stats() [bsc#1194679] - Add sysstat-fix-segfault-in-read_task_stats.patch ------------------------------------------------------------------ ------------------ 2022-2-2 - Feb 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fanotify: Fix stale file descriptor in copy_event_to_user() (bsc#1195187). - commit c598009 - tcp: Add a stub for sk_defer_free_flush() (bsc#1195400). - commit 66984be - mm: vmscan: remove deadlock due to throttling failing to make progress (bsc#1195357). - commit 6096a6d - KVM: SEV: Prohibit migration of a VM that has mirrors (bsc#1194526). - KVM: SEV: Do COPY_ENC_CONTEXT_FROM with both VMs locked (bsc#1194526). - KVM: SEV: Fix typo in and tweak name of cmd_allowed_from_miror() (bsc#1194526). - KVM: SEV: Drop a redundant setting of sev->asid during initialization (bsc#1194526). - KVM: SEV: Set sev_info.active after initial checks in sev_guest_init() (bsc#1194526). - KVM: SEV: Disallow COPY_ENC_CONTEXT_FROM if target has created vCPUs (bsc#1194526). - commit 806c843 - Update patch reference for radeon regression fix (bsc#1195142) - commit bc75946 - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: uniphier: fix reference count leak in uniphier_spi_probe() (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - spi: stm32-qspi: Update spi registering (git-fixes). - irqchip/realtek-rtl: Fix off-by-one in routing (git-fixes). - irqchip/realtek-rtl: Map control data to virq (git-fixes). - tty: Add support for Brainboxes UC cards (git-fixes). - usb: xhci-plat: fix crash when suspend if remote wake enable (git-fixes). - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - efi: runtime: avoid EFIv2 runtime services on Apple x86 machines (git-fixes). - efi/libstub: arm64: Fix image check alignment at entry (git-fixes). - drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - sch_htb: Fail on unsupported parameters when offload is requested (git-fixes). - can: tcan4x5x: regmap: fix max register value (git-fixes). - phylib: fix potential use-after-free (git-fixes). - net: phy: broadcom: hook up soft_reset for BCM54616S (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - ARM: 9180/1: Thumb2: align ALT_UP() sections in modules sufficiently (git-fixes). - usr/include/Makefile: add linux/nfc.h to the compile-test coverage (git-fixes). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - commit b99299d ++++ multipath-tools: - Version 0.8.8+45+suse.628d603e * fix handling of historical-service-time path selector (bsc#1195425) * fix marking multipath devices as failed prematurely on startup (bsc#1195426) * multipathd.service: remove LimitCORE=infinity directive This should only be enabled for debugging. * multipathd.service: don't load scsi_dh modules (bsc#1195397) This is done via modules-load.d functionality on (open)SUSE - Upstream fixes: * Fix claiming of paths with "find_multipaths strict" * Avoid unnecessary read-only reloads ++++ openssl-1_1: - FIPS: Move the HMAC-SHA2-256 used for integrity test [bsc#1185320] * Add openssl-FIPS-KAT-before-integrity-tests.patch - FIPS: Add missing KAT for HKDF/TLS 1.3/IPSEC IKEv2 [bsc#1192442] * Add openssl-fips-kdf-hkdf-selftest.patch ++++ systemd: - Make more use of %{_unitdir} in files.{systemd,container} ++++ liburing2: - Rename liburing2 to avoid collision with inherited source for prior liburing-devel-0.X API (bsc#1193522) ++++ patterns-microos: - bump version to 5.2.0 - specify branding of systemd presets ------------------------------------------------------------------ ------------------ 2022-2-1 - Feb 1 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - udev: create symlinks and watch even in suspended state (bsc#1195231) + bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch ++++ kdump: - kdump-calibrate.conf-depends-on-kdumptool.patch: calibrate.conf: Add dependency on kdumptool. - kdump-calibrate-fix-nic-naming.patch: calibrate: Fix network interface naming. - kdump-calibrate-include-af_packet.patch: calibrate: Explicitly include af_packet in the test initrd. - Update to 1.0.2 * Adjust crash kernel reservation at boot time (jsc#SLE-18441). - All remaining patches have been upstreamed: * kdump-fillupdir-fixes.patch * kdump-use-pbl.patch * kdump-calibrate-Ignore-malformed-VMCOREINFO.patch ++++ kernel-default: - tcp: add a missing sk_defer_free_flush() in tcp_splice_read() (bsc#1195400). - commit 90f376b - net: Flush deferred skb free on socket destroy (bsc#1195400). - commit 2e63a82 - net/tls: Fix another skb memory leak when running kTLS traffic (bsc#1195400). - commit 3aa18f4 - net/tls: Fix skb memory leak when running kTLS traffic (bsc#1195400). - commit a9990a3 - tcp: add missing htmldocs for skb->ll_node and sk->defer_list (bsc#1195400). - commit 495cd25 - tcp: do not call tcp_cleanup_rbuf() if we have a backlog (bsc#1195400). - commit d5025e5 - tcp: defer skb freeing after socket lock is released (bsc#1195400). - commit 5ddbe0e - tcp: avoid indirect calls to sock_rfree (bsc#1195400). - commit 6167ff6 - tcp: small optimization in tcp recvmsg() (bsc#1195400). - commit 4db4a08 - rfkill: add kABI padding Patch-mainline: Never, kABI padding References: bsc#1179531 (bsc#1179531). - commit 4badc70 - sched/core: Forced idle accounting (bsc#1189999 (Scheduler functional and performance backports)). - sched: Make schedstats helpers independent of fair sched class (bsc#1189999 (Scheduler functional and performance backports)). - sched: Make struct sched_statistics independent of fair sched class (bsc#1189999 (Scheduler functional and performance backports)). - commit 3157933 - List simpledrm in supported.conf (jsc#SLE-18823) Makes the driver part of the regular kernel-default package. - commit 7522e67 - continue to provide guest OS id on hyperv (bnc#814005, bsc#1189965). - commit 69937ca - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - commit 1957b33 - platform/x86: wmi: introduce helper to convert driver to WMI driver (git-fixes). - commit 0d205fc - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - commit 4e01e3a - platform/x86: wmi: make GUID block packed (git-fixes). - commit d4f4098 - platform/x86: wmi: use guid_t and guid_equal() (git-fixes). - commit ba3700f - platform/x86: wmi: use bool instead of int (git-fixes). - commit fcf29d7 - platform/x86: wmi: use BIT() macro (git-fixes). - commit fefbbd1 - platform/x86: wmi: remove unnecessary checks (git-fixes). - commit bb591a0 - platform/x86: wmi: remove unnecessary casts (git-fixes). - commit 3b81cff - platform/x86: wmi: remove unnecessary argument (git-fixes). - commit 46d5bd4 - Delete patches.suse/bfq-tune-slice-idle.patch: BFQ logic has improved and QA results don't indicate we need this anymore. - commit 0ad80b2 - crypto: HMAC - disallow keys < 112 bits in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit 3e251f8 - crypto: HMAC - add fips_skip support (jsc#SLE-21132,bsc#1193136). - commit d7c3015 - blacklist.conf: Added dups - commit 2333475 - Drop superfluous x86 SME patch The commit already present in another patch - commit f64529e - Update config files: disable DEBUG_INFO_BTF_MODULES (bsc#1194501). - commit b07bf3e - bpf: make module BTF toggleable (bsc#1194501). - commit e268acf - kABI padding for bpf (bsc#1179531). - commit 15e30ef - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1190497). - commit 6282a43 - x86/MCE/AMD, EDAC/mce_amd: Support non-uniform MCA bank type enumeration (jsc#SLE-19026). - commit 3f43757 ++++ expat: - Update to latest version 2.4.4 in SLE-15-SP4 [jsc#SLE-21253] ++++ libgcrypt: - FIPS: Disable DSA in FIPS mode [bsc#1195385] * Upstream task: https://dev.gnupg.org/T5710 * Add libgcrypt-FIPS-disable-DSA.patch ++++ lvm2: - udev: create symlinks and watch even in suspended state (bsc#1195231) + bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch ++++ libnvme: - Update to version 1.0~2: * Add fabrics config option 'tls' * Logging infrastructure reworked (API break) * Changed argument structs layout (API break) * Changed scan API (API break) * Fixed ctrl_loss_tmo handling concerning values of '-1' * Various build fixes ++++ systemd: - Installation of libnss_mymachines.so depended on %{bootstrap} but it is actually installed when %{with machined} is true. - Call ldconfig when container subpackage is installed since it ships nss-mymachines NSS plug-in module. - Import commit a186eb9f9cc13b65f8380dbcae3080228e8be7e2 1395c74be7 udevadm: cleanup-db: don't delete information for kept db entries (bsc#1194912) bbafc8092a udevadm: cleanup_dir: use dot_or_dot_dot() d16f6d018d tmpfiles: split out config for systemd-resolve 41334be59e meson: minor cleanup 3db0c28462 sysusers: split up systemd.conf - Drop 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch (bsc#1195153) Since v241, the patch isn't useful anymore because resolved is no more able to create /etc/resolv.conf symlink by itself,it runs as 'systemd-resolve' user. The symlink is now handled by a tmpfiles config file which is only installed when systemd-resolved is. The tmpfiles config file has currently a lower priority than the one shipped by netconfig. - Make use of %ldconfig_scriptlets - Merge nss-resolved and nss-mymachines NSS plug-in modules into systemd-network and systemd-container respectively. These modules are plug-in modules hence the shared library packaging policy doesn't apply for them. Moreover they're pretty useless alone without their respective systemd services, Hence let's reduce the number of sub-packages as the list keeps increasing. - Merge libudev-devel into systemd-devel - systemd.spec: explicitely list all files for each main (sub) packages Using glob patterns in %files section to reduce the number of listed files was error-prone as some introduced files could silently be placed in the wrong subpackage. The sections were also hard to read and many files needed to be excluded from the main package making the point of glob pattern usage moot. systemd, udev, systemd-container and systemd-network packages have now their list of files described in a dedicated file. The lists are kept sorted to make them easy to parse. The size of the files, especially the one for the main package, is still reasonable and much easier to read now. During this rework, a couple of cleanups happened: more use of %{_systemd_util_dir}, some files was incorrectly owned by the main package and have been moved to the correct sub-package, etc... Note: the rest of the subpackages might be addressed later but let's find how it goes for now. ++++ libzypp: - Public header files on older distros must use c++11 (bsc#1194597) - Fix exception handling when reading or writing credentials (bsc#1194898) - version 17.29.3 (22) ++++ nvme-cli: - Update to version 2.0~2: * Adapt to logging API changes in libnvme * Adapt to scan API changes in libnvme * Reworked error message handling * Fix 'list-ns' (bsc#1195151) * Add 'gen-tls-key' and 'check-tls-key' * Add Media Unit Status log page support * Cleanups and build fixes - Fix path to systemctl (bsc#1193699) ++++ patterns-microos: - rename pattern microos_sssd_ldap to microos-sssd_ldap (bsc#1192462) ++++ sudo: - Update to 1.9.9 * Sudo can now be built with OpenSSL 3.0 without generating warnings about deprecated OpenSSL APIs. * A digest can now be specified along with the ALL command in the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for this in the sudoers file but did not include corresponding changes for the other back-ends. * visudo now only warns about an undefined alias or a cycle in an alias once for each alias. * The sudoRole cn was truncated by a single character in warning messages. GitHub issue #115. * The cvtsudoers utility has new --group-file and --passwd-file options to use a custom passwd or group file when the - -match-local option is also used. * The cvtsudoers utility can now filter or match based on a command. * The cvtsudoers utility can now produce output in csv (comma-separated value) format. This can be used to help generate entitlement reports. * Fixed a bug in sudo_logsrvd that could result in the connection being dropped for very long command lines. * Fixed a bug where sudo_logsrvd would not accept a restore point of zero. * Fixed a bug in visudo where the value of the editor setting was not used if it did not match the user’s EDITOR environment variable. This was only a problem if the env_editor setting was not enabled. Bug #1000. * Sudo now builds with the -fcf-protection compiler option and the - z now linker option if supported. * The output of sudoreplay -l now more closely matches the traditional sudo log format. * The sudo_sendlog utility will now use the full contents of the log.json file, if present. This makes it possible to send sudo-format I/O logs that use the newer log.json format to sudo_logsrvd without losing any information. * Fixed compilation of the arc4random_buf() replacement on systems with arc4random() but no arc4random_buf(). Bug #1008. * Sudo now uses its own getentropy() by default on Linux. The GNU libc version of getentropy() will fail on older kernels that don’t support the getrandom() system call. * It is now possible to build sudo with WolfSSL’s OpenSSL compatibility layer by using the --enable-wolfssl configure option. * Fixed a bug related to Daylight Saving Time when parsing timestamps in Generalized Time format. This affected the NOTBEFORE and NOTAFTER options in sudoers. Bug #1006. * Added the -O and -P options to visudo, which can be used to check or set the owner and permissions. This can be used in conjunction with the -c option to check that the sudoers file ownership and permissions are correct. Bug #1007. * It is now possible to set resource limits in the sudoers file itself. The special values default and “user” refer to the default system limit and invoking user limit respectively. The core dump size limit is now set to 0 by default unless overridden by the sudoers file. * The cvtsudoers utility can now merge multiple sudoers sources into a single, combined sudoers file. If there are conflicting entries, cvtsudoers will attempt to resolve them but manual intervention may be required. The merging of sudoers rules is currently fairly simplistic but will be improved in a future release. * Sudo was parsing but not applying the “deref” and “tls_reqcert” ldap.conf settings. This meant the options were effectively ignored which broke dereferencing of aliases in LDAP. Bug #1013. * Clarified in the sudo man page that the security policy may override the user’s PATH environment variable. Bug #1014. * When sudo is run in non-interactive mode (with the -n option), it will now attempt PAM authentication and only exit with an error if user interaction is required. This allows PAM modules that don’t interact with the user to succeed. Previously, sudo would not attempt authentication if the -n option was specified. Bug #956 and GitHub issue #83. * Fixed a regression introduced in version 1.9.1 when sudo is built with the --with-fqdn configure option. The local host name was being resolved before the sudoers file was processed, making it impossible to disable DNS lookups by negating the fqdn sudoers option. Bug #1016. * Added support for negated sudoUser attributes in the LDAP and SSSD sudoers back ends. A matching sudoUser that is negated will cause the sudoRole containing it to be ignored. * Fixed a bug where the stack resource limit could be set to a value smaller than that of the invoking user and not be reset before the command was run. Bug #1016. - sudo no longer ships schema for LDAP. - sudo-feature-negated-LDAP-users.patch dropped, included upstream - refreshed sudo-sudoers.patch ++++ systemd-presets-common-SUSE: - enable vgauthd service for VMWare by default (bsc#1195251) ------------------------------------------------------------------ ------------------ 2022-1-31 - Jan 31 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - change self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade - update to new LTS version from openSUSE:Factory - port remove-pwscore.patch * remove dependency on pwscore (bsc#1182924) * remove password strenth indicator - port branding changes as suse-microos "theme" * remove suse_cockpit_assets.tar.gz * add suse-microos-branding.tar.gz * remove branding_tests.patch * add suse-microos-branding.patch - remove files not needed to build this version anymore * webpack-warnings-are-not-errors.patch * github_package.patch * nodejs_output_helper.bash - remove cockpit.permissions workaround (bsc#1169614) ++++ cockpit-machines: - Remove translate-toolkit which is not available in SLE ++++ python-kiwi: - Ensure backward compatibility on deprecated methods This commit ensures backward compatibility for deprecated config bash script utilities. Fixes bsc#1195229 Signed-off-by: David Cassany - Bump version: 9.24.15 → 9.24.16 This version upgrade includes several fixes: * Fixed regression in compression detection The change from 282529de8f612dee32d54ee868c2365dcd829220 Introduced a bad regression. The assumption was made that the xz tool could be used to detect if a file is compressed or not. However, this requires the file to be locally present. In the scope of the method call is_compressed() and within a remote deployment e.g PXE this is not the case. Therefore the former way to "detect" the compression according to the .xz postfix of the source filename was restored. In addition the function name was changed to is_xz_compressed() because that's what the method can do and not more. This Fixes #2015 Fixes a regression in the scope of bsc#1192975 (#c16) * index.rst: Change title (bsc#1189294#c2) * 'KIWI NG 9: KIWI NG Documentation' -> 'Building Linux System Appliances with KIWI Next Generation (KIWI NG ) * suggested in bsc#1189294#c2 for more clarity * change has been discussed with and approved by main author (Marcus S.) * Care for different snapper template locations snapper recently changed their config template location from etc/ to usr/. This commit handles the two locations and Fixes bsc#1192940 * Do not force dracut into a compression setting So far we called dracut with --xz which forces the initrd to be xz compressed. There are other compression formats used by the distributions and they might differe from xz. The selection for a compression tool is done by a dist configuration in dracut.conf.d which is provided by the distributions as they see fit. For us this means not forcing dracut into a specific compression setting allows to make use of the distro provided setting and also allows to change/override this setting by an overlay file. This Fixes bsc#1192975 ++++ kernel-default: - x86/MCE/AMD: Export smca_get_bank_type symbol (jsc#SLE-19026). - commit 49cf559 - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (jsc#SLE-19026). - commit a089c33 - EDAC/amd64: Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (jsc#SLE-19026). - commit 804cac2 - EDAC: Add RDDR5 and LRDDR5 memory types (jsc#SLE-19026). - commit 4ca03fe - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl() (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: Revert "scsi: hisi_sas: Filter out new PHY up events during suspend" (git-fixes). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - scsi: pm8001: Fix kernel-doc warnings (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd() (git-fixes). - commit 5fed070 - Added blacklisted SCSI ufs commit - commit 89e75cd - supported.conf: Mark drivers/perf/arm_dmc620_pmu as supported (jsc#SLE-19041) - commit 48e38f8 - crypto: testmgr - disallow plain ghash in FIPS mode (jsc#SLE-21132,bsc#1194777). - commit a8532d3 - crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode (jsc#SLE-21132,bsc#1194774). - commit 70677c0 - sched/fair: Revert update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1193175). - commit 5418435 - intel_idle: enable interrupts before C1 on Xeons (bnc#1155798 (CPU scheduler functional and performance backports)). - commit 78fa711 - filemap: Remove PageHWPoison check from next_uptodate_page() (bnc#1190208 (MM functional and performance backports)). - sched: Trigger warning if ->migration_disabled counter underflows (bnc#1189998 (PREEMPT_RT prerequisite backports)). - sched/fair: Cleanup task_util and capacity type (bnc#1189999 (Scheduler functional and performance backports)). - psi: Fix PSI_MEM_FULL state when tasks are in memstall and doing reclaim (bnc#1189999 (Scheduler functional and performance backports)). - psi: Add a missing SPDX license header (bnc#1189999 (Scheduler functional and performance backports)). - psi: Remove repeated verbose comment (bnc#1189999 (Scheduler functional and performance backports)). - commit edff965 - crypto: api - Allow algs only in specific constructions in FIPS mode (jsc#SLE-21132,bsc#1191256,bsc#1194774,bsc#1194777). - Refresh patches.suse/0001-crypto-implement-downstream-solution-for-disabling-d.patch. - commit 592d0ee - blacklist.conf: Add a7ebf564de32 mm/memcg: relocate mod_objcg_mlstate(), get_obj_stock() and put_obj_stock() - commit 69f3db3 - ALSA: hda: Remove redundant runtime PM calls (git-fixes). - ALSA: hda: intel: More comprehensive PM runtime setup for controller driver (git-fixes). - commit b254574 - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - commit 0cfe67a - ALSA: hda: Fix UAF of leds class devs at unbinding (bsc#1195349). - commit 166e9b4 - gve: Add tx|rx-coalesce-usec for DQO (bsc#1195276). - gve: Add consumed counts to ethtool stats (bsc#1195276). - gve: Implement suspend/resume/shutdown (bsc#1195276). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1195276). - gve: remove memory barrier around seqno (bsc#1195276). - gve: Update gve_free_queue_page_list signature (bsc#1195276). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1195276). - gve: Correct order of processing device options (bsc#1195276). - gve: fix for null pointer dereference (bsc#1195276). - gve: fix unmatched u64_stats_update_end() (bsc#1195276). - gve: Add a jumbo-frame device option (bsc#1195276). - gve: Implement packet continuation for RX (bsc#1195276). - gve: Add RX context (bsc#1195276). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1195276). - commit 0803caf - Update config files. (bsc#1195346) Enable DMABUF_HEAPS[_SYSTEM] configuration options - commit 3090423 - blacklist.conf: misattributed patch - commit 8d2ba5e - blacklist.conf: misattributed patch - commit ec33b0f - net: mcs7830: handle usb read errors properly (git-fixes). - commit 48dab08 - ucount: Make get_ucount a safe get_user replacement (bsc#1195306 CVE-2022-24122). - commit b9063d5 - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 0b42051 - ceph: set pool_ns in new inode layout for async creates (bsc#1195342). - ceph: properly put ceph_string reference after async create attempt (bsc#1195341). - commit cade32d - bpf,x86: Respect X86_FEATURE_RETPOLINE* (bsc#1190497). - commit 3017e7f - bpf,x86: Simplify computing label offsets (bsc#1190497). - commit b5c6689 - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (bsc#1190497). - commit 8b8edaa - x86/alternative: Add debug prints to apply_retpolines() (bsc#1190497). - commit 76b6079 - x86/alternative: Try inline spectre_v2=retpoline,amd (bsc#1190497). - commit 4e48a24 - x86/alternative: Handle Jcc __x86_indirect_thunk_\reg (bsc#1190497). - commit 8b47d6e - x86/alternative: Implement .retpoline_sites support (bsc#1190497). - commit 758e879 - x86/retpoline: Create a retpoline thunk array (bsc#1190497). - commit f1f201e - x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h (bsc#1190497). - commit 6f7882c - x86/asm: Fixup odd GEN-for-each-reg.h usage (bsc#1190497). - commit 0632c94 - x86/asm: Fix register order (bsc#1190497). - commit f91c48e - x86/retpoline: Remove unused replacement symbols (bsc#1190497). - commit 15d0b39 - objtool,x86: Replace alternatives with .retpoline_sites (bsc#1190497). - commit f215305 - objtool: Shrink struct instruction (bsc#1190497). - commit 633fd59 - objtool: Explicitly avoid self modifying code in .altinstr_replacement (bsc#1190497). - commit b05fae2 - objtool: Classify symbols (bsc#1190497). - commit c28da8d - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - commit 7124b18 - kABI padding for generic crypto (bsc#1179531). - commit 42a8077 - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - Drivers: hv: balloon: account for vmbus packet header in max_pkt_size (git-fixes). - x86/hyperv: Properly deal with empty cpumasks in hyperv_flush_tlb_multi() (git-fixes). - commit 55fdcf1 - crypto: seqiv - flag instantiations as FIPS compliant (jsc#SLE-21132,bsc#1194778). - commit a0ea522 - kbuild: remove include/linux/cyclades.h from header file check (git-fixes). - commit 05fdfcd - PCI/sysfs: Find shadow ROM before static attribute initialization (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - tty: Partially revert the removal of the Cyclades public API (git-fixes). - usb: cdnsp: Fix segmentation fault in cdns_lost_power function (git-fixes). - usb: dwc3: xilinx: Fix error handling when getting USB3 PHY (git-fixes). - usb: dwc3: xilinx: Skip resets and USB3 register settings for USB2.0 mode (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: typec: tcpm: Do not disconnect when receiving VSAFE0V (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: typec: tcpci: don't touch CC line if it's Vconn source (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - drm/amd/display: reset dcn31 SMU mailbox on failures (git-fixes). - irqchip/gic-v4: Disable redistributors' view of the VPE table at boot time (git-fixes). - commit 9089800 - Move upstreamed patches into sorted section - commit 44bc450 ++++ util-linux: - Implement "X-fstrim.notrim" fstab mount option that skips fstrim for selected device (jsc#SLE-17942, util-linux-fstrim-implement-X-fstrim.notrim.patch). ++++ libcap: - update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently ++++ expat: - update to 2.4.4 (bsc#1195217, bsc#1195054): * Security fixes: - CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. - CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. * Bug fixes: - xmlwf: Fix a memory leak on output file opening error * Other changes: - Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do * Drop unused file valid-xhtml10.png ++++ systemd: - Rename 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch into 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch This patch is now SLE specific. ++++ python-lxml: - With the new update to 4.7.1, the old Bugzilla entries are also fixed: - bsc#1118088 (related to CVE-2018-19787) - bsc#1184177 (related to CVE-2021-28957) - Update to 4.7.1 (officially released 2021-12-13) Features added - Chunked Unicode string parsing via parser.feed() now encodes the input data to the native UTF-8 encoding directly, instead of going through Py_UNICODE / wchar_t encoding first, which previously required duplicate recoding in most cases. Bugs fixed - The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3. See https://mail.python.org/archives/list/lxml@python.org/thread/ 6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/ - lxml.objectify previously accepted non-XML numbers with underscores (like "1_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again. - LP#1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt). Other changes - Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows). - Update to 4.7.0 (2021-12-13) - Release retracted due to missing files in lxml/includes/. - UPdate to 4.6.5 (2021-12-12) Bugs fixed - A vulnerability (GHSL-2021-1038) in the HTML cleaner - allowed sneaking script content through SVG images - (bnc#1193752, CVE-2021-43818). - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed - sneaking script content through CSS imports and other crafted - constructs (CVE-2021-43818). - Update 4.6.4 (2021-11-01) Features added - GH#317: A new property system_url was added to DTD entities. - Patch by Thirdegree. - GH#314: The STATIC_* variables in setup.py can now be passed - via env vars. - Patch by Isaac Jurado. - Update 4.6.3 (2021-03-21) Bugs fixed - A vulnerability (CVE-2021-28957) was discovered in the HTML - Cleaner by Kevin Chung, which allowed JavaScript to pass through. - The cleaner now removes the HTML5 formaction attribute. - Update 4.6.2 (2020-11-26) Bugs fixed - A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML Cleaner - by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner - now removes more sneaky "style" content. - Update 4.6.1 (2020-10-18) Bugs fixed - A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, - which allowed JavaScript to pass through. The cleaner now removes - more sneaky "style" content. - Update 4.6.0 (2020-10-17) Features added - GH#310: lxml.html.InputGetter supports __len__() to count the number - of input fields. Patch by Aidan Woolley. - lxml.html.InputGetter has a new .items() method to ease processing - all input fields. - lxml.html.InputGetter.keys() now returns the field names in document - order. - GH-309: The API documentation is now generated using sphinx-apidoc. - Patch by Chris Mayo. Bugs fixed - LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes - when a default namespace was defined. - TreeBuilder.close() raised AssertionError in some error cases where - it should have raised XMLSyntaxError. It now raises a combined - exception to keep up backwards compatibility, while switching to - XMLSyntaxError as an interface. - Update 4.5.2 (2020-07-09) Bugs fixed - Cleaner() now validates that only known configuration options - can be set. - LP#1882606: Cleaner.clean_html() discarded comments and PIs - regardless of the corresponding configuration option, if - remove_unknown_tags was set. - LP#1880251: Instead of globally overwriting the document loader - in libxml2, lxml now sets it per parser run, which improves the - interoperability with other users of libxml2 such as libxmlsec. - LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21. - The setup options "--with-xml2-config" and "--with-xslt-config" - were accidentally renamed to "--xml2-config" and "--xslt-config" - in 4.5.1 and are now available again. - Update 4.5.1 (2020-05-19) Bugs fixed - LP#1570388: Fix failures when serialising documents larger than - 2GB in some cases. - LP#1865141, GH#298: QName values were not accepted by the - el.iter() method. Patch by xmo-odoo. - LP#1863413, GH#297: The build failed to detect libraries on Linux - that are only configured via pkg-config. Patch by Hugh McMaster. - Update 4.5.0 (2020-01-29) Features added - A new function indent() was added to insert tail whitespace for - pretty-printing an XML tree. Bugs fixed - LP#1857794: Tail text of nodes that get removed from a document using item deletion disappeared silently instead of sticking with the node that was removed. Other changes - MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS explicitly to override it. - Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34. - LP#1840234: The package version number is now available as lxml.__version__. - Update 4.4.3 (2020-01-28) Bugs fixed - LP#1844674: itertext() was missing tail text of comments and PIs since 4.4.0. ++++ salt: - Update to version 3004 (jsc#SLE-23675) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Don't check for cached pillar errors on state.apply (bsc#1190781) - Fix exception in batch_async caused by a bad function call - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Added: * state.apply-don-t-check-for-cached-pillar-errors.patch * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch * fix-inspector-module-export-function-bsc-1097531-481.patch * drop-serial-from-event.unpack-in-cli.batch_async.patch - Modified: * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * add-migrated-state-and-gpg-key-management-functions-.patch * add-custom-suse-capabilities-as-grains.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * switch-firewalld-state-to-use-change_interface.patch * debian-info_installed-compatibility-50453.patch * refactor-and-improvements-for-transactional-updates-.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * info_installed-works-without-status-attr-now.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * implementation-of-held-unheld-functions-for-state-pk.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * early-feature-support-config.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * improvements-on-ansiblegate-module-354.patch * support-transactional-systems-microos.patch * x509-fixes-111.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * use-adler32-algorithm-to-compute-string-checksums.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * run-salt-master-as-dedicated-salt-user.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * include-aliases-in-the-fqdns-grains.patch - Removed: * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * don-t-call-zypper-with-more-than-one-no-refresh.patch * templates-move-the-globals-up-to-the-environment-jin.patch * adding-preliminary-support-for-rocky.-59682-391.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * fix-save-for-iptables-state-module-bsc-1185131-372.patch * fix-a-test-and-some-variable-names-229.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * virt-enhancements.patch * fix-aptpkg.normalize_name-when-package-arch-is-all.patch * figure-out-python-interpreter-to-use-inside-containe.patch * do-not-break-master_tops-for-minion-with-version-low.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * add-astra-linux-common-edition-to-the-os-family-list.patch ++++ samba: - Update to 4.15.5 * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690). * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859). * CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048). ++++ util-linux-systemd: - Implement "X-fstrim.notrim" fstab mount option that skips fstrim for selected device (jsc#SLE-17942, util-linux-fstrim-implement-X-fstrim.notrim.patch). ++++ yast2-trans: - Update to version 84.87.20220131.0700dd3449: * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * New POT for text domain 'security'. * New POT for text domain 'installation'. * New POT for text domain 'base'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Ukrainian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'control'. * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (Spanish) ------------------------------------------------------------------ ------------------ 2022-1-30 - Jan 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI padding for qat (bsc#1179531). - commit 38dc163 ------------------------------------------------------------------ ------------------ 2022-1-29 - Jan 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: mark git-fixes added to perf userspace package - commit adbe3cf - crypto: xts - restrict key lengths to approved values in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit 3c220f6 - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - hwmon: (lm90) Fix sysfs and udev notifications (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Re-enable interrupts after alert clears (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - drm/amd/display/dc/calcs/dce_calcs: Fix a memleak in calculate_bandwidth() (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/a6xx: Add missing suspend_count increment (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - Revert "drm/ast: Support 1600x900 with 108MHz PCLK" (git-fixes). - drm/atomic: Add the crtc to affected crtc only if uapi.enable = true (git-fixes). - commit 17cd888 - perf/x86/intel/uncore: Add IMC uncore support for ADL (git-fixes). - perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX (git-fixes). - perf/x86/intel: Add a quirk for the calculation of the number of counters on Alder Lake (git-fixes). - perf: Fix perf_event_read_local() time (git-fixes). - perf: Protect perf_guest_cbs with RCU (git-fixes). - commit 6b315d3 - bpf: Remove config check to enable bpf support for branch records (git-fixes). - commit f91c35f - blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers - commit 3132b8c - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - commit c6f8f64 - phonet: refcount leak in pep_sock_accep (bsc#1193867, CVE-2021-45095). - commit f4ec02a - Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" (bsc#1185377, bsc#1194048). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - commit d7a3024 ++++ patterns-microos: - remove cockpit-dashboard (jsc#SMO-70) - include cockpit-machines (jsc#SMO-46) ------------------------------------------------------------------ ------------------ 2022-1-28 - Jan 28 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA ++++ cockpit-machines: - Re-add source-offset to _service. ++++ dracut: - Update to version 055+suse.226.g44139dde: * fix(zfcp_rules): remove collect based udev rule creators * fix(dasd_rules): remove collect based udev rule creators * fix(kernel-modules-extra): handle zstd module extension * fix(ifcfg): add SUSE specific write-ifcfg file (bsc#1193518) * fix(dracut-functions): skip iSCSI sessions without initiatorname (bsc#1195011) * fix(dracut-functions.sh): ip route parsing (bsc#1195011) * fix(fips): missing sourcing of dracut-lib * fix(fips): wrong error message * fix(network-legacy): install only existing SUSE specific files (bsc#1194879) * fix(network-legacy): set dhclient as optional (bsc#1194879) * fix(40network): consistent use of "$gw" for gateway (bsc#1192685) * fix(multipathd-configure.service): drop unneeded dependencies * fix(multipath): check if mpathconf is available * fix(multipathd.service): drop dependencies on iscsi and iscsid * fix(multipathd.service): adapt to upstream multipath-tools unit file * fix(multipathd.service): remove dependency on systemd-udev-settle * fix(fips): avoid shellcheck warnings * fix(fips): get _vmname value only if it is needed * fix(fips.sh): respect rd.fips.skipkernel * fix(fips): alignment with the upstream format ++++ kernel-default: - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195275). - commit 8151d53 - Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch. - commit 7c59b09 - KVM: SEV: initialize regions_list of a mirror VM (bsc#1194526). - KVM: SEV: move mirror status to destination of KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - KVM: SEV: do not use list_replace_init on an empty list (bsc#1194526). - KVM: SEV: expose KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM capability (bsc#1194526). - selftest: KVM: Add intra host migration tests (bsc#1194526). - commit 77a7ab5 - Delete patches.suse/0008-random-move-FIPS-continuous-test-to-output-functions.patch. Obsoleted by Nicolai's FIPS RNG rework. - commit 4892a02 - rpm/modules.fips: remove ansi_cprng (jsc#SLE-21132,bsc#1194773). - commit d8f6d39 - Delete patches.suse/fips-enable-ansi_cprng-in-testmgr (jsc#SLE-21132,bsc#1194773). - commit 9e8a9c1 - drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942 bsc#1195065). - commit b82dcaa - Delete patches.suse/net-mvpp2-Enable-autoneg-bypass-for-1000BaseX-2500Ba.patch. No longer needed. - commit 7ab8bc0 ++++ openssl-1_1: - Add a provides for openssl-has-RSA_get0_pss_params as required by nodejs16. [bsc#1192489] ++++ suse-module-tools: - Update to version 15.4.12: * Add /etc/modprobe.d/README on SLE/Leap (bsc#1195051) * rpm-script: force-copy kernel to /boot (boo#1194501) ++++ yast2: - ProductFeatures: add boot timeout option (jsc#SLE-22667) - 4.4.43 ------------------------------------------------------------------ ------------------ 2022-1-27 - Jan 27 2022 ------------------- ------------------------------------------------------------------ ++++ fontconfig: - adding bug reference to this changelog [bsc#1172301] ++++ kernel-default: - Delete patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch. Patch is part of v5.14 base kernel. - commit d3c2d60 - Refresh patches.suse/arch-arm64-mm_context-t-placeholder.patch. Re-enable kABI place holder for SLE15-SP4 - commit 7bf2c52 - dma-buf: cma_heap: Fix mutex locking section (git-fixes). - dma-buf: system_heap: Avoid warning on mid-order allocations (git-fixes). - commit 2944bf7 - drm/amdgpu/display: Only set vblank_disable_immediate when PSR is not enabled (git-fixes). - drm/amd/display: Enable PSR by default on newer DCN (git-fixes). - commit 9be44b2 - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - w1: Misuse of get_user()/put_user() reported by sparse (git-fixes). - usb: dwc2: gadget: initialize max_speed from params (git-fixes). - commit fa8f66b - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - USB: ehci_brcm_hub_control: Improve port index sanitizing (git-fixes). - usb: dwc3: meson-g12a: fix shared reset control use (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl011: Drop CR register reset on set_termios (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - soc: imx: gpcv2: Synchronously suspend MIX domains (git-fixes). - soc: ti: pruss: fix referenced node in error message (git-fixes). - commit 6ef0377 - rtc: cmos: take rtc_lock while reading from CMOS (git-fixes). - phy: mediatek: Fix missing check in mtk_mipi_tx_probe (git-fixes). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - regulator: da9121: Prevent current limit change when enabled (git-fixes). - PM: runtime: Add safety net to supplier device release (git-fixes). - rtw88: 8822c: update rx settings to prevent potential hw deadlock (git-fixes). - rsi: Fix out-of-bounds read in rsi_read_pkt() (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - rtw88: add quirk to disable pci caps on HP 250 G7 Notebook PC (git-fixes). - PM: AVS: qcom-cpr: Use div64_ul instead of do_div (git-fixes). - commit 0642d93 - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from lzo" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zlib" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zstd" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from generic helpers" (bsc#1193852). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from lzo" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zlib" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zstd" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from generic helpers" (bsc#1193852). - commit c24af5b - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout instead of open-coded polling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - mt76: mt7615: improve wmm index allocation (git-fixes). - mt76: do not pass the received frame with decryption error (git-fixes). - mt76: mt7615: fix possible deadlock while mt7615_register_ext_phy() (git-fixes). - net: phy: prefer 1000baseT over 1000baseKX (git-fixes). - commit fe2b42c - mmc: sdhci-pci-gli: GL9755: Support for CD/WP inversion on OF platforms (git-fixes). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mmc: tmio: reinit card irqs in reset routine (git-fixes). - mfd: tps65910: Set PWR_OFF bit during driver probe (git-fixes). - mfd: atmel-flexcom: Use .resume_noirq (git-fixes). - mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: rockchip: rkisp1: use device name for debugfs subdir name (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: don't use stack on USB reads (git-fixes). - commit 3a8fd18 - media: atomisp: fix "variable dereferenced before check 'asd'" (git-fixes). - media: cec: fix a deadlock situation (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: rcar-vin: Update format alignment constraints (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - media: venus: avoid calling core_clk_setrate() concurrently during concurrent video sessions (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: atomisp: handle errors at sh_css_create_isp_params() (git-fixes). - media: atomisp: check before deference asd variable (git-fixes). - media: atomisp-ov2680: Fix ov2680_set_fmt() clobbering the exposure (git-fixes). - commit d62b853 - mac80211: allow non-standard VHT MCS-10/11 (bsc#1192891). - iwlwifi: pcie: make sure prph_info is set when treating wakeup IRQ (git-fixes). - iwlwifi: mvm: fix AUX ROC removal (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - media: atomisp: set per-device's default mode (git-fixes). - media: atomisp: fix enum formats logic (git-fixes). - media: atomisp: add NULL check for asd obtained from atomisp_video_pipe (git-fixes). - commit 5c77fd4 - HID: Ignore battery for Elan touchscreen on HP Envy X360 15t-dr100 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i2c: i801: Don't silently correct invalid transfer size (git-fixes). - interconnect: qcom: rpm: Prevent integer overflow in rate (git-fixes). - iio: trigger: Fix a scheduling whilst atomic issue seen on tsc2046 (git-fixes). - HSI: core: Fix return freed object in hsi_new_client (git-fixes). - HID: magicmouse: Fix an error handling path in magicmouse_probe() (git-fixes). - iwlwifi: mvm: avoid clearing a just saved session protection id (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - commit 6ef8153 - drm/i915/display/ehl: Update voltage swing table (git-fixes). - floppy: Add max size check for user space request (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - HID: magicmouse: Report battery level over USB (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: i2c-hid-of: Expose the touchscreen-inverted properties (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/etnaviv: consider completed fence seqno in hang check (git-fixes). - commit b98cf3a - drm/etnaviv: limit submit sizes (git-fixes). - drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV (git-fixes). - drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV (git-fixes). - drm/vmwgfx: Release ttm memory if probe fails (git-fixes). - drm: rcar-du: Fix CRTC timings when CMM is used (git-fixes). - drm/amd/display: add else to avoid double destroy clk_mgr (git-fixes). - drm/amdgpu/display: set vblank_disable_immediate for DC (git-fixes). - drm/amd/display: check top_pipe_to_program pointer (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - commit 7ac44dd - crypto: qat - make pfvf send message direction agnostic (git-fixes). - Refresh patches.suse/crypto-qat-fix-undetected-PFVF-timeout-in-ACK-loop.patch. - commit 1517ba9 - crypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init() (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/bridge: dw-hdmi: handle ELD when DRM_BRIDGE_ATTACH_NO_CONNECTOR (git-fixes). - drm/ttm: Put BO in its memory manager's lru list (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/panel: Delete panel on mipi_dsi_attach() failure (git-fixes). - crypto: qat - remove unnecessary collision prevention step in PFVF (git-fixes). - commit 4a84546 - clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (git-fixes). - backlight: qcom-wled: Use cpu_to_le16 macro to perform conversion (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES (git-fixes). - Bluetooth: btintel: Add missing quirks and msft ext for legacy bootloader (git-fixes). - Bluetooth: MGMT: Use hci_dev_test_and_{set,clear}_flag (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor set_exp_feature with a feature table (git-fixes). - commit 4823532 - ath11k: Fix napi related hang (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet() (git-fixes). - ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep() (git-fixes). - ath11k: Avoid false DEADLOCK warning reported by lockdep (git-fixes). - ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work (git-fixes). - ath11k: Avoid NULL ptr access during mgmt tx cleanup (git-fixes). - ath11k: add string type to search board data in board-2.bin for WCN6855 (git-fixes). - ath11k: Fix crash caused by uninitialized TX ring (git-fixes). - commit 94ca4e3 - drm: Add kabi placeholders to commonly used structs (bsc#1179531). - commit 95ca796 - ASoC: mediatek: mt8183: fix device_node leak (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: mediatek: mt8192-mt6359: fix device_node leak (git-fixes). - ASoC: imx-hdmi: add put_device() after of_find_device_by_node() (git-fixes). - ACPI: CPPC: Check present CPUs for determining _CPC is valid (git-fixes). - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device on the GPD win (git-fixes). - ACPI / x86: Allow specifying acpi_device_override_status() quirks by path (git-fixes). - ACPI: Change acpi_device_always_present() into acpi_device_override_status() (git-fixes). - ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always present table (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - amdgpu/pm: Make sysfs pm attributes as read-only for VFs (git-fixes). - ath11k: qmi: avoid error messages when dma allocation fails (git-fixes). - commit e0f2245 - Update patches.suse/0002-char-random-reinstantiate-DRBGs-once-optimized-sha51.patch (jsc#SLE-21132,bsc#1191259,bsc#1195160). - commit 1ebad47 - net ticp:fix a kernel-infoleak in __tipc_sendmsg() (bsc#1195199 CVE-2022-0382). - net/packet: rx_owner_map depends on pg_vec (bsc#1195184 CVE-2021-22600). - commit 322fbf8 - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - commit 5d7a0a2 - rds: Fix memory leak in __rds_conn_create() (bsc#1194090 CVE-2021-45480). - commit 6d71aca - Update patches.suse/cpufreq-ondemand-set-default-up_threshold-to-30-on-multi-core-systems.patch (bsc#464461,bsc#981838,bsc#1064414,bsc#1144943,bsc#1193200,bsc#1193088). - commit 1420840 - Revert IPMI backports (bsc#1195195) It turned out that the recent backports of IPMI fixes cause a regression on arm64 machine. Deleted: patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch patches.suse/ipmi-bail-out-if-init_srcu_struct-fails.patch patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch - commit 435eaf7 ++++ systemd: - Make sure that libopenssl-devel is installed when building resolved. Openssl was implictly pulled in by systemd-experimental subpackage but could be missing if the build of this subpackage was disabled. ++++ sudo: - Add support in the LDAP filter for negated users, patch taken from upstream (jsc#20068) * Adds sudo-feature-negated-LDAP-users.patch ------------------------------------------------------------------ ------------------ 2022-1-26 - Jan 26 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Packaging additions with Autotools replacement: + Add Meson build requirement and replace Automake macros with Meson equivalent ones as autotools will be deprecated in the future. + Options passed to Meson to mimmic our default preferences: systemdsystemunitdir=%{_unitdir}, udev_dir=%{_udevdir}, dbus_conf_dir=%{_dbusconfdir}, iptables=%{_sbindir}/iptables, dnsmasq=%{_sbindir}/dnsmasq, dnssec_trigger=%{_libexecdir}\ /dnssec-trigger-script, dist_version=%{version}, polkit_agent_helper_1=%{_libexecdir}/polkit-1\ /polkit-agent-helper-1, hostname_persist=suse, switchable libaudit=%{libaudit_meson_opt}, iwd=true, pppd=%{_sbindir}\ /pppd, pppd_plugin_dir=%{_pppddir}, nm_cloud_setup=true, bluez5_dun=true, netconfig=%{_sbindir}/netconfig, dhclient=%{_sbindir}/dhclient, docs=true, switchable tests=%{tests_meson_opt}, more_asserts=0, more_logging=false, qt=false, and switchable teamdctl=true (teamctl is about to be deprecated). + Add conditionalized audit pkgconfig module build requirement to allow easier feature testing, and pass 'yes-disabled-by-default' to 'libaudit' Meson option. As an observation: Meson defaults passing 'yes' to this feature. + Add explicit c++_compiler build requirement to avoid build abortion. + Add explicit libselinux pkgconfig module build requirement checked by Meson and was already being pulled in by some other package. + Add polkit-gobject-1 pkgconfig module build requirement checked by Meson and needed for user auth-polkit support. + Add mobile-broadband-provider-info pkgconfig module build requirement checked by Meson and needed for ModemManager1 interface support. + Add sed command to fix server.conf config file location from defaultdocdir/NetworkManager/examples to defaultdocdir/NetworkManager. + Add useful %{_pppddir} and %{_dbusconfdir} macros to spec file, while dropping no longed needed pppddir shell variable definition and 'test -n "$pppddir" || exit 1' construct. + Add "< 1.21" version to libnm-glib-vpn1, libnm-glib4, and libnm-util2 < 1.21 to main package's Obsoletes tags, following packaging good practices to avoid future unwated behavior regarding versioning schemes. + Replace %version macro with hardcoded "0.9.1" version to the devel subpackage's %name-doc Obsoletes tag following packaging good practices to avoid future unwanted behaviors regarding versioning schemes (the doc subpackage was merged with the devel one in the 0.9.0 release). + Pass "%{?no_lang_C}" to %find_lang macro to avoid stripping any English translations (the default language) from main package. - Packaging deletions with Autotools replacement: + Remove data/server.conf from %doc macro in files section as it no longer works with Meson. + Remove "rm" command on server.conf file following sed command addition to fix the right location of the file. + Remove no longer useful conditional build abortion depending whether or not netconfig support was found 'grep "with_netconfig='no'" config.log' since this file isn't generated by Meson. + Remove no longer needed "find" command for GNU Libtool LA files deletion. + Drop no longer needed libtool build requirement as Meson does not use it. + Drop redundant sysconfig-netconfig build requirement as it does not add anything to the build anymore. + Drop comment about suse-release build requirement not being needed anymore, it's been deprecated for almost a decade now. + Drop setBadness for 'dbus-file-unauthorized' in the rpmlintrc: the new dbus file has been whitelisted already (bsc#1194799). ++++ apparmor: - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ++++ glib2: - Update to version 2.70.3: + Several important fixes to FD handling in gspawn. + Several important fixes to GDBus message and GVariant parsing of invalid data. + Fix potential data loss due to missing fsync when saving files on btrfs. + Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506, glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572, glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394, glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437, glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455. + Updated translations. ++++ kernel-default: - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - commit 37cc2d0 - mm: drop node from alloc_pages_vma (jsc#SLE-23098). - commit 27520d6 - mm/mempolicy: wire up syscall set_mempolicy_home_node (jsc#SLE-23098). - mm/mempolicy: add set_mempolicy_home_node syscall (jsc#SLE-23098). - mm/mempolicy: use policy_node helper with MPOL_PREFERRED_MANY (jsc#SLE-23098). - mm/mempolicy: unify the create() func for bind/interleave/prefer-many policies (jsc#SLE-23098). - mm/mempolicy: advertise new MPOL_PREFERRED_MANY (jsc#SLE-23098). - mm/hugetlb: add support for mempolicy MPOL_PREFERRED_MANY (jsc#SLE-23098). - mm/memplicy: add page allocation function for MPOL_PREFERRED_MANY policy (jsc#SLE-23098). - mm/mempolicy: add MPOL_PREFERRED_MANY for multiple preferred nodes (jsc#SLE-23098). - commit 41edfce - Update patches.suse/USB-gadget-detect-too-big-endpoint-0-requests.patch (bsc#1193802 CVE-2021-39685). Updated references for CVE that became known after the fix had been applied for other reasons - commit 149a312 - Refresh patches.suse/powerpc-security-mitigation-patching.sh-Support-X-ta.patch. - commit cc4f423 - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes). - commit ae5a8de ++++ libapparmor: - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ++++ systemd: - resolved: disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - resolved: disable fallback DNS servers and fail when no DNS server info could be obtained from the links. It's better to let the sysadmin know that something is likely misconfigured rather than silently handing over the DNS queries to Google or Cloudflare. - Replace '%setup+%autopatch' with '%autosetup' ++++ libvirt: - Revert commit 938382b60a since it changes semantics on some public APIs 105dace2-revert-virProcessGetStatInfo.patch ++++ samba: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); ++++ suseconnect-ng: - Update to version 0.0.6~git0.77933db: * Add man pages * Add note in DIFFERENCES.md about abbreviated flags * Add -l as an alias for --list-extensions * Add --clean as an alias for --cleanup (bsc#1195003) * Suppress expected error log message in TLS test * Add flag to import product repo keys (bsc#1174657) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#570 - use for build proper schema flavor (jsc#SLE-18820) - 16.57.13 ++++ toolbox: - Allow docker as an alternative to podman in the package Requires. This was supported since 2.2. ++++ u-boot-rpiarm64: Change branch to sle15-sp4. Add support for RPi Zero 2 (jsc#SLE-23131). Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0017-rpi-Add-identifier-for-the-new-RPi-.patch ++++ yast2: - Added Y2Packager::NewRepositorySetup to track new repositories (related to bsc#1194453) - 4.4.42 - Fix PackageAI call to PackagesProposal.GetResolvable. It prevents a crash when cloning a system (bsc#1195137). - 4.4.41 ++++ yast2-schema-micro: - Synced version with default schema (related to jsc#SLE-22069). - 4.4.10 ------------------------------------------------------------------ ------------------ 2022-1-25 - Jan 25 2022 ------------------- ------------------------------------------------------------------ ++++ iputils: - temporarily reintroduce rarpd and rdisc tools to get them into 15sp4 [jsc#SLE-23521] ++++ kernel-default: - net: bonding: fix bond_xmit_broadcast return value error bug (git-fixes). - mlx5: Don't accidentally set RTO_ONLINK before mlx5e_route_lookup_ipv4_get() (git-fixes). - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes). - RDMA/rxe: Remove the unnecessary variable (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - RDMA/hns: Modify the mapping attribute of doorbell to device (git-fixes). - RDMA/rtrs-clt: Fix the initial value of min_latency (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes). - Revert "net/mlx5: Add retry mechanism to the command entry index allocation" (git-fixes). - net/mlx5: Set command entry semaphore up once got index free (git-fixes). - net/mlx5e: Sync VXLAN udp ports during uplink representor profile change (git-fixes). - net/mlx5: Fix access to sf_dev_table on allocation failure (git-fixes). - net/mlx5e: Fix matching on modified inner ip_ecn bits (git-fixes). - Revert "net/mlx5e: Block offload of outer header csum for GRE tunnel" (git-fixes). - Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels" (git-fixes). - net/mlx5e: Don't block routes with nexthop objects in SW (git-fixes). - net/mlx5e: Fix wrong usage of fib_info_nh when routes with nexthop objects are used (git-fixes). - net/mlx5e: Fix nullptr on deleting mirroring rule (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (git-fixes). - bnxt_en: use firmware provided max timeout for messages (git-fixes). - igc: AF_XDP zero-copy metadata adjust breaks SKBs on XDP_PASS (git-fixes). - commit 450565e - Delete patches.suse/block-genhd-use-atomic_t-for-disk_event-block.patc. (bsc#1192913, bsc#1194850) - commit 62f1042 - mm: vmscan: reduce throttling due to a failure to make progress - fix (git fixes (mm/vmscan)). - mm: vmscan: Reduce throttling due to a failure to make progress (git fixes (mm/vmscan)). - commit 985ae57 - Delete patches.suse/mm-vmscan-Reduce-throttling-due-to-a-failure-to-make-progress.patch. - commit 758b892 - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: don't spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - commit 80bb4bf - sched/fair: Mark tg_is_idle() an inline in the !CONFIG_FAIR_GROUP_SCHED case (git fixes (sched/fair)). - commit 3fda91c - bpf, mm: Fix lockdep warning triggered by stack_map_get_build_id_offset() (git fixes (mm/mmap)). - commit 7c2b587 - mm: shmem: don't truncate page if memory failure happens v2 (bsc#1190208 (MM functional and performance backports)). - commit 4233c64 - Revert "mm: shmem: don't truncate page if memory failure happens" (git fixes (mm/shmem)). - commit 91b69dc - nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert (git fixes (mm/gup)). - commit d2119e6 - bpf: Fix out of bounds access for ringbuf helpers (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - bpf: Generally fix helper register offset check (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - bpf: Generalize check_ctx_reg for reuse with other types (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - commit 5803ef2 ++++ systemd: - Don't generate ID_NET_NAME_SLOT for devices behind a PCI bridge (bsc#1192637) If multiple NICs are behind a PCI bridge, each of them will get the same ID_NET_NAME_SLOT value leading to conflicting names. Such names weren't generated before SLE15-SP3. ++++ libvirt: - libxl: Add lock process indicator to saved VM state 31e937fb-libxl-save-lock-indicator.patch bsc#1191668 ++++ wayland: - There is a file conflict in current wayland-devel-32bit and prvevious libwayland-egl-devel-32bit package; therefore add a conflicts to baselibs.conf ++++ yast2: - Use Package module instead of PackageSystem (bsc#1194886). - 4.4.40 ------------------------------------------------------------------ ------------------ 2022-1-24 - Jan 24 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Remove /var/lib/YaST2/reconfig_system on successful runs ++++ glibc: - getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999, bsc#1194640, BZ #28769) ++++ kernel-default: - clocksource: Reduce the default clocksource_watchdog() retries to 2 (bsc#1192724). - commit ec1b82e - clocksource: Avoid accidental unstable marking of clocksources (bsc#1192724). - commit 8396e64 - x86/tsc: Disable clocksource watchdog for TSC on qualified platorms (bsc#1192724). - commit ad5e1ba - x86/tsc: Add a timer to make sure TSC_adjust is always checked (bsc#1192724). - commit c76fbc3 - Delete "Forgive repeated long-latency watchdog clocksource reads (bsc#1192724)" The patch being deleted was a tentative fix that never made it into upstream Linux. The clocksource instability issue will be addressed with more appropriate fixes. - scripts/git_sort/git_sort.py: Remove a dev branch of the -rcu tree - Delete patches.suse/clocksource-Forgive-repeated-long-latency-watchdog-c.patch. - commit 726d4be - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - commit c80b5de - scsi: kABI: Add suse_kabi_padding to scsi template structs (bsc#1195056). - commit 7342194 - Refresh patches.suse/0003-kabi-Add-placeholders-to-a-couple-of-important-struc.patch. - commit e169a7b - scsi: storvsc: Fix storvsc_queuecommand() memory leak (git-fixes). - commit a3c4175 - Move upstreamed IMA fix into sorted section - commit 8970684 - psi: Fix uaf issue when psi trigger is destroyed while being polled (git-fixes). - bitops: protect find_first_{,zero}_bit properly (git-fixes). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - commit b4b4dff - selftests/powerpc: Use date instead of EPOCHSECONDS in mitigation-patching.sh (bsc#1194305 ltc#195651). - commit d103181 - Refresh patches.suse/powerpc-security-mitigation-patching.sh-Support-X-ta.patch (bsc#1194305 ltc#195651). - commit 96568cb - powerpc/64s: Mask SRR0 before checking against the masked NIP (bsc#1194869). - commit 2f4f88b ++++ util-linux: - Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996, bsc#1194976, util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch, util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch). ++++ pciutils: - Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch (bsc#1192862) ++++ util-linux-systemd: - Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996, bsc#1194976, util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch, util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch). ++++ yast2: - Preload libsuseconnect.so if available. On aarch64 installer/YaST sometimes failed to load libsuseconnect.so with "cannot allocate memory in static TLS block" error. Loading the library before others solves the problem until a better solution is found (bsc#1194996). - 4.3.39 ++++ yast2-trans: - Update to version 84.87.20220123.256c7f91b3: * Translated using Weblate (Spanish) * Translated using Weblate (Catalan) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'country'. * New POT for text domain 'autoinst'. * New POT for text domain 'add-on'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * product-check.sh: Proper indentation for bc095e9e0d * product-check.sh: Add new check More projects use the same RPMNAME * product-check.sh: Update sample configuration to SLE15 SP4 and Leap 15.4. * Add sap-installation-wizard to DOMAIN_MAP. * New POT for text domain 'wol'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'relocation-server'. * New POT for text domain 'reipl'. * New POT for text domain 'registration'. * New POT for text domain 'rdp'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'multipath'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'iplb'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'cluster'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'add-on'. * Automatic update of wol. * Automatic update of vpn. * Automatic update of users. * Automatic update of update. * Automatic update of tune. * Automatic update of s390. * Automatic update of sysconfig. * Automatic update of support. * Automatic update of sudo. * Automatic update of storage. * Automatic update of squid. * Automatic update of sound. * Automatic update of snapper. * Automatic update of slp-server. * Automatic update of services-manager. * Automatic update of security. * Automatic update of scanner. * Automatic update of sap-installation-wizard. * Automatic update of samba-server. * Automatic update of samba-client. * Automatic update of rmt. * Automatic update of relocation-server. * Automatic update of reipl. * Automatic update of registration. * Automatic update of rdp. * Automatic update of proxy. * Automatic update of printer. * Automatic update of pam. * Automatic update of packager. * Automatic update of online-update. * Automatic update of ntp-client. * Automatic update of nis_server. * Automatic update of nis. * Automatic update of nfs_server. * Automatic update of nfs. * Automatic update of network. * Automatic update of multipath. * Automatic update of migration. * Automatic update of mail. * Automatic update of ldap-client. * Automatic update of ldap. * Automatic update of kdump. * Automatic update of journalctl. * Automatic update of isns. * Automatic update of iscsi-lio-server. * Automatic update of iscsi-client. * Automatic update of iplb. * Automatic update of instserver. * Automatic update of installation. * Automatic update of http-server. * Automatic update of geo-cluster. * Automatic update of ftp-server. * Automatic update of firewall. * Automatic update of fcoe-client. * Automatic update of drbd. * Automatic update of dns-server. * Automatic update of dhcp-server. * Automatic update of crowbar. * Automatic update of country. * Automatic update of control. * Automatic update of cluster. * Automatic update of bootloader. * Automatic update of base. * Automatic update of autoinst. * Automatic update of auth-client. * Automatic update of audit-laf. * Automatic update of apparmor. * Automatic update of add-on. * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Do not translate yast/y2status * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'wol'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'relocation-server'. * New POT for text domain 'reipl'. * New POT for text domain 'registration'. * New POT for text domain 'rdp'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'multipath'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'iplb'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'cluster'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'add-on'. * Update DOMAIN_MAP * Automatic update of wol. * Automatic update of vpn. * Automatic update of users. * Automatic update of update. * Automatic update of tune. * Automatic update of s390. * Automatic update of sysconfig. * Automatic update of support. * Automatic update of sudo. * Automatic update of storage. * Automatic update of squid. * Automatic update of sound. * Automatic update of snapper. * Automatic update of slp-server. * Automatic update of services-manager. * Automatic update of security. * Automatic update of scanner. * Automatic update of samba-server. * Automatic update of samba-client. * Automatic update of rmt. * Automatic update of relocation-server. * Automatic update of reipl. * Automatic update of registration. * Automatic update of rdp. * Automatic update of qt-pkg. * Automatic update of qt. * Automatic update of proxy. * Automatic update of printer. * Automatic update of pam. * Automatic update of packager. * Automatic update of online-update. * Automatic update of ntp-client. * Automatic update of nis_server. * Automatic update of nis. * Automatic update of nfs_server. * Automatic update of nfs. * Automatic update of network. * Automatic update of ncurses-pkg. * Automatic update of ncurses. * Automatic update of multipath. * Automatic update of migration. * Automatic update of mail. * Automatic update of ldap-client. * Automatic update of ldap. * Automatic update of kdump. * Automatic update of journalctl. * Automatic update of isns. * Automatic update of iscsi-lio-server. * Automatic update of iscsi-client. * Automatic update of iplb. * Automatic update of instserver. * Automatic update of installation. * Automatic update of http-server. * Automatic update of geo-cluster. * Automatic update of ftp-server. * Automatic update of firstboot. * Automatic update of firewall. * Automatic update of fcoe-client. * Automatic update of drbd. * Automatic update of dns-server. * Automatic update of dhcp-server. * Automatic update of crowbar. * Automatic update of country. * Automatic update of control. * Automatic update of cluster. * Automatic update of bootloader. * Automatic update of base. * Automatic update of autoinst. * Automatic update of auth-client. * Automatic update of audit-laf. * Automatic update of apparmor. * Automatic update of add-on. ------------------------------------------------------------------ ------------------ 2022-1-23 - Jan 23 2022 ------------------- ------------------------------------------------------------------ ++++ qemu: - Enable modules for testsuite ------------------------------------------------------------------ ------------------ 2022-1-22 - Jan 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: mpc8xxx: Fix an ignored error return from platform_get_irq() (git-fixes). - gpio: idt3243x: Fix an ignored error return from platform_get_irq() (git-fixes). - commit d403da6 - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: vivaldi: fix handling devices not using numbered reports (git-fixes). - rtc: pxa: fix null pointer dereference (git-fixes). - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes). - drm/amdgpu: don't do resets on APUs which don't support it (git-fixes). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - gpio: idt3243x: Fix IRQ check in idt_gpio_probe (git-fixes). - gpio: mpc8xxx: Fix IRQ check in mpc8xxx_probe (git-fixes). - commit 06c7e48 - ALSA: hda/cs8409: Add new Warlock SKUs to patch_cs8409 (git-fixes). - ALSA: core: Simplify snd_power_ref_and_wait() with the standard macro (git-fixes). - ALSA: core: Fix SSID quirk lookup for subvendor=0 (git-fixes). - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi (git-fixes). - ALSA: hda/realtek: fix speakers and micmute on HP 855 G8 (git-fixes). - commit 8124ea4 - HID: wacom: Avoid using stale array indicies to read contact count (bsc#1194667). - HID: wacom: Ignore the confidence flag when a touch is removed (bsc#1194667). - HID: wacom: Reset expected and received contact counts at the same time (bsc#1194667). - commit 19261e1 ------------------------------------------------------------------ ------------------ 2022-1-21 - Jan 21 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - Change to systemd-sysusers ++++ kdump: - kdump-calibrate-Ignore-malformed-VMCOREINFO.patch: calibrate: Ignore malformed VMCOREINFO lines (address occasional OBS build failures). - Update to 1.0 * Estimate kdump memory requirements at build time (jsc#SLE-18441). - Remove patches that have been upstreamed: * kdump-0.9.2-mkdumprd-properly-pass-compression-params.patch ++++ kernel-default: - drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330 bsc#1194880). - commit d011369 - vfs: fs_context: fix up param length parsing in legacy_parse_param (CVE-2022-0185 bsc#1194517). - Rename and retag following upstream merge from: patches.suse/vfs-Out-of-bounds-write-of-heap-buffer-in-fs_context-c.patch to patches.suse/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch - commit e3271e6 - Update patches.suse/sctp-account-stream-padding-length-for-reconf-chunk.patch (stable-5.14.14 bsc#1194985 CVE-2022-0322). Added bsc/CVE reference - commit c9b8efe ++++ systemd: - Move the whole content of /usr/share/doc/packages/systemd in doc subpackage ++++ virglrenderer: - Pick up the full upstream patch for bsc#1194601, so we know from where it comes * No functional change intended ++++ lshw: - Update to version B.02.19.2+git.20211222: * Add Spanish translation * Fix mistakes in Catalan translation ++++ samba: - Update to 4.15.4 * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#563 - do not reset standard file descriptors in inst_setup, linuxrc takes care (bsc#1193910, jsc#SLE-18632) - 16.57.12 - merge gh#openSUSE/installation-images#566 - Add RPi4 arm-trusted-firmware package (bsc#1173489) - 16.57.11 ++++ yast2: - Unify Package, PackageSystem and PackageAI. Now the Package module is the entry point. PackageSystem and PackageAI implement specific logic and they should not be referenced from outside (bsc#1194886). - 4.3.38 - Fix CWM dialog: argument delegation is handled differently in ruby 2.6 and before (bsc#1194984). - 4.4.37 ++++ yast2-schema-micro: - Adapt dependencies for SLE15 SP3 as micro is based on it ------------------------------------------------------------------ ------------------ 2022-1-20 - Jan 20 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Split out NetworkManager-pppoe, needed to configure regular PPPoE connections (Not very common, as most users have PPPoE routers for the DSL connections). ++++ jeos-firstboot: - Update to version 1.1.0.0: * Introduce welcome screen for console switching (boo#1184157, jsc#SLE-18306) * Drop redundant functions in jeos-firstboot-functions * Drop call to snapper setup-quota, kiwi does that meanwhile ++++ kernel-default: - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors (bsc#1192644 jsc#SLE-17823). - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (bsc#1192644 jsc#SLE-17823). - hwmon: (k10temp) Remove unused definitions (bsc#1192644 jsc#SLE-17823). - x86/amd_nb: Add AMD Family 19h Models (10h-1Fh) and (A0h-AFh) PCI IDs (bsc#1192644 jsc#SLE-17823). - commit b55859b - Revert "net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in __fixed_phy_register" (git-fixes). - commit a9c90b6 - mt76: mt7921: fix possible resume failure (git-fixes). - commit adeea28 - media: c8sectpfe: fix double free in configure_channels() (git-fixes). - media: c8sectpfe: remove redundant assignment to pointer tsin (git-fixes). - commit 4ff2399 - Add cherry-picked IDs for media videobuf2 fix - commit e45c889 - iwlwifi: don't pass actual WGDS revision number in table_revision (git-fixes). - commit c270187 - Add cherry-picked ID to HID fix patch - commit 57fe3df - bus: mhi: core: Fix reading wake_capable channel configuration (git-fixes). - bus: mhi: pci_generic: Graceful shutdown on freeze (git-fixes). - commit 36e2acb - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - net: phy: micrel: use kszphy_suspend()/kszphy_resume for irq aware devices (git-fixes). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - net: phy: marvell: add Marvell specific PHY loopback (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - 9p: only copy valid iattrs in 9P2000.L setattr implementation (git-fixes). - drm/amd/display: explicitly set is_dsc_supported to false before use (git-fixes). - net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in __fixed_phy_register (git-fixes). - commit 8409861 - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - commit 68b36f0 - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194959). - commit ab3cc62 ++++ libzypp: - Fix Legacy include (bsc#1194597) - version 17.29.2 (22) ++++ rpm: - Revert unwanted /usr/bin/python -> /usr/bin/python2 change we got with the update to 4.14.3 [bsc#1194968] new patch: no-python2.diff ++++ virt-manager: - bsc#1194323 - [jsc#SLE-19237][virt-manager] Detected the wrong win2k22 guest system version from the local install media virtinst-windows-server-detection.patch - Upstream bug fixes (bsc#1027942) 8bb64ad5-console-Dont-block-console-reconnect-for-non-error.patch Drop virtman-init-viewer-on-reboot.patch ------------------------------------------------------------------ ------------------ 2022-1-19 - Jan 19 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to allow ICMP ping - added patches + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch ++++ btrfsprogs: - add python-rpm-macros (bsc#1194748) ++++ glibc: - 0001-powerpc-Optimized-strcpy-for-POWER9.patch, 0002-powerpc-Optimized-stpcpy-for-POWER9.patch, 0003-powerpc-Optimized-rawmemchr-for-POWER9.patch, 0004-powerpc64le-add-optimized-strlen-for-P9.patch, 0005-powerpc-fix-ifunc-implementation-list-for-POWER9-str.patch, 0006-powerpc-Add-optimized-strncpy-for-POWER9.patch, 0007-powerpc-Add-optimized-stpncpy-for-POWER9.patch, 0008-powerpc-Add-optimized-ilogb-for-POWER9.patch, 0009-powerpc-Add-optimized-llogb-for-POWER9.patch, 0010-powerpc-Add-optimized-strlen-for-POWER10.patch, 0011-powerpc64le-Optimized-memmove-for-POWER10.patch, 0012-powerpc64le-Optimize-memcpy-for-POWER10.patch, 0013-powerpc64le-Optimize-memset-for-POWER10.patch, 0014-powerpc64le-Fix-ifunc-selection-for-memset-memmove-b.patch, 0015-powerpc-Add-optimized-rawmemchr-for-POWER10.patch: ppc64le ifunc improvements (bsc#1194785, jsc#SLE-18195) ++++ kernel-default: - mount: warn only once about timestamp range expiration (bsc#1193000). - commit d968bc1 - Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch (git-fixes bsc#1193660 ltc#195634). - commit 6be7501 - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - commit 17d77e0 - livepatch: Fix missing unlock on error in klp_enable_patch() (bsc#1071995). - commit 3aafada - livepatch: Fix kobject refcount bug on klp_init_patch_early failure path (bsc#1071995). - commit 14928de - PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU (bsc#1194887). - commit b96f35f - livepatch/kabi: refresh and reenable kABI padding for future arm64 support - commit c5ed388 - Reenabling kABI placeholders for generic fpga stuff - commit b6c6ae1 - Reenabling kABI placeholders for generic crypto stuff - commit e9350d4 - Reenabling kABI placeholders for the QAT crypto driver - commit 1804445 - Refresh patches.suse/0001-kABI-more-hooks-for-PCI-changes.patch. Reenabling kABI placeholders for PCI stuff - commit 6145d27 - Refresh patches.suse/0001-Thunderbolt-kABI-paddings-added.patch. - Refresh patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch. - Delete patches.suse/0001-USB-fix-kABI-padding.patch. Reenabling the kABI placeholders for Type C stuff - commit 297e89c - powerpc/64s: Use EMIT_WARN_ENTRY for SRR debug warnings (bsc#1194869). - powerpc/64s: Mask NIP before checking against SRR0 (bsc#1194869). - Revert "powerpc: Inline setup_kup()" (bsc#1194869). - powerpc/modules: Don't WARN on first module allocation attempt (bsc#1194869). - powerpc/module_64: Fix livepatching for RO modules (bsc#1194869). - powerpc/xive: Change IRQ domain to a tree domain (bsc#1194869). - commit 3b9be9e - net: Prevent HW-GRO and LRO features operate together (bsc#1194628). - commit b3b76f5 - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - commit 178d341 - sched,x86: Don't use cluster topology for x86 hybrid CPUs (jsc#SLE-18889,bnc#1194825). - commit a3cf05e - Refresh patches.suse/cpuidle-Poll-for-a-minimum-of-30ns-and-poll-for-a-tick-if-lower-c-states-are-disabled.patch. Forward port for evaluation. - commit 3ec28d7 - S390: Fix mlx5 throughput degradtion (jsc#SLE-22496). - commit 6fe12cf - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - commit 07fce74 - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - commit 008135a - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - commit b26d0d8 - Add cherry-picked IDs for qemu fw_cfg patches - commit 550427b - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - commit c39ded5 - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix race for the tx desc callback (git-fixes). - dmaengine: at_xdmac: Fix concurrency over chan's completed_cookie (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: at_xdmac: Don't start transactions at tx_submit level (git-fixes). - dmaengine: idxd: fix wq settings post wq disable (git-fixes). - dmaengine: uniphier-xdmac: Fix type of address variables (git-fixes). - Documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - virtio_ring: mark ring unused on error (git-fixes). - virtio/virtio_mem: handle a possible NULL as a memcpy parameter (git-fixes). - remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP (git-fixes). - remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided (git-fixes). - remoteproc: imx_rproc: Fix a resource leak in the remove function (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - drm/i915: Fix Memory BW formulae for ADL-P (git-fixes). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - commit ceaa6fc - Update config files (bsc#1194858). CONFIG_INTEL_IDXD_COMPAT=n - commit 86e1929 ++++ kernel-firmware: - Update to version 20220119 (git commit 0c6a7b3bf728): * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: update firmware for mediatek bluetooth chip(MT7921) * linux-firmware: update firmware for MT7921 WiFi device * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1232 * linux-firmware: add marvell CPT firmware images * QCA: Add Bluetooth nvm file for WCN685x * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00324 * QCA: Update Bluetooth WCN685x 2.0 firmware to 2.0.0-00609 * i915: Add GuC v69.0.3 for all platforms - Add entry for rvu_cptpf ++++ libgcrypt: - FIPS: Service level indicator [bsc#1190700] * Provide an indicator to check wether the service utilizes an approved cryptographic algorithm or not. * Add patches: - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch ++++ libnvme: - Remove Provide for python package. - Remove explicit tar file name for setup step. ++++ systemd: - Move the systemd-network-generator stuff in udev package This generator can generate .link files and is mainly used in initrd where udev is mandatory. ++++ nvme-cli: - Fix zsh completion package depenedencies. ++++ systemd-rpm-macros: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ++++ wicked: - fsm: fix device rename via yast (bsc#1194392) Reset worker config instead to reject a NULL/empty config xml node -- introduced in wicked 0.6.67 by commit c2a0385. [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] ++++ yast2-schema-micro: - initial package to have dedicated limited schema for Micro product (jsc#SLE-18820) - 4.4.9 ------------------------------------------------------------------ ------------------ 2022-1-18 - Jan 18 2022 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Update to version 5.2.0: * providers: log message when SSH key is removed * providers: limit hostname file output value to HOST_NAME_MAX bytes * Consistently un-capitalize log messages * Explicitly log the hostname we write * providers/microsoft: allow unused fields in goal state structs * providers: only log we wrote SSH keys when we actually did - Update to version 5.1.0: * Add PowerVS provider * cli: correctly print version when --version specified * cli: don't report an error when --help or --version is specified * providers/packet: access metadata service over HTTPS * providers/gcp: access GCP metadata service by IP address * minimum supported rust version is now 1.49.0 * Refresh fix-authorized-keys-location.patch ++++ gnutls: - Update to 3.7.3: [bsc#1190698, bsc#1190796] * libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). * The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. * libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. * certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. * certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. * libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. * libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. * libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). * libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. * gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). * libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] * API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Remove patches fixed in the update: - gnutls-FIPS-module-version.patch - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - gnutls-FIPS-RSA-mod-sizes.patch - FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] * Add gnutls-FIPS-disable-failing-tests.patch * Remove patches: - gnutls-temporarily_disable_broken_guile_reauth_test.patch - gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - disable-psk-file-test.patch ++++ kernel-default: - Delete patches.suse/crypto-qat-fix-undetected-PFVF-timeout-in-ACK-loop.patch. Remove empty patch - commit a3108c7 - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - commit e8dfc9f - Refresh patches.suse/s390-mm-fix-2KB-pgtable-release-race.patch. Correct the acked-by tag to the right position. - commit 88fc17d - s390/mm: fix 2KB pgtable release race (bsc#1188896). - commit 31e123b - nvme: fix visibility of dev_attr_dhchap_ctrl_secret sysfs attribute (bsc#1194839). - commit f70152e - Re-enable kABI placeholder pathces for HD-audio and ASoC - commit c77cdff - ALSA: seq: virmidi: Add a drain operation (bsc#1192354). - ALSA: hda: Add new AlderLake-P variant PCI ID (bsc#1192354). - ALSA: hda: Add AlderLake-N PCI ID (bsc#1192354). - ALSA: hda: use swap() to make code cleaner (bsc#1192354). - ALSA: seq: Set upper limit of processed events (bsc#1192354). - ALSA: usb-audio: Drop CONFIG_PM ifdefs (bsc#1192354). - ALSA: Fix some typo (bsc#1192354). - ALSA: hda/hdmi: Consider ELD is invalid when no SAD is present (bsc#1192354). - ALSA: hda: Do disconnect jacks at codec unbind (bsc#1192354). - commit 3705026 - Update patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch (bsc#1193883 bsc#1194826 CVE-2022-0264). - commit b1fc140 - tracing/osnoise: Properly unhook events if start_per_cpu_kthreads() fails (git-fixes). - commit e3c4174 - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - commit f960845 - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - commit face3d9 - typeC: Add kABI placeholders (bsc#1183030). - commit 6c5f823 - nvme-auth: fixup crash at boot (jsc#SLE-20183). - commit 8f1ac2e - xfs: fix I_DONTCACHE (git-fixes). - commit 0f76c7a - libertas_tf: Add missing __packed annotations (git-fixes). - commit 84a12f8 - libertas_tf: Use struct_group() for memcpy() region (git-fixes). - commit aa4014c - selftests: KVM: Add test to verify KVM doesn't explode on "bad" I/O (bsc#1194298). - KVM: x86: Don't WARN if userspace mucks with RCX during string I/O exit (bsc#1194298). - commit 12e4caa - blacklist.conf: 3e2a56e6f639 ("tracing: Have syscall trace events use trace_event_buffer_lock_reserve()") Optimization only. - commit 3a0a34b - SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points (git-fixes). - commit 2d4609d - swiotlb: Add CONFIG_HAS_IOMEM check around swiotlb_mem_remap() (bsc#1183682). - commit c991d0b - Move upstreamed hyperv patches into sorted section - commit 12240b4 - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in 'hci_dat_v1_get_index()' (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - commit e6ac0a5 - Move upstreamed crypto and arm64 patches into sorted section - commit a4955ac - SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point (git-fixes). - commit c1d9cfb - devtmpfs regression fix: reconfigure on each mount (bsc#1193377). - commit 92e66c4 ++++ libblockdev: - Remove unnecessary dependency of libbd_part2 on multipath-tools (bsc#1194771) ++++ gcc11: - Remove sys/rseq.h from include-fixed ++++ libnvme: - Use osc_scm to manage upstream input source. - Fix Source URL ++++ systemd: - Restore /sbin/udevadm and /bin/systemctl (obsolete) paths (bsc#1194519) ++++ libvirt: - sysconfig files have not been distributed for many months. Add upstream patches that improve documentation and moves service default settings to the associated systemd service file. 3be5ba11-libvirt-guests-install.patch, 16172741-libvirt-guests-manpage.patch, 8eb44616-remove-sysconfig-files.patch - Update to libvirt 8.0.0 - CVE-2021-4147 - bsc#1191511 - jsc#SLE-11435, jsc#SLE-18354 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-0-0-2022-01-14 - Dropped patches: 23b51d7b-libxl-disable-death-event.patch, a4e6fba0-libxl-rename-threadinfo-struct.patch, e4f7589a-libxl-shutdown-thread-name.patch, b9a5faea-libxl-handle-death-thread.patch, 5c5df531-libxl-search-domid-in-thread.patch, a7a03324-libxl-protect-logger-access.patch, cbae4eaa-libxl-add-domainGetMessages.patch ++++ nfs-utils: - Add 0020-mountd-Initialize-logging-early.patch If an error or warning message is produced before closeall() is called, mountd gets confused and doesn't work. (bsc#1194661) ++++ nvme-cli: - Use osc_scm to manage upstream input source. - Fix version string. ++++ python-libvirt-python: - Update to 8.0.0 - Add all new APIs and constants in libvirt 8.0.0 - jsc#SLE-11435, jsc#SLE-18354 ++++ samba: - Use pkgconfig(krb5) as dependency for the -devel package: allow OBS to pick the right flavor of krb5-devel (full vs mini). - Do not require the 'krb5' symbol by samba-client-libs: this package has an automatic dependency due to linkage on libgssapi_krb5.so.2. Automatic deps are always better. - Do not require the 'krb5' symbol from samba-libs: samba-libs requires samba-client-libs, which in turn requires krb5 libraries. Samba-libs itself has no need for krb5 (but get it indirectly anyway). ------------------------------------------------------------------ ------------------ 2022-1-17 - Jan 17 2022 ------------------- ------------------------------------------------------------------ ++++ aide: - aide-0.16-cve-2021-45417.patch: Fix a bufferoverflow in base64 functions (bsc#1194735 CVE-2021-45417) ++++ apparmor: - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). ++++ avahi: - Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). This can probably go away if/when gh#lathiat/avahi#118 is fixed. - Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should no longer need this given the above patch. - Add several patches from git: 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch 0006-man-add-missing-bshell.1-symlink.patch 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch 0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch - Build manpages with xmltoman. Currently needed for bssh. - Minor spec file clean-up. - Require python-rpm-macros for all builds (boo#1194744 boo#1194745). ++++ cifs-utils: - Update cifs-utils.spec: * Remove unused !BuildIgnore: samba-client BuildRequires: libwbclient-devel - Update to cifs-utils 6.14 * smbinfo is enhanced with capability to display alternate data streams * setcifsacl is improved to optionally reorder ACEs in preferred order * cifs.upcall regression in kerberos mount is fixed * remove cifs-utils-6.13.tar.bz2 * remove cifs-utils-6.13.tar.bz2.asc * add cifs-utils-6.14.tar.bz2 * add cifs-utils-6.14.tar.bz2.asc - Drop upstream fixed patches: * 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch ++++ docker: - Update to Docker 20.10.12-ce. See upstream changelog online at . - Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the changelogs are currently only available online. ++++ dracut: - Update to version 055+suse.194.gdd41932a: * fix(network-legacy): add wicked as an alternative to arping (bsc#1193670) * fix(network): add wicked as an alternative to arping (bsc#1193670) - Update to version 055+suse.191.g67eb4ea8: * fix(dracut-initramfs-restore.sh): add test for SUSE initrd name (bsc#1194570) * fix(dracut.spec): require util-linux-systemd (bsc#1194162) * fix(network-wicked): multiple path corrections * fix(drm): add privacy screen modules to the initrd (bsc#1193590) ++++ glibc: - clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create for "unix" (CVE-2022-23219, bsc#1194768, BZ #22542) - svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create (CVE-2022-23218, bsc#1194770, BZ #28768) ++++ gnutls: - FIPS: Provide module identifier and version [bsc#1190796] * Add configurable options to output the module name/identifier (--with-fips140-module-name) and the module version (--with-fips140-module-version). * Add the CLI option list-config that reports the configuration of the library. * Add gnutls-FIPS-module-version.patch ++++ kbd: - Add patch to fix random doubling of font sizes (bsc#1194698): * 0001-libkfont-Initialize-kfont_context-options.patch ++++ kernel-default: - drm/i915: Update memory bandwidth formulae (jsc#SLE-22724). - commit 2ae01ab - drm/i915: Clean-up bonding debug message (jsc#SLE-22724). - commit 26ae0ff - drm/i915: s/ddi_translations/trans/ (jsc#SLE-22724). - commit f572040 - drm/i915/bios: get rid of vbt ddi_port_info (jsc#SLE-22724). - commit 88e2afa - drm/i915/bios: use ddc pin directly from child data (jsc#SLE-22724). - commit 453ff21 - drm/i915/bios: move ddc pin mapping code next to ddc pin sanitize (jsc#SLE-22724). - Refresh patches.suse/drm-i915-Fix-type1-DVI-DP-dual-mode-adapter-heuristi.patch. - commit 1eb8e9c - drm/i915/bios: use alternate aux channel directly from child data (jsc#SLE-22724). - commit ed48aa0 - drm/i915/bios: use dp max link rate directly from child data (jsc#SLE-22724). - commit 34545c4 - drm/i915/bios: use max tmds clock directly from child data (jsc#SLE-22724). - commit ab53297 - drm/i915/bios: use hdmi level shift directly from child data (jsc#SLE-22724). - commit 01b51f5 - powerpc/security/mitigation-patching.sh: Support X taint flag (bsc#1194305 ltc#195651). - commit 18af6bc - tracing/probes: check the return value of kstrndup() for pbuf (git-fixes). - commit 2424e3d - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - commit d142b62 - tracing: Do not let synth_events block other dyn_event systems during create (git-fixes). - commit 7b4ab30 - dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property (git-fixes). - workqueue: Fix unbind_workers() VS wq_worker_sleeping() race (git-fixes). - workqueue: Fix unbind_workers() VS wq_worker_running() race (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't positive (git-fixes). - selinux: fix sleeping function called from invalid context (git-fixes). - preempt/dynamic: Fix setup_preempt_mode() return value (git-fixes). - sock: fix /proc/net/sockstat underflow in sk_clone_lock() (git-fixes). - scripts: update the comments of kallsyms support (git-fixes). - commit 9f1e40d - dt-bindings: display: meson-vpu: Add missing amlogic,canvas property (git-fixes). - dt-bindings: thermal: Fix definition of cooling-maps contribution property (git-fixes). - dt-bindings: net: Reintroduce PHY no lane swap binding (git-fixes). - dt-bindings: media: nxp,imx7-mipi-csi2: Drop bad if/then schema (git-fixes). - dt-bindings: i2c: imx: hardware do not restrict clock-frequency to only 100 and 400 kHz (git-fixes). - dt-bindings: display: xilinx: Fix example with psgtr (git-fixes). - dt-bindings: devfreq: rk3399_dmc: fix clocks in example (git-fixes). - dt-bindings: net: dsa: marvell: fix compatible in example (git-fixes). - dt-bindings: net: dsa: sja1105: update nxp,sja1105.yaml reference (git-fixes). - dt-bindings: pinctrl: mt8195: Use real world values for drive-strength arguments (git-fixes). - commit b68e291 - Documentation/locking/locktypes: Update migrate_disable() bits (git-fixes). - commit ff0f4be - arm64: tegra: Remove non existent Tegra194 reset (git-fixes). - arm64: mte: DC {GVA,GZVA} shouldn't be used when DCZID_EL0.DZP == 1 (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes). - arm64: errata: Fix exec handling in erratum 1418040 workaround (git-fixes). - dt-bindings: mtd: update mtd-physmap.yaml reference (git-fixes). - dt-bindings: msm: dsi: add missing 7nm bindings (git-fixes). - dt-bindings: iio: accel: bma255: Fix interrupt type (git-fixes). - dt-bindings: phy: Rename Intel Keem Bay USB PHY bindings (git-fixes). - dt-bindings: firmware: update arm,scpi.yaml reference (git-fixes). - commit 7b30d34 - arm64: dts: qcom: ipq6018: Fix gpio-ranges property (git-fixes). - arm64: dts: qcom: c630: Fix soundcard setup (git-fixes). - arm64: dts: qcom: msm8916: fix MMC controller aliases (git-fixes). - arm64: dts: qcom: sc7280: Fix incorrect clock name (git-fixes). - arm64: dts: qcom: msm8996: drop not documented adreno properties (git-fixes). - arm64: dts: marvell: cn9130: enable CP0 GPIO controllers (git-fixes). - arm64: dts: marvell: cn9130: add GPIO and SPI aliases (git-fixes). - arm64: dts: ti: k3-j7200: Correct the d-cache-sets info (git-fixes). - arm64: dts: ti: k3-j721e: Fix the L2 cache sets (git-fixes). - arm64: dts: ti: k3-j7200: Fix the L2 cache sets (git-fixes). - commit 97c18d2 - arm64: dts: ti: k3-am642: Fix the L2 cache sets (git-fixes). - arm64: dts: ti: k3-j721e: correct cache-sets info (git-fixes). - arm64: dts: meson-gxbb-wetek: fix missing GPIO binding (git-fixes). - arm64: dts: meson-gxbb-wetek: fix HDMI in early boot (git-fixes). - arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+ (git-fixes). - arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name (git-fixes). - arm64: dts: renesas: cat875: Add rx/tx delays (git-fixes). - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes). - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes). - arm64: dts: rockchip: fix poweroff on helios64 (git-fixes). - commit 68a372e - arm64: dts: rockchip: fix audio-supply for Rock Pi 4 (git-fixes). - arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply (git-fixes). - arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply (git-fixes). - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge (git-fixes). - arm64: dts: imx8mq: remove interconnect property from lcdif (git-fixes). - arm64: kexec: Fix missing error code 'ret' warning in load_other_segments() (git-fixes). - arm64: ftrace: add missing BTIs (git-fixes). - arm64: uaccess: avoid blocking within critical sections (git-fixes). - arm64: dts: qcom: sdm845-oneplus: remove devinfo-size from ramoops node (git-fixes). - arm64: dts: allwinner: a100: Fix thermal zone node name (git-fixes). - commit 08fa850 - arm64: dts: allwinner: h5: Fix GPU thermal zone node name (git-fixes). - arm64: dts: imx8mm-kontron: Fix reset delays for ethernet PHY (git-fixes). - arm64: dts: ls1012a: Add serial alias for ls1012a-rdb (git-fixes). - arm64: dts: freescale: fix arm,sp805 compatible string (git-fixes). - arm64: dts: hisilicon: fix arm,sp805 compatible string (git-fixes). - arm64: dts: broadcom: bcm4908: Move reboot syscon out of bus (git-fixes). - arm64: dts: qcom: sdm845: Fix qcom,controlled-remotely property (git-fixes). - arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property (git-fixes). - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency (git-fixes). - commit 5e706fb - kunit: fix kernel-doc warnings due to mismatched arg names (git-fixes). - commit 584c0b5 - ARM: dts: omap3-n900: Fix lp5523 for multi color (git-fixes). - ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding (git-fixes). - ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 (git-fixes). - arm64: dts: meson-g12b-odroid-n2: add 5v regulator gpio (git-fixes). - arm64: zynqmp: Fix serial compatible string (git-fixes). - arm64: zynqmp: Do not duplicate flash partition label property (git-fixes). - arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd (git-fixes). - arm64: dts: qcom: sm8350: Rename GENI serial engine DT node (git-fixes). - arm64: dts: qcom: sc7280: Remove pm8350 and pmr735b for sc7280-idp (git-fixes). - commit d164fbf - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes). - ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco (git-fixes). - ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors (git-fixes). - ARM: dts: gpio-ranges property is now required (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes). - ARM: 9160/1: NOMMU: Reload __secondary_data after PROCINFO_INITFUNC (git-fixes). - ARM: dts: imx6qdl-wandboard: Fix Ethernet support (git-fixes). - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes). - ARM: socfpga: dts: fix qspi node compatible (git-fixes). - ARM: dts: bcm2711: Fix PCIe interrupts (git-fixes). - commit ef21691 - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes). - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes). - ARM: configs: aspeed_g5: Reneable DRM_FBDEV_EMULATION (git-fixes). - ARM: dts: qcom: fix memory and mdio nodes naming for RB3011 (git-fixes). - ARM: dts: omap: fix gpmc,mux-add-data type (git-fixes). - ARM: dts: sunxi: Fix OPPs node name (git-fixes). - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash (git-fixes). - ARM: dts: ls1021a: move thermal-zones node out of soc/ (git-fixes). - ARM: dts: ux500: Skomer regulator fixes (git-fixes). - ARM: BCM53016: Specify switch ports for Meraki MR32 (git-fixes). - commit 187b6ed - ARM: dts: NSP: Fix mpcore, mmc node names (git-fixes). - ARM: dts: BCM5301X: Fix MDIO mux binding (git-fixes). - ARM: dts: BCM5301X: Fix nodes names (git-fixes). - ARM: imx_v6_v7_defconfig: enable fb (git-fixes). - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and [#]size-cells property from at93c46d dt node (git-fixes). - ARM: tegra: Enable CONFIG_CROS_EC (git-fixes). - ARM: tegra: Enable CONFIG_FB (git-fixes). - commit 51d32f8 - Add cherry-picked id for HD-audio HDMI fix (git-fixes) - commit 4f7bd06 - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - commit db15697 - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - commit a5918df - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - commit 2d50b70 - Delete patches.suse/cdrom-turn-off-autoclose-by-default.patch (bsc#1165047). This is now shipped as modprobe.conf preset in suse-module-tools. - commit 6aca37e - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - commit 1695292 - Move upstreamed subsystem patches into sorted section - commit cb7f697 - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - PCI: pci-bridge-emul: Correctly set PCIe capabilities (git-fixes). - PCI: pci-bridge-emul: Fix definitions of reserved bits (git-fixes). - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - commit 9176445 - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - PCI: pci-bridge-emul: Make expansion ROM Base Address register read-only (git-fixes). - PCI: xgene: Fix IB window setup (git-fixes). - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - PCI: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI: mediatek-gen3: Disable DVFSRC voltage request (git-fixes). - commit d9b2ed2 - PCI: dwc: Do not remap invalid res (git-fixes). - PCI: aardvark: Fix checking for MEM resource type (git-fixes). - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/i915/ttm: add unmap_virtual callback (git-fixes). - drm/i915: don't call free_mmap_offset when purging (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - commit 9f50bf5 - Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 (git-fixes). - Bluetooth: btusb: Add support for Foxconn MT7922A (git-fixes). - Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 (git-fixes). - Bluetooth: btusb: Add one more Bluetooth part for WCN6855 (git-fixes). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: enable Mediatek to support AOSP extension (git-fixes). - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - commit 9fdbfa4 - Move upstreamed ALSA and coresight patches into sorted section - commit 14619f6 - Bluetooth: btintel: Fix broken LED quirk for legacy ROM devices (bsc#1193124). - Delete patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch. - commit 38b5832 - blacklist.conf: add one ath5k config fix - commit d106a94 - SUNRPC: lock against ->sock changing during sysfs read (bsc#1194324). - SUNRPC: Check if the xprt is connected before handling sysfs reads (bsc#1194324). - commit f48a6d6 ++++ libapparmor: - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). ++++ expat: - update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474, bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480): * CVE-2021-45960 -- Fix issues with left shifts by >=29 places resulting in a) realloc acting as free b) realloc allocating too few bytes c) undefined behavior depending on architecture and precise value for XML documents with >=2^27+1 prefixed attributes on a single XML tag a la "" where XML_ParserCreateNS is used to create the parser (which needs argument "-n" when running xmlwf). Impact is denial of service, or more. * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow on variable m_groupSize in function doProlog leading to realloc acting as free. Impact is denial of service or more. * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows near memory allocation at multiple places. Mitre assigned a dedicated CVE for each involved internal C function: - CVE-2022-22822 for function addBinding - CVE-2022-22823 for function build_model - CVE-2022-22824 for function defineAttribute - CVE-2022-22825 for function lookup - CVE-2022-22826 for function nextScaffoldPart - CVE-2022-22827 for function storeAtts Impact is denial of service or more. ++++ libpwquality: - Add python-rpm-macros to BuildRequires (boo#1194757). ++++ systemd: - Import commit 7a4e2ba4e01a8dfd305b24c40e156f8d293995a5 (merge of v249.9) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/6c7d6a7100488806bad0a81bbf2bca99be641938...7a4e2ba4e01a8dfd305b24c40e156f8d293995a5 ++++ tiff: - security update: Fix buffer overwrite * CVE-2019-17546[bsc#1154365] + tiff-CVE-2019-17546.patch - security update: Fix heap based buffer overflow in pal2rgb * CVE-2017-17095[bsc#1071031] + tiff-CVE-2017-17095.patch - security update: Fix OOB in _TIFFmemcpy * CVE-2022-22844[bsc#1194539] + tiff-CVE-2022-22844.patch - security update: Fix memory allocation failure in tif_read.c * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809] + tiff-CVE-2020-35521,CVE-2020-35522.patch - security update: Fix DOS via invertImage() * CVE-2020-19131[bsc#1190312] + tiff-CVE-2020-19131.patch - security update: Fix heap-based buffer overflow in TIFF2PDF tool * CVE-2020-35524[bsc#1182812] + tiff-CVE-2020-35524.patch - security update: Fix integer overflow in tif_getimage * CVE-2020-35523 [bsc#1182811] + tiff-CVE-2020-35523.patch ++++ virglrenderer: - security update - added patches fix CVE-2022-0175 [bsc#1194601], VUL-0: CVE-2022-0175: virglrenderer: Missing initialization of res->ptr + virglrenderer-CVE-2022-0175.patch ++++ nvme-cli: - Update Source URL and introduce a variable for the release canditate version string. ++++ perl-Gtk2: - Temporarily disable GtkAboutDialog.t test failing after the last pango update. ++++ qemu: * Patches added: meson-build-all-modules-by-default.patch ++++ runc: - Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) ++++ toolbox: - Update to version 2.3+git20220117.bd53c7c: - Fixes error where if custom image is used toolbox will download the default image before entering an existing container. (#40) ++++ yast2-trans: - Update to version 84.87.20220116.6b981cb0d7: * Translated using Weblate (Ukrainian) * Translated using Weblate (Russian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'packager'. * New POT for text domain 'dhcp-server'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) ------------------------------------------------------------------ ------------------ 2022-1-16 - Jan 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xfs: only run COW extent recovery when there are no live extents (bsc#1193791). - commit f025202 - xfs: move recovery needed state updates to xfs_log_mount_finish (bsc#1193791). - commit 3ab22f2 - xfs: allow setting and clearing of log incompat feature flags (bsc#1193791). - commit e5ce8a5 - xfs: remove all COW fork extents when remounting readonly (git-fixes). - commit dda180e - xfs: punch out data fork delalloc blocks on COW writeback failure (git-fixes). - commit d8175c4 ------------------------------------------------------------------ ------------------ 2022-1-15 - Jan 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk (git-fixes). - ALSA: hda/realtek: Re-order quirk entries for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 (git-fixes). - ALSA: hda/tegra: Fix Tegra194 HDA reset failure (git-fixes). - ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop (git-fixes). - ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices (git-fixes). - commit 97194d3 - mei: hbm: fix client dma reply status (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - phy: cadence: Sierra: Fix to get correct parent for mux clocks (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: Update Kconfig help text for Google firmware (git-fixes). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - misc: at25: Make driver OF independent again (git-fixes). - ASoC: imx-card: improve the sound quality for low rate (git-fixes). - ASoC: imx-card: Fix mclk calculation issue for akcodec (git-fixes). - ASoC: imx-card: Need special setting for ak4497 on i.MX8MQ (git-fixes). - ASoC: fsl_asrc: refine the check of available clock divider (git-fixes). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - commit 0ba81f9 - ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes). - ASoC: samsung: idma: Check of ioremap return value (git-fixes). - ASoC: mediatek: Check for error clk pointer (git-fixes). - ASoC: Intel: catpt: Test dmaengine_submit() result before moving on (git-fixes). - ASoC: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - ASoC: codecs: wcd938x: add SND_SOC_WCD938_SDW to codec list instead (git-fixes). - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - ASoC: Intel: sof_sdw: fix jack detection on HP Spectre x360 convertible (git-fixes). - ALSA: hda/cs8409: Fix Jack detection after resume (git-fixes). - ALSA: hda/cs8409: Increase delay during jack detection (git-fixes). - commit 501f634 - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - ALSA: hda: Make proper use of timecounter (git-fixes). - ALSA: led: Use restricted type for iface assignment (git-fixes). - ALSA: hda: Fix potential deadlock at codec unbinding (git-fixes). - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - commit 073769b ------------------------------------------------------------------ ------------------ 2022-1-14 - Jan 14 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.34.0: + initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6" + core: better handle sd-resolved errors when resolving hostnames + nmcli: fix import WireGuard profile with DNS domain and address family disabled + ndisc: send router solicitations before expiry + policy: send earlier the ip configs to the DNS manager + core: support linking with LLD 13 + wireguard: importing wg-quick configuration files with nmcli no longer sets a negative, exclusive "dns-priority". This plays better with common split DNS setups that use systemd-resolved. Adjust the "dns-priority" to your liking after import yourself. + NetworkManager no longer listens for netlink events for traffic control objects (qdiscs and filters). + core: add internal nm-priv-helper service for separating privileges and have a way to drop capabilities from NetworkManager daemon. + bond: add support for setting queue-id of bond port. + dns: support configuring DNS over TLS (DoT) with systemd-resolved. + nmtui: add support for WireGuard profiles. + nmcli: add aliases `nmcli device up|down` beside connect|disconnect. + conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new 'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of 'nm_device_get_ports()' in libnm. + nmcli: invoking nmcli command without arguments will now show 'default' instead of null address in route4 or route6 section. - Refresh patches with quilt. - Replace addFilter("suse-branding-unversioned-requires*") from rpmlintrc, with the current branding-requires-unversioned. - Update our Supplements to current standard. - Add the new internal nm-priv-helper.service to pre(un)/post(un) handling. ++++ cloud-regionsrv-client: - Follow up changes to (jsc#PCT-130, bsc#1182026) + Fix executable name for AHB service/timer + Update manpage for BYOS instance registration ++++ cryptsetup: - cryptsetup 2.4.3: * Fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery CVE-2021-4122, boo#1194469 * Add configure option --disable-luks2-reencryption to completely disable LUKS2 reencryption code. * Improve internal metadata validation code for reencryption metadata * Add updated documentation for LUKS2 On-Disk Format Specification version 1.1.0 * Fix support for bitlk (BitLocker compatible) startup key with new metadata entry introduced in Windows 11 * Fix space restriction for LUKS2 reencryption with data shift ++++ grub2: - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch ++++ kernel-default: - Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18121) - commit d76e53a - Move upstreamed thunderbolt patches into sorted section - commit cc9c167 - selftests: KVM: Fix non-x86 compiling (bsc#1194396). - commit f5bdc4a - x86/sev: Move common memory encryption code to mem_encrypt.c (jsc#SLE-19924). - Update config files. - commit 295fcc1 - x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c (jsc#SLE-19924). - commit e716904 - x86/sev: Use CC_ATTR attribute to generalize string I/O unroll (jsc#SLE-19924). - x86/sev: Remove do_early_exception() forward declarations (jsc#SLE-19924). - x86/head64: Carve out the guest encryption postprocessing into a helper (jsc#SLE-19924). - x86/sev: Get rid of excessive use of defines (jsc#SLE-19924). - x86/sev: Shorten GHCB terminate macro names (jsc#SLE-19924). - commit f844a2b - Delete mistakenly merged bogus file. - commit 3a6a1bf - Update config files to enable NVMe In-band Authentication (jsc#SLE-20183) - commit 1154950 - nvme: add TCP TSAS definitions (jsc#SLE-20183). - {PATCH 11/12] nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet-auth: Diffie-Hellman key exchange support (jsc#SLE-20183). - nvmet: Implement basic In-Band Authentication (jsc#SLE-20183). - nvmet: parse fabrics commands on io queues (jsc#SLE-20183). - nvme-auth: Diffie-Hellman key exchange support (jsc#SLE-20183). - nvme: Implement In-Band authentication (jsc#SLE-20183). - nvme-fabrics: decode 'authentication required' connect error (jsc#SLE-20183). - nvme: add definitions for NVMe In-Band authentication (jsc#SLE-20183). - lib/base64: RFC4648-compliant base64 encoding (jsc#SLE-20183). - crypto: add crypto_has_kpp() (jsc#SLE-20183). - crypto: add crypto_has_shash() (jsc#SLE-20183). - commit 64effa8 - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - commit 098c83f - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - commit 769658d - Move upstreamed serial patches into sorted section - commit 3fba525 - nvme: add 'iopolicy' module parameter (bsc#1177599). - nvme-fabrics: print out valid arguments when reading from /dev/nvme-fabrics (bsc#1192761). - nvme: fix use after free when disconnecting a reconnecting ctrl (bsc#1192761). - nvme-multipath: set ana_log_size to 0 after free ana_log_buf (bsc#1192761). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: make discovery NQN configurable (bsc#1192761). - commit 439c8e7 - btrfs: respect the max size in the header when activating swap file (bsc#1194595). - commit ed07a37 ++++ json-c: - Add patch bsc1171479.patch + fix integer overflow and out-of-bounds write (CVE-2020-12762, bsc#1171479) ++++ libnvme: - Initial package creation for libnvme ++++ systemd: - systemd.spec: drop our own definitions of %_pam_moduledir/%_pam_vendordir macros since they're now defined by pam-devel shipped by SP4. - Rename 1007-Restore-support-for-halt.local.patch into 1007-sysv-restore-support-for-halt.local.patch - Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch which are not specific to the handling of 'Required-Start:' and move them into a new patch 1010-sysv-add-back-support-for-all-virtual-facility-and-f.patch ++++ linux-glibc-devel: - Export the macros necessary for making core-scheduling usable (bsc#1194659) + uapi-linux-prctl-provide-macro-definitions-for-the-PR_SCHED_CORE-type-argument ++++ nvme-cli: - Update to v2.0-rc0 * Depends on libnvme * rename harden_nvmf-connect@.service.patch to 0100-harden_nvmf-connect@.service.patch * drop 0102-nvme-cli-Add-script-to-determine-host-NQN.patch ++++ permissions: - Update to version 20181225: * setuid bit for cockpit session binary (bsc#1169614) ++++ system-users: - Buildrequire the updated sysuser-tools which supports busybox-adduser as well ++++ yast2: - Adapted Report.yesno_popup to Ruby 3 (bsc#1193192) - 4.4.36 ------------------------------------------------------------------ ------------------ 2022-1-13 - Jan 13 2022 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Update some dependencies * build(deps): bump nix from 0.17.0 and 0.20.0 to 0.23.1 This fixes the following security issues: https://rustsec.org/advisories/RUSTSEC-2021-0119 * build(deps): bump generic-array from 0.12.3 to 0.12.4 This fixes a security issue: https://rustsec.org/advisories/RUSTSEC-2020-0146 AKA CVE-2020-36465 * build(deps): bump futures-util from 0.3.6 to 0.3.15 This fixes a security issue: https://rustsec.org/advisories/RUSTSEC-2020-0059 AKA CVE-2020-35905 * build(deps): bump rand_core from 0.6.1 to 0.6.3 This fixes a security issue: https://rustsec.org/advisories/RUSTSEC-2021-0023 AKA CVE-2021-27378, bsc#1182432 * build(deps): bump hyper from 0.14.2 to 0.14.11 This fixes two security issues: https://rustsec.org/advisories/RUSTSEC-2021-0078 AKA CVE-2021-32715, bsc#1188173 https://rustsec.org/advisories/RUSTSEC-2021-0079 AKA CVE-2021-32714, bsc#1188174 * build(deps): bump tokio from 1.0.1 to 1.15.0 This fixes two security issues: https://rustsec.org/advisories/RUSTSEC-2021-0124 AKA CVE-2021-45710, bsc#1194119 https://rustsec.org/advisories/RUSTSEC-2021-0072 AKA CVE-2021-38191 - Remove cargo_audit service, as it makes no sense as a service (it doesn't automatically get rerun), it would make more sense during the build process as then it gets rerun if the package or the vulnerability database get changed - switch services from disabled to manual - remove hard coded author for tar_scm service ++++ cyrus-sasl: - postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB ++++ grub2: - Fix wrong default entry when booting snapshot (bsc#1159205) * grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch ++++ kernel-default: - tools headers UAPI: Sync linux/prctl.h with the kernel sources (bsc#1194659). - commit 5606b92 - Disable hyperv_fb in favour of hyperv_drm (jsc#SLE-19733) - commit 19fee0c - net: mana: Add RX fencing (bsc#1193506). - commit e3d6f05 - Drivers: hv: vmbus: Initialize request offers message for Isolation VM (bsc#1183682). - commit 7c5d060 - scsi: storvsc: Fix unsigned comparison to zero (git-fixes). - commit 9e68988 - x86/hyperv: Fix definition of hv_ghcb_pg variable (bsc#1183682). - commit 95638ec - Drivers: hv: Fix definition of hypercall input & output arg variables (git-fixes). - commit 607f280 - net: netvsc: Add Isolation VM support for netvsc driver (bsc#1183682). - commit 6e48a4c - hv_sock: Extract hvs_send_data() helper that takes only header (git-fixes). - commit 460e07f - scsi: storvsc: Add Isolation VM support for storvsc driver (bsc#1183682). - commit e37f664 - hyper-v: Enable swiotlb bounce buffer for Isolation VM (bsc#1183682). - commit 48df245 - net: mana: Add XDP support (bsc#1193506). - commit 5fa8748 - hv_netvsc: Use bitmap_zalloc() when applicable (bsc#1193506). - commit 11f2462 - PCI: hv: Add arm64 Hyper-V vPCI support (jsc#SLE-17855,bsc#1186071). - commit e9d267d - PCI: hv: Make the code arch neutral by adding arch specific interfaces (jsc#SLE-17855,bsc#1186071). - commit 51d1087 - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (git-fixes). - commit e8d71a7 - x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() (bsc#1183682). - commit 4fb06cd - swiotlb: Add swiotlb bounce buffer remap function for HV IVM (bsc#1183682). - commit 8e7bfc2 - uapi/linux/prctl: provide macro definitions for the PR_SCHED_CORE type argument (bsc#1194659). - commit d1a1904 - btrfs: fix warning when freeing leaf after subvolume creation failure (bsc#1194656). - btrfs: fix invalid delayed ref after subvolume creation failure (bsc#1194656). - btrfs: fix double free of anon_dev after failure to create subvolume (bsc#1194656). - commit e3b8e6b - KVM: SVM: Fall back to KVM's hardcoded value for EDX at RESET/INIT (bsc#1194650). - commit aaac702 - KVM: SVM: Require exact CPUID.0x1 match when stuffing EDX at INIT (bsc#1194650). - commit d70b6af - KVM: VMX: Set EDX at INIT with CPUID.0x1, Family-Model-Stepping (bsc#1194647). - commit b8eb21e - Refresh patches.suse/Revert-drm-i915-Implement-Wa_1508744258.patch. Alt-commit - commit 7a9c995 - Refresh patches.suse/0445-drm-i915-Revert-guc_id-from-i915_request-tracepoint.patch. Alt-commit - commit 50dc252 - KVM: SVM: Zero out GDTR.base and IDTR.base on INIT (bsc#1194644). - commit 1e7e5ae - Revert "drm/i915/display: Disable audio, DRRS and PSR before planes" (git-fixes). - commit fa3f617 - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (bsc#1194641). - commit ef61f72 - KVM: x86: Flush the guest's TLB on INIT (bsc#1194639). - commit b025945 - KVM: x86/mmu: Fix use of enums in trace_fast_page_fault (bsc#1194638). - commit 232ac66 - KVM: x86/mmu: Rename cr2_or_gpa to gpa in fast_page_fault (bsc#1194636). - commit 748abc3 - optee: Suppress false positive kmemleak report in optee_handle_rpc() (jsc#SLE-21844). - tee: optee: Fix incorrect page free bug (jsc#SLE-21844). - tee: amdtee: fix an IS_ERR() vs NULL bug (jsc#SLE-21844). - optee: smc_abi.c: add missing #include (jsc#SLE-21844). - commit 818bd23 - net/smc: Clear memory when release and reuse buffer (jsc#SLE-18331). - commit 7a4e5bd - net/smc: Keep smc_close_final rc during active close (git-fixes). - net/smc: Don't call clcsock shutdown twice when smc shutdown (git-fixes). - commit 22f3071 - net/smc: fix kernel panic caused by race of smc_sock (git-fixes). - net/smc: don't send CDC/LLC message if link not ready (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: Prevent smc_release() from long blocking (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() (git-fixes). - net/smc: Ensure the active closing peer first closes clcsock (git-fixes). - net/smc: Clean up local struct sock variables (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - commit 8fbf330 - optee: fix kfree NULL pointer (jsc#SLE-21844). - optee: Fix spelling mistake "reclain" -> "reclaim" (jsc#SLE-21844). - firmware: arm_ffa: Remove unused 'compat_version' variable (jsc#SLE-21844). - firmware: arm_ffa: Add support for MEM_LEND (jsc#SLE-21844). - firmware: arm_ffa: Handle compatibility with different firmware versions (jsc#SLE-21844). - optee: add FF-A support (jsc#SLE-21844). - optee: isolate smc abi (jsc#SLE-21844). - optee: refactor driver with internal callbacks (jsc#SLE-21844). - optee: simplify optee_release() (jsc#SLE-21844). - commit 5c29442 - tee: add sec_world_id to struct tee_shm (jsc#SLE-21844). - Refresh patches.suse/tee-handle-lookup-of-shm-with-reference-count-0.patch. - commit 16de057 - tee/optee/shm_pool: fix application of sizeof to pointer (jsc#SLE-21844). - commit a041250 - selftests: KVM: avoid failures due to reserved HyperTransport region (bsc#1194396). - commit dc525da - net/smc: Print function name in smcr_link_down tracepoint (jsc#SLE-18331). - net/smc: Introduce tracepoint for smcr link down (jsc#SLE-18331). - net/smc: Introduce tracepoints for tx and rx msg (jsc#SLE-18331). - net/smc: Introduce tracepoint for fallback (jsc#SLE-18331). - net/smc: stop links when their GID is removed (jsc#SLE-18331). - net/smc: add netlink support for SMC-Rv2 (jsc#SLE-18331). - net/smc: extend LLC layer for SMC-Rv2 (jsc#SLE-18331). - net/smc: add v2 support to the work request layer (jsc#SLE-18331). - net/smc: retrieve v2 gid from IB device (jsc#SLE-18331). - net/smc: add v2 format of CLC decline message (jsc#SLE-18331). - net/smc: add listen processing for SMC-Rv2 (jsc#SLE-18331). - net/smc: add SMC-Rv2 connection establishment (jsc#SLE-18331). - net/smc: prepare for SMC-Rv2 connection (jsc#SLE-18331). - net/smc: save stack space and allocate smc_init_info (jsc#SLE-18331). - net/smc: add generic netlink support for system EID (jsc#SLE-18331). - net/smc: keep static copy of system EID (jsc#SLE-18331). - net/smc: add support for user defined EIDs (jsc#SLE-18331). - net/smc: Allow SMC-D 1MB DMB allocations (jsc#SLE-18331). - commit f31e069 - clk: bm1880: remove kfrees on static allocations (git-fixes). - clk: qcom: gcc-sc7280: Mark gcc_cfg_noc_lpass_clk always enabled (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - clk: Emit a stern warning with writable debugfs enabled (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - leds: lp55xx: initialise output direction from dts (git-fixes). - usb: gadget: u_audio: Subdevice 0 for capture ctls (git-fixes). - usb: dwc2: do not gate off the hardware if it does not support clock gating (git-fixes). - usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - serial: stm32: move tx dma terminate DMA to shutdown (git-fixes). - serial: liteuart: fix MODULE_ALIAS (git-fixes). - serial: 8250_bcm7271: Propagate error codes from brcmuart_probe() (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - drivers/firmware: Add missing platform_device_put() in sysfb_create_simplefb (git-fixes). - pinctrl: renesas: rza1: Fix kerneldoc function names (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - commit 13cce41 ++++ kernel-firmware: - Update to version 20220111 (git commit 13dca280f760): * linux-firmware: update firmware for MT7915 * iwlwifi: add new FWs from core63-136 release * iwlwifi: add new FWs from core66-88 release * iwlwifi: update 9000-family firmwares to core66-88 * linux-firmware: add firmware for MT7916 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * WHENCE: add missing symlink for NanoPi R1 * amdgpu: update yellow carp dmcub firmware * cxgb4: Update firmware to revision 1.26.6.0 - update aliases from 5.16 final ++++ openssl-1_1: - Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742] * Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch * Optimize AES-XTS mode for aarch64: openssl-1_1-Optimize-AES-XTS-aarch64.patch * Optimize AES-GCM for uarchs with unroll and new instructions: openssl-1_1-Optimize-AES-GCM-uarchs.patch ++++ polkit: - CVE-2021-4034: fixed a local privilege escalation in pkexec (bsc#1194568) added CVE-2021-4034-pkexec-fix.patch ++++ sssd: - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba ++++ systemd: - Import commit 6c7d6a7100488806bad0a81bbf2bca99be641938 (merge of v249.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/103742c59ad2d37a54bfb91135d9c7b082ca3576...6c7d6a7100488806bad0a81bbf2bca99be641938 - Rebase 1007-Restore-support-for-halt.local.patch - Import commit 103742c59ad2d37a54bfb91135d9c7b082ca3576 e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178) 078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit 6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit 6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826) 30cbebc56f tmpfiles: 'st' may have been used uninitialized 5443654ec0 macro: add new helper RET_NERRNO() 8d90ecc435 rm-rf: optionally fsync() after removing directory tree 591344010d rm-rf: refactor rm_rf_children(), split out body of directory iteration loop 8c7762c4f1 Bump the max number of inodes for /dev to a million (bsc#1192858) dc9476c881 journal: don't remove the flushed flag when journald is stopped 29efc29efd TEST-10: don't attempt to write a byte to the socket 773fb785b6 Bump the max number of inodes for /dev to 128k (bsc#1192858) ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 ++++ python3-azuremetadata: - Version 5.1.5 (bsc#1194663) + Handle lsblk output format change. The json data now contains "mountpoints" instead of "mountpoint" ++++ samba: - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Add python-rpm-macros to build requirements - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba ++++ virt-manager: - jsc#SLE-20855 KVM: Enable vfio-ccw and vfio-ap in virt-* tools 965480e8-virt-install-add-mediated-device.patch f87e96d3-hostdev-use-method-get_mdev_uuid.patch 9d4002ee-tests-verify-MDEV-support.patch 9363e1e6-virt-xml-add-support-for-mediated-devices.patch 0e15cd51-virt-manager-enable-MDEV-support.patch ------------------------------------------------------------------ ------------------ 2022-1-12 - Jan 12 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (boo#1179060). ++++ kernel-default: - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - commit 4c59c88 - Move mpi3mr driver to being fully supported (bsc#1194578) - commit 8f564bb - blacklist.conf: f28439db470c ("tracing: Tag trace_percpu_buffer as a percpu pointer") It fixes a sparse warning only. - commit f67dade - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - commit 8ff3def - drm: Enable support for simpledrm devices on x86-64 (jsc#SLE-18823) - enable support for simple-framebuffer devices - disabled by default - commit 74f8512 - cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1194302 CVE-2021-4197). - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1194302 CVE-2021-4197). - cgroup: Use open-time credentials for process migraton perm checks (bsc#1194302 CVE-2021-4197). - commit 91b620d - firmware/sysfb: Add parameter to enable sysfb support (jsc#SLE-18823) - commit afbe6c6 - s390: add HWCAP_S390_PCI_MIO to ELF hwcaps (jsc#SLE-23099). - s390/disassembler: add instructions (jsc#SLE-18634). - s390: report more CPU capabilities (jsc#SLE-18634). - commit f81382d - fget: clarify and improve __fget_files() implementation (bsc#1193727). - commit 5f0b9f7 - fget: check that the fd still exists after getting a ref to it (bsc#1193727 CVE-2021-4083). - commit 2321692 - tpm: fix NPE on probe for missing device (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tpm_tis: Fix an error handling path in 'tpm_tis_core_init()' (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - spi: uniphier: Fix a bug that doesn't point to private data correctly (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - commit c4bbaa3 - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - spi: hisi-kunpeng: Fix the debugfs directory name incorrect (git-fixes). - regulator: qcom-labibb: OCP interrupts are not a failure while disabled (git-fixes). - regulator: Drop unnecessary struct member (git-fixes). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - power: reset: mt6397: Check for null res pointer (git-fixes). - power: bq25890: Enable continuous conversion for ADC at charging (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - commit 8693eaa - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: rawnand: ingenic: JZ4740 needs 'oob_first' read page function (git-fixes). - mtd: rawnand: Export nand_read_page_hwecc_oob_first() (git-fixes). - mtd: rawnand: davinci: Rewrite function description (git-fixes). - mtd: rawnand: davinci: Avoid duplicated page read (git-fixes). - mtd: rawnand: davinci: Don't calculate ECC when reading page (git-fixes). - mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove (git-fixes). - mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init() (git-fixes). - Revert "net: usb: r8152: Add MAC passthrough support for more Lenovo Docks" (git-fixes). - commit d77e38e - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - commit 291cf9b - kernel/locking: Use a pointer in ww_mutex_trylock() (git-fixes). - lib/logic_iomem: Fix operation on 32-bit (git-fixes). - lib/logic_iomem: Fix 32-bit build (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: meson-mx-sdhc: add IRQ check (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI - >probe() (git-fixes). - mtd: core: provide unique name for nvmem device (git-fixes). - mtd: Fixed breaking list in __mtd_del_partition (git-fixes). - lib/mpi: Add the return value check of kcalloc() (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - commit 9a0c88a - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - hwmon: (mr75203) fix wrong power-up delay value (git-fixes). - drm/amdgpu: disable runpm if we are the primary adapter (git-fixes). - fbdev: fbmem: add a helper to determine if an aperture is used by a fw fb (git-fixes). - drm/amd/pm: keep the BACO feature enabled for suspend (git-fixes). - drm/amdgpu: fix dropped backing store handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Added power down for DCN10 (git-fixes). - commit 49a64a1 - drm/i915/backlight: extract backlight code to a separate file (git-fixes). - Refresh patches.suse/drm-i915-dp-Perform-30ms-delay-after-source-OUI-writ.patch. - commit de43291 - crypto: x86/aesni - don't require alignment of data (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - docs: automarkup.py: Fix invalid HTML link output and broken URI fragments (git-fixes). - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - drm/amd/display: fix B0 TMDS deepcolor no dislay issue (git-fixes). - drm/amdgpu: put SMU into proper state on runpm suspending for BOCO capable platform (git-fixes). - drm/amdgpu: always reset the asic in suspend (v2) (git-fixes). - drm/amd/pm: skip setting gfx cgpg in the s0ix suspend-resume (git-fixes). - drm/amd/pm: Fix xgmi link control on aldebaran (git-fixes). - drm/i915: Add support for panels with VESA backlights with PWM enable/disable (git-fixes). - drm/i915/backlight: mass rename functions to have intel_backlight_ prefix (git-fixes). - commit 941e68f - crypto: omap-aes - Fix broken pm_runtime_and_get() usage (git-fixes). - crypto: octeontx2 - prevent underflow in get_cores_bmap() (git-fixes). - crypto: stm32 - Revert broken pm_runtime_resume_and_get changes (git-fixes). - crypto: stm32/cryp - fix bugs and crash in tests (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - check early input data (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - crypto: stm32/cryp - fix CTR counter carry (git-fixes). - crypto: octeontx2 - uninitialized variable in kvf_limits_store() (git-fixes). - commit 1f3d99d - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - crypto: qce - fix uaf on qce_skcipher_register_one (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: qce - fix uaf on qce_aead_register_one (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - auxdisplay: charlcd: checking for pointer reference before dereferencing (git-fixes). - commit 85744be - Move upstreamed caam patches into sorted section - commit c0716a1 ++++ sqlite3: - update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change ++++ shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). ++++ qemu: - It's time to really start requiring -F when using -b in qemu-img for us as well. Users/customers have been warned in the relevant release notes (bsc#1190135) * Patches dropped: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch ++++ yast2: - Simplify slide show to support future parallel installations (jsc#SLE-20437) - 4.4.35 ------------------------------------------------------------------ ------------------ 2022-1-11 - Jan 11 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * grub2.spec - Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) (bsc#1192686) * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch * 0002-ieee1275-claim-more-memory.patch * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch * 0005-docs-grub-Document-signing-grub-under-UEFI.patch * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch * 0008-pgp-factor-out-rsa_pad.patch * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch * 0011-libtasn1-import-libtasn1-4.18.0.patch * 0012-libtasn1-disable-code-not-needed-in-grub.patch * 0013-libtasn1-changes-for-grub-compatibility.patch * 0014-libtasn1-compile-into-asn1-module.patch * 0015-test_asn1-test-module-for-libtasn1.patch * 0016-grub-install-support-embedding-x509-certificates.patch * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch * 0019-appended-signatures-support-verifying-appended-signa.patch * 0020-appended-signatures-verification-tests.patch * 0021-appended-signatures-documentation.patch * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch ++++ kernel-default: - vfs: fs_context: fix up param length parsing in legacy_parse_param (CVE-2022-0185 bsc#1194517). - vfs: Out-of-bounds write of heap buffer in fs_context.c (CVE-2022-0185 bsc#1194517). - commit 4eff35e - Refresh and reenable patches.suse/powerpc-Add-kABI-placeholder-to-struct-pci_controlle.patch. - commit 0662bab - Move upstreamed i915 patch into sorted section - commit ab774ad - Drop a bogus DRM patch that has been already cherry-picked - commit 74d26f7 - thunderbolt: xdomain: Avoid potential stack OOB read (jsc#SLE-19356 jsc#SLE-19358 jsc#SLE-19359). - commit b3e0efa - Update patch references for NFC security fixes (CVE-2021-4202 bsc#1194529) - commit 73f05a8 - RDMA/core: Don't infoleak GRH fields (jsc#SLE-19249). - RDMA/uverbs: Check for null return of kmalloc_array (jsc#SLE-19249). - Revert "RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow" (jsc#SLE-19253). - RDMA/rxe: Prevent double freeing rxe_map_set() (jsc#SLE-19249). - iavf: Fix limit of total number of queues to active queues of VF (jsc#SLE-18385). - i40e: Fix incorrect netdev's real number of RX/TX queues (jsc#SLE-18378). - i40e: Fix for displaying message regarding NVM version (jsc#SLE-18378). - i40e: fix use-after-free in i40e_sync_filters_subtask() (jsc#SLE-18378). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (jsc#SLE-18378). - sfc: The RX page_ring is optional (git-fixes). - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (git-fixes). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: ena: Fix undefined state when tx request id is out of bounds (git-fixes). - commit 47d0d9d - thunderbolt: Add module parameter for CLx disabling (jsc#SLE-19359). - commit 2edbb7d - thunderbolt: Enable CL0s for Intel Titan Ridge (jsc#SLE-19359). - commit 78214f0 - thunderbolt: Rename Intel TB_VSE_CAP_IECS capability (jsc#SLE-19356 jsc#SLE-19357 jsc#SLE-19358 jsc#SLE-19359). - commit 77795ca - thunderbolt: Implement TMU time disruption for Intel Titan Ridge (jsc#SLE-19359). - commit a599ed6 - thunderbolt: Move usb4_switch_wait_for_bit() to switch.c (jsc#SLE-19356 jsc#SLE-19357 jsc#SLE-19358 jsc#SLE-19359). - commit 654869f - thunderbolt: Add CL0s support for USB4 routers (jsc#SLE-19359). - commit 2d3b539 - thunderbolt: Add TMU uni-directional mode (jsc#SLE-19358 jsc#SLE-19359). - commit 55afa32 - thunderbolt: Check return value of kmemdup() in icm_handle_event() (jsc#SLE-19358). - commit 1d198a8 - thunderbolt: Do not dereference fwnode in struct device (jsc#SLE-19356 jsc#SLE-19357 jsc#SLE-19358 jsc#SLE-19359). - commit 6c6f018 - thunderbolt: Add debug logging of DisplayPort resource allocation (jsc#SLE-19356). - commit c30ad8a - thunderbolt: Do not allow subtracting more NFC credits than configured (jsc#SLE-19359). - commit 6830e6c - thunderbolt: Runtime resume USB4 port when retimers are scanned (jsc#SLE-19359). - commit d68139f - thunderbolt: Runtime PM activate both ends of the device link (jsc#SLE-19356 jsc#SLE-19359). - commit 7b8a05d - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (git-fixes). - commit fbf8c6a - wcn36xx: Fix max channels retrieval (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - wcn36xx: fix RX BD rate mapping for 5GHz legacy rates (git-fixes). - wcn36xx: populate band before determining rate on RX (git-fixes). - commit e2ed707 - software node: fix wrong node passed to find nargs_prop (git-fixes). - thermal/drivers/int340x: Fix RFIM mailbox write commands (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/imx: Implement runtime PM support (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - wcn36xx: Put DXE block into reset before freeing memory (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: Fix DMA channel enable/disable cycle (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan (git-fixes). - commit 33d2ad1 - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - mt76: mt7921: drop offload_flags overwritten (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: ov8865: Disable only enabled regulators on error path (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: dw2102: Fix use after free (git-fixes). - memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails (git-fixes). - commit 5b0b74d - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: si2157: Fix "warm" tuner state detection (git-fixes). - media: cec-pin: fix interrupt en/disable handling (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - media: venus: core: Fix a potential NULL pointer dereference in an error handling path (git-fixes). - media: venus: correct low power frequency calculation for encoder (git-fixes). - media: coda: fix CODA960 JPEG encoder buffer overflow (git-fixes). - commit ad9c38c - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: i2c: ov8865: Fix lockdep error (git-fixes). - media: i2c: Re-order runtime pm initialisation (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix s_frame_interval runtime resume not requested (git-fixes). - commit 2f34e23 - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - commit da51464 - media: correct MEDIA_TEST_SUPPORT help text (git-fixes). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr() (git-fixes). - media: atomisp: fix ifdefs in sh_css.c (git-fixes). - media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid() (git-fixes). - media: atomisp: do not use err var when checking port validity for ISP2400 (git-fixes). - commit 54c82b7 - iwlwifi: mvm: set protected flag only for NDP ranging (git-fixes). - iwlwifi: mvm: perform 6GHz passive scan after suspend (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: fix Bz NMI behaviour (git-fixes). - media: atomisp: fix inverted logic in buffers_needed() (git-fixes). - media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case (git-fixes). - media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities() (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - gpu: host1x: Drop excess kernel-doc entry @key (git-fixes). - commit ddae815 - drm/amd/display: Fix the uninitialized variable in enable_stream_features() (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dp: displayPort driver need algorithm rational (git-fixes). - drm/vmwgfx: Remove explicit transparent hugepages support (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/tegra: gr2d: Explicitly control module reset (git-fixes). - drm/amd/pm: fix a potential gpu_metrics_table memory leak (git-fixes). - drm/amd/display: Fix out of bounds access on DNC31 stream encoder regs (git-fixes). - drm/amd/display: Fix bug in debugfs crc_win_update entry (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - commit dd193ee - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/vmwgfx: Fail to initialize on broken configs (git-fixes). - drm/vmwgfx: Remove the deprecated lower mem limit (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after GPU reset (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/dp: Don't read back backlight mode in drm_edp_backlight_enable() (git-fixes). - drm/vc4: crtc: Copy assigned channel to the CRTC (git-fixes). - drm/vc4: Fix non-blocking commit getting stuck forever (git-fixes). - drm/vc4: crtc: Drop feed_txp from state (git-fixes). - commit fd31773 - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/vc4: hdmi: Enable the scrambler on reconnection (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vc4: hdmi: Rework the pre_crtc_configure error handling (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - commit c836251 - Documentation: ACPI: Fix data node reference documentation (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - Documentation, arch: Remove leftovers from raw device (git-fixes). - commit c33b5df - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - device property: Fix fwnode_graph_devcon_match() fwnode leak (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: isotp: convert struct tpcon::{idx,len} to unsigned int (git-fixes). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - commit ccff551 - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() (git-fixes). - Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe (git-fixes). - Bluetooth: hci_bcm: Check for error irq (git-fixes). - can: mcp251xfd: add missing newline to printed strings (git-fixes). - can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - Bluetooth: L2CAP: Fix using wrong mode (git-fixes). - Bluetooth: btmtksdio: fix resume failure (git-fixes). - commit 9c9f45a - ax25: uninitialized variable in ax25_setsockopt() (git-fixes). - ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan() (git-fixes). - ath11k: Fix deleting uninitialized kernel timer during fragment cache flush (git-fixes). - ath11k: Fix buffer overflow when scanning with extraie (git-fixes). - Bluetooth: stop proccessing malicious adv data (git-fixes). - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle() (git-fixes). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - Bluetooth: btusb: Fix application of sizeof to pointer (git-fixes). - Bluetooth: L2CAP: Fix not initializing sk_peer_pid (git-fixes). - commit 1874423 - ACPI: EC: Rework flushing of EC work while suspended to idle (git-fixes). - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - ath10k: Fix the MTU size on QCA9377 SDIO (git-fixes). - ath11k: Use host CE parameters for CE interrupts configuration (git-fixes). - ath11k: reset RSN/WPA present state for open BSS (git-fixes). - ath11k: clear the keys properly via DISABLE_KEY (git-fixes). - ath11k: Fix ETSI regd with weather radar overlap (git-fixes). - ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware (git-fixes). - commit daa87ce - Move upstreamed media and wireless patches into sorted section - commit 0e89c6b - Update patches.suse/0001-crypto-implement-downstream-solution-for-disabling-d.patch (jsc#SLE-21132,bsc#1191270,bsc#1193976). - commit 3bec270 ++++ ldb: - Modify packaging to allow parallel installation with libldb1 (bsc#1192684): + Private libraries are installed in %{_libdir}/ldb2/ + Modules are installed in %{_libdir}/ldb2/modules ++++ sssd: - Remove libsmbclient-devel BuildRequires in favor of pkgconfig(smbclient) ------------------------------------------------------------------ ------------------ 2022-1-10 - Jan 10 2022 ------------------- ------------------------------------------------------------------ ++++ boost-base: - variant.patch: backport fix allowing perfect forwarding in apply_visitor. Also fix wrong usage of boost::move (bsc#1194522) ++++ chrony: - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty. ++++ grub2: - Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) * grub2-systemd-sleep-plugin ++++ kernel-default: - EDAC/i10nm: Release mdev/mbase when failing to detect HBM (bsc#1190497). - commit fd0b06f - Delete patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Delete patches.suse/sched-fair-Use-weight-of-SD_NUMA-domain-in-find_busiest_group.patch. To be updated. - commit d4407e8 - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (bsc#1194272 CVE-2021-4155). - commit a336d8d - Input: zinitix - make sure the IRQ is allocated before it gets enabled (git-fixes). - Revert "drm/amdgpu: stop scheduler when calling hw_fini (v2)" (git-fixes). - i2c: mpc: Avoid out of bounds memory access (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - commit a4fc8b8 - x86/kvm: Add kexec support for SEV Live Migration (bsc#1194316). - commit 984f004 - x86/kvm: Add guest support for detecting and enabling SEV Live Migration feature (bsc#1194316). - Refresh patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch. - commit 339e71a - EFI: Introduce the new AMD Memory Encryption GUID (bsc#1194316). - mm: x86: Invoke hypercall when page encryption status is changed (bsc#1194316). - x86/kvm: Add AMD SEV specific Hypercall3 (bsc#1194316). - commit 9fae40a ++++ ceph: - Update to 16.2.7-37-gb3be69440db: + (bsc#1194353) Downstream branding breaks dashboard npm build ++++ systemd: - Rename 1009-drop-or-soften-deprecation-warnings.patch into 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch ++++ wayland: - obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4 ++++ libzypp: - Fix broken install path for parser compat headers (fixes #372, bsc#1194597) - RepoManager: remember exec errors in exception history (bsc#1193007) - version 17.29.1 (22) ++++ rust-keylime: - Update to version 0.1.0+git.1641587454.1248597: * quotes_handler: send TPM2 event log for measured boot * serialization: move serialization into separate module * try to load AK from disk instead of always creating a new one * update Cargo.lock file * make hash, encryption and signing algorithm configurable * tpm: remove get_sig_scheme(..) function * hash: rename to algorithms and implement tss conversions * cmd_exec: remove cmd_exec module * secure_mount: fix mount of tmpfs for secure directory * common: change default WORK_DIR to /var/lib/keylime * tpm: remove special handling for PCR10 ++++ supportutils: - Changes to version 3.1.19 + Made /proc directory and network names spaces configurable (bsc#1193868) ++++ yast2-trans: - Update to version 84.87.20220109.a8187edd75: * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Arabic) ------------------------------------------------------------------ ------------------ 2022-1-9 - Jan 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tee: handle lookup of shm with reference count 0 (bsc#1193767 CVE-2021-44733). - commit 9b249a9 ------------------------------------------------------------------ ------------------ 2022-1-7 - Jan 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - sched/fair: Prevent dead task groups from regaining cfs_rq's (bsc#1192837). - commit 06f21e0 - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328 ltc#195566). - commit 57aefb3 - drm/ast: Create the driver for ASPEED proprietory Display-Port (jsc#SLE-19299) - commit 6e5bebf - drm/ast: Enable the supporting of wide screen on AST2600 (jsc#SLE-19299) - commit 20901d9 - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - commit a877782 - Refresh BT workaround patch (bsc#1193124) Fix yet another broken device 8086:0aa7 - commit 97575af - drm/amdgpu: add support for IP discovery gc_info table v2 (git-fixes). - commit ddac46e - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - batman-adv: mcast: don't send link-local multicast to mcast routers (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled (git-fixes). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/mellanox: mlxbf-pmc: Fix an IS_ERR() vs NULL bug in mlxbf_pmc_map_counters (git-fixes). - ALSA: hda: intel-sdw-acpi: go through HDAS ACPI at max depth of 2 (git-fixes). - ALSA: hda: intel-sdw-acpi: harden detection of controller (git-fixes). - tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() (git-fixes). - tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok() (git-fixes). - commit 9651cf1 ++++ multipath-tools: - Version 0.8.8+13+suse.79c3556f * code-wise identical to 0.8.8+38+suse.2bdd3a14 (previous version number was too high by mistake) ++++ rdma-core: - Update to v38.1 - Major fixes for hns provider ++++ suseconnect-ng: - Update to version 0.0.5~git0.bbb5544: * Switch from rubygem-ffi to fiddle * Cleanup services during migration (bsc#1161891) * Allow non-root users to see usage text * Add option to not fail dup as much * Move APIVersion declaration to file where it is used * Add flag to enable/disable hwinfo test * Add ARM cluster count to hwinfo and fix test * Simplify parsing JSON error response * Add --gpg-auto-import-keys for zypper ref * Rename main.go to logging.go * Fix typo * Remove init() from the connect package * Move CFG variable declaration to config.go * Move AppName const to the file where it is used * Use testing.Helper() in test helpers * Add ppc64le support * Disable UUID test * Add test tools to BuildRequires * Ignore UUID errors * Run basic hwinfo sanity test on build service * Update code comments to match shim behavior. * Remove dependency on systemd * Only run httputil DumpResponse when needed ++++ yast2: - Fixed test failure in Ruby 2.5, caused by the fix for Ruby 3.0 (related to bsc#1193192) - 4.4.34 - Y2Packager::Resolvable: added none? method in order to not crash in case of rubocop automatic change (bsc#1194387) - 4.4.33 ------------------------------------------------------------------ ------------------ 2022-1-6 - Jan 6 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: core: Fix scsi_device_max_queue_depth() (bsc#1194317). - commit 3a8ce65 - Update patches.suse/cpufreq-ondemand-set-default-up_threshold-to-30-on-multi-core-systems.patch (bsc#464461,bsc#981838,bsc#1064414,bsc#1144943,bsc#1193200). - commit 4e8aa41 - x86/sev: Carve out HV call's return value verification (jsc#SLE-19924). - Refresh patches.suse/x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv. - commit 7220981 ------------------------------------------------------------------ ------------------ 2022-1-5 - Jan 5 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - Remove pointless %%post scriptlet leveraging non-existent systemd env variables FIRST_ARG has been used in our systemd macros, but this has now been gone for years. Thus the true branch of the if has never been executed for years and is only causing warnings when installing dbus. ++++ hwdata: - Update to version 0.355 (bsc#1194338): + Updated pci, usb and vendor ids. ++++ kernel-default: - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976). - commit 7a55b80 - Refresh patches.suse/ext4-Support-for-checksumming-from-journal-triggers.patch. - commit 37abf0d - filesystems/locking: fix Malformed table warning (bsc#1194346). - commit d6bb90b - cifs: Fix race between hole punch and page fault (bsc#1194346). - commit b378137 - ceph: Fix race between hole punch and page fault (bsc#1194346). - commit 0d112ab - fuse: Convert to using invalidate_lock (bsc#1194346). - commit 5d819b0 - f2fs: Convert to using invalidate_lock (bsc#1194346). - commit 9764db7 - zonefs: Convert to using invalidate_lock (bsc#1194346). - commit c847453 - xfs: Convert double locking of MMAPLOCK to use VFS helpers (bsc#1194346). - commit ec46016 - xfs: Convert to use invalidate_lock (bsc#1194346). - commit af165b9 - xfs: Refactor xfs_isilocked() (bsc#1194346). - commit d308a96 - ext2: Convert to using invalidate_lock (bsc#1194346). - commit 2e31ef0 - ext4: Convert to use mapping->invalidate_lock (bsc#1194346). - commit 2285a90 - documentation: Sync file_operations members with reality (bsc#1194346). - commit ceb27b8 - powerpc/xmon: Dump XIVE information for online-only processors (bsc#1193482 ltc#195600). - commit 5695527 - thunderbolt: Do not program path HopIDs for USB4 routers (jsc#SLE-19357). - commit 4027086 - ext4: prevent partial update of the extent blocks (bsc#1194163). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163). - ext4: Support for checksumming from journal triggers (bsc#1194163). Refresh patches.suse/ext4-correct-the-error-path-of-ext4_write_inline_dat.patch - commit 52d77cb - thunderbolt: Tear down existing tunnels when resuming from hibernate (jsc#SLE-19357). - commit 06feed9 ++++ kernel-firmware: - Update to version 20211229 (git commit 57d6b9507e28): * cnm: add chips&media wave521c firmware. * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * rtw88: 8822c: Update normal firmware to v9.9.11 * QCA: Update Bluetooth WCN685x firmware to 2.1.0-00298 * amdgpu: update green sardine PSP firmware * bnx2x: Add FW 7.13.21.0 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: wilc1000: update WILC1000 firmware to v15.4.1 * rtl_bt: Update RTL8761B BT UART firmware to 0x0CA9_8A6B * rtl_bt: Update RTL8761B BT USB firmware to 0x09A9_8A6B * cxgb4: Update firmware to revision 1.26.4.0 * rtw89: 8852a: update fw to v0.13.33.0 * i915: Add DMC firmware v2.14 for ADL-P * QCA: Add Bluetooth default nvm file for WCN685x ++++ osinfo-db: - Update to database version 20211216 osinfo-db-20211216.tar.xz - Drop add-missing-oracle-linux-versions.patch ------------------------------------------------------------------ ------------------ 2022-1-4 - Jan 4 2022 ------------------- ------------------------------------------------------------------ ++++ glib-networking: - Increase testsuite timeout ++++ kernel-default: - Update patches.suse/netdevsim-Zero-initialize-memory-for-new-map-s-value.patch (bsc#1193927 CVE-2021-4135). Added CVE number. - commit 660e423 - KVM: SEV: unify cgroup cleanup code for svm_vm_migrate_from (jsc#SLE-19924). - KVM: SEV: Add support for SEV-ES intra host migration (jsc#SLE-19924). - KVM: SEV: Add support for SEV intra host migration (jsc#SLE-19924). - KVM: SEV: provide helpers to charge/uncharge misc_cg (jsc#SLE-19924). - KVM: generalize "bugged" VM to "dead" VM (jsc#SLE-19924). - KVM: SEV: Refactor out sev_es_state struct (jsc#SLE-19924). - KVM: x86/mmu: Return old SPTE from mmu_spte_clear_track_bits() (jsc#SLE-19924). - KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation (jsc#SLE-19924). - KVM: x86: Hoist kvm_dirty_regs check out of sync_regs() (jsc#SLE-19924). - KVM: x86/mmu: Mark VM as bugged if page fault returns RET_PF_INVALID (jsc#SLE-19924). - KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM (jsc#SLE-19924). - KVM: Export kvm_make_all_cpus_request() for use in marking VMs as bugged (jsc#SLE-19924). - KVM: Add infrastructure and macro to mark VM as bugged (jsc#SLE-19924). - commit 4c87f07 - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - commit 37c195c - Refresh patches.suse/igc-Do-not-enable-crosstimestamping-for-i225-V-model.patch. Replaced with upstream commit and put to sorted section. - commit 7a69d48 - net/mlx5e: Fix wrong features assignment in case of error (jsc#SLE-19253). - net/mlx5e: TC, Fix memory leak with rules with internal port (jsc#SLE-19253). - igc: Fix TX timestamp support for non-MSI-X platforms (jsc#SLE-18377). - ionic: Initialize the 'lif->dbid_inuse' bitmap (jsc#SLE-19282). - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()' (jsc#SLE-19253). - net/mlx5e: Delete forward rule for ct or sample action (jsc#SLE-19253). - net/mlx5e: Fix ICOSQ recovery flow for XSK (jsc#SLE-19253). - net/mlx5e: Fix interoperability between XSK and ICOSQ recovery flow (jsc#SLE-19253). - net/mlx5e: Fix skb memory leak when TC classifier action offloads are disabled (jsc#SLE-19253). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-19253). - net/mlx5: Fix tc max supported prio for nic mode (jsc#SLE-19253). - net/mlx5: Fix SF health recovery flow (jsc#SLE-19253). - net/mlx5: Fix error print in case of IRQ request failed (jsc#SLE-19253). - net/mlx5: Use first online CPU instead of hard coded CPU (jsc#SLE-19253). - net/mlx5: DR, Fix querying eswitch manager vport for ECPF (jsc#SLE-19253). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-19253). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - bonding: fix ad_actor_system option setting to default (git-fixes). - igb: fix deadlock caused by taking RTNL in RPM resume path (jsc#SLE-18379). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - ice: xsk: fix cleaned_count setting (jsc#SLE-18375). - ice: xsk: allow empty Rx descriptors on XSK ZC data path (jsc#SLE-18375). - ice: xsk: do not clear status_error0 for ntu + nb_buffs descriptor (jsc#SLE-18375). - ice: remove dead store on XSK hotpath (jsc#SLE-18375). - ice: xsk: allocate separate memory for XDP SW ring (jsc#SLE-18375). - ice: xsk: return xsk buffers back to pool when cleaning the ring (jsc#SLE-18375). - commit 23e6d3c ++++ libeconf: - Update to version 0.4.4+git20220104.962774f: * Fixed i586 build (#158) - Update to version 0.4.2+git20220104.5dfd69d: * Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) ++++ sg3_utils: - Update to version 1.47+2.388b767: * rescan-scsi-bus.sh: apply fix for '-r' (boo#1194293) * _service: use openSUSE github repo again (with cherry-picks from upstream) * spec file: suppress commit ID in library version ++++ systemd: - Update systemd-user PAM service again Change the default implementation of pam_setcred() again, previously customized to run the full "auth" PAM stack and only call pam_deny.so which is basically the SUSE default behavior without pam_warn.so. This is considered safer, especially on SLE where a regression was spotted by QA. ++++ suse-module-tools: - Update to version 15.4.11: * cdrom: Disable autoclose by default (boo#1165047). * Make regenerate-initrd-posttrans compatible with Dracut's UEFI mode (unified kernel image) ------------------------------------------------------------------ ------------------ 2022-1-3 - Jan 3 2022 ------------------- ------------------------------------------------------------------ ++++ kdump: - kdump-0.9.2-mkdumprd-properly-pass-compression-params.patch: Fix malformation in passing Dracut compression parameters in mkdumprd (bsc#1193765). - Refresh existing patches. ++++ kernel-default: - scsi: lpfc: Use struct_group to isolate cast to larger object (bsc#1194266). - scsi: lpfc: Use struct_group() to initialize struct lpfc_cgn_info (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - commit 56f0e4d - Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch Update meta data and move the patch into the sorted section. - commit 801abe1 - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - commit bf283b6 - Input: goodix - try not to touch the reset-pin on x86/ACPI devices (git-fixes). - commit 9c810e6 - Input: goodix - push error logging up into i2c_read and i2c_write helpers (git-fixes). - commit 83b987d - Input: goodix - refactor reset handling (git-fixes). - commit fe6c264 - Input: goodix - add a goodix.h header file (git-fixes). - commit d09187d - Input: goodix - change goodix_i2c_write() len parameter type to int (git-fixes). - commit cf299db - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - commit 7669ccb - drm/i915/adlp: Remove require_force_probe protection (jsc#SLE-22725). - commit ed19f50 - media: Revert "media: uvcvideo: Set unique vdev name based in type" (bsc#1193255). - commit ece5395 - hv: utils: add PTP_1588_CLOCK to Kconfig to fix build (git-fixes). - commit f927f33 - i2c: validate user data in compat ioctl (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - commit 67ef690 ++++ ovmf: - Modified gdb_uefi.py.in for python3 (bsc#1192126) - change 'long' to 'int' - using print (' instead of print " ++++ systemd-presets-branding-SMO: - enable wicked.service (jsc#SMO-8) ++++ yast2-trans: - Update to version 84.87.20220102.99430aa97b: * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Arabic) * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'security'. * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) ------------------------------------------------------------------ ------------------ 2022-1-2 - Jan 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rtw89: 8852a: correct bit definition of dfs_en (bsc#1188303). - rtw89: coex: Update COEX to 5.5.8 (bsc#1188303). - rtw89: coex: Cancel PS leaving while C2H comes (bsc#1188303). - rtw89: coex: Update BT counters while receiving report (bsc#1188303). - rtw89: coex: Define LPS state for BTC using (bsc#1188303). - rtw89: coex: Add MAC API to get BT polluted counter (bsc#1188303). - rtw89: coex: Not to send H2C when WL not ready and count H2C (bsc#1188303). - rtw89: coex: correct C2H header length (bsc#1188303). - rtw89: don't kick off TX DMA if failed to write skb (bsc#1188303). - rtw89: remove cch_by_bw which is not used (bsc#1188303). - rtw89: fix sending wrong rtwsta->mac_id to firmware to fill address CAM (bsc#1188303). - rtw89: fix incorrect channel info during scan (bsc#1188303). - rtw89: update scan_mac_addr during scanning period (bsc#1188303). - rtw89: use inline function instead macro to set H2C and CAM (bsc#1188303). - rtw89: add const in the cast of le32_get_bits() (bsc#1188303). - commit de4e062 ++++ sqlite3: - update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. ------------------------------------------------------------------ ------------------ 2022-1-1 - Jan 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - commit 9eb35f2 - Move upstreamed patches into sorted section - commit d24f83f - uapi: fix linux/nfc.h userspace compilation errors (git-fixes). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - uapi: Fix undefined __always_inline on non-glibc systems (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous (git-fixes). - USB: serial: option: add Telit FN990 compositions (git-fixes). - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" (git-fixes). - USB: core: Make do_proc_control() and do_proc_bulk() killable (git-fixes). - commit fd73c6a - r8152: sync ocp base (git-fixes). - r8152: fix the force speed doesn't work for RTL8156 (git-fixes). - serial: 8250_fintek: Fix garbled text for console (git-fixes). - soc: imx: Register SoC device only on i.MX boards (git-fixes). - Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field" (git-fixes). - serial: 8250: Fix reporting real baudrate value in c_ospeed field (git-fixes). - commit a7820da - NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes). - nfc: uapi: use kernel size_t to fix user-space builds (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: bcm2835: Change init order for gpio hogs (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - platform/x86: intel_pmc_core: fix memleak on registration failure (git-fixes). - platform/x86: amd-pmc: only use callbacks for suspend (git-fixes). - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - PCI/MSI: Mask MSI-X vectors only on success (git-fixes). - pinctrl: amd: Fix wakeups when IRQ is shared with SCI (git-fixes). - commit c29a200 - mac80211: fix locking in ieee80211_start_ap error path (git-fixes). - mmc: mmci: stm32: clear DLYB_CR after sending tuning command (git-fixes). - mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO commands (git-fixes). - mmc: core: Disable card detect during shutdown (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - memory-hotplug.rst: fix wrong /sys/module/memory_hotplug/parameters/ path (git-fixes). - memory-hotplug.rst: fix two instances of "movablecore" that should be "movable_node" (git-fixes). - commit e3c9499 - kernel/crash_core: suppress unknown crashkernel parameter warning (git-fixes). - Refresh patches.suse/add-product-identifying-information-to-vmcoreinfo.patch. - commit e11041f - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: fix rate control for retransmitted frames (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - LSM: Avoid warnings about potentially unused hook variables (git-fixes). - commit 2417651 - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312 (git-fixes). - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - Input: goodix - add id->model mapping for the "9111" model (git-fixes). - Input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - Input: iqs626a - prohibit inlining of channel parsing functions (git-fixes). - hamradio: improve the incomplete fix to avoid NPD (git-fixes). - gpio: dln2: Fix interrupts when replugging the device (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - HID: potential dereference of null pointer (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - hamradio: defer ax25 kfree after unregister_netdev (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - commit cda309a - drm/amd/display: Set optimize_pwr_state for DCN31 (git-fixes). - drm/amd/display: Send s0i2_rdy in stream_count == 0 optimization (git-fixes). - drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf (git-fixes). - drm/amd/pm: fix a potential gpu_metrics_table memory leak (git-fixes). - drm/amd/display: Set exit_optimized_pwr_state for DCN31 (git-fixes). - drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC (git-fixes). - drm/amdgpu: don't override default ECO_BITs setting (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - commit 791c862 - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - commit d8f06f2 - drm/ast: potential dereference of null pointer (git-fixes). - drm: simpledrm: fix wrong unit with pixel clock (git-fixes). - Revert "drm/fb-helper: improve DRM fbdev emulation device names" (git-fixes). - drm/i915/display: Fix an unsigned subtraction which can never be negative (git-fixes). - drm/amdkfd: process_info lock not needed for svm (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amdkfd: fix double free mem structure (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - commit 3978643 - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - dmaengine: idxd: fix missed completion on abort path (git-fixes). - dmaengine: idxd: fix calling wq quiesce inside spinlock (git-fixes). - drm/amdgpu: check atomic flag to differeniate with legacy path (git-fixes). - drm/msm/dp: Avoid unpowered AUX xfers that caused crashes (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms (git-fixes). - drm/i915/dp: Ensure max link params are always valid (git-fixes). - drm/i915/dp: Ensure sink rate values are always valid (git-fixes). - commit 2ffa66e - ax25: NPD bug when detaching AX25 device (git-fixes). - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - bus: sunxi-rsb: Fix shutdown (git-fixes). - cfg80211: Acquire wiphy mutex on regulatory work (git-fixes). - clk: Don't parent clks until the parent is fully registered (git-fixes). - dmaengine: idxd: add halt interrupt support (git-fixes). - bus: ti-sysc: Fix variable set but not used warning for reinit_modules (git-fixes). - cachefiles: Fix oops with cachefiles_cull() due to NULL object (git-fixes). - cachefiles: Fix oops in trace_cachefiles_mark_buried due to NULL object (git-fixes). - commit cd688de - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - ASoC: tas2770: Fix setting of high sample rates (git-fixes). - ASoC: rt5682: fix the wrong jack type detected (git-fixes). - ASoC: tegra: Restore headphones jack name on Nyan Big (git-fixes). - ASoC: tegra: Add DAPM switches for headphones and mic jack (git-fixes). - ASoC: SOF: Intel: pci-tgl: add new ADL-P variant (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-N support (git-fixes). - commit a7aad6f - ALSA: rawmidi - fix the uninitalized user_pversion (git-fixes). - ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - ALSA: jack: Check the return value of kstrdup() (git-fixes). - ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P (git-fixes). - ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid (git-fixes). - commit edda50f ------------------------------------------------------------------ ------------------ 2021-12-30 - Dec 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - igc: Do not enable crosstimestamping for i225-V models (bsc#1193039). - commit 4b7258e - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - commit 502efc5 - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - Delete patches.suse/ftrace-recordmcount-binutils.patch. - commit e276c5a - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - commit 3ba8941 ++++ libcap: - update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID ------------------------------------------------------------------ ------------------ 2021-12-29 - Dec 29 2021 ------------------- ------------------------------------------------------------------ ++++ mozilla-nspr: - update to 4.33: * fixes to build system and export of private symbols ------------------------------------------------------------------ ------------------ 2021-12-28 - Dec 28 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - signal: Skip the altstack update when not needed (bsc#1190497). - commit 0a4e2d9 - bpf: Fix kernel address leakage in atomic fetch (bsc#1193883). - commit ebab46c ------------------------------------------------------------------ ------------------ 2021-12-27 - Dec 27 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - locking/rtmutex: Fix incorrect condition in rtmutex_spin_on_owner() (bsc#1190137 bsc#1189998). - ipc: WARN if trying to remove ipc object which is absent (bsc#1190187). - ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL (bsc#1190187). - ipc: check checkpoint_restore_ns_capable() to modify C/R proc files (bsc#1190187). - mm,hugetlb: remove mlock ulimit for SHM_HUGETLB (bsc#1190187). - futex: Fix PREEMPT_RT build (bsc#1190137 bsc#1189998). - futex: Simplify double_lock_hb() (bsc#1190137 bsc#1189998). - futex: Split out wait/wake (bsc#1190137 bsc#1189998). - futex: Split out requeue (bsc#1190137 bsc#1189998). - futex: Rename mark_wake_futex() (bsc#1190137 bsc#1189998). - futex: Rename: match_futex() (bsc#1190137 bsc#1189998). - futex: Rename: hb_waiter_{inc,dec,pending}() (bsc#1190137 bsc#1189998). - futex: Split out PI futex (bsc#1190137 bsc#1189998). - futex: Rename: {get,cmpxchg}_futex_value_locked() (bsc#1190137 bsc#1189998). - futex: Rename hash_futex() (bsc#1190137 bsc#1189998). - futex: Rename __unqueue_futex() (bsc#1190137 bsc#1189998). - futex: Rename: queue_{,un}lock() (bsc#1190137 bsc#1189998). - futex: Rename futex_wait_queue_me() (bsc#1190137 bsc#1189998). - futex: Rename {,__}{,un}queue_me() (bsc#1190137 bsc#1189998). - futex: Split out syscalls (bsc#1190137 bsc#1189998). - futex: Move to kernel/futex/ (bsc#1190137 bsc#1189998). - commit 2cdb038 - cifs: sanitize multiple delimiters in prepath (bsc#1193629). - commit 451f2d6 - cifs: ignore resource_id while getting fscache super cookie (bsc#1193629). - commit eeba60d - cifs: fix ntlmssp auth when there is no key exchange (bsc#1193629). - commit 0175110 - cifs: avoid use of dstaddr as key for fscache client cookie (bsc#1193629). - commit f3d9639 - cifs: add server conn_id to fscache client cookie (bsc#1193629). - commit 107f3d6 - cifs: wait for tcon resource_id before getting fscache super (bsc#1193629). - commit 9ad6391 - cifs: fix missed refcounting of ipc tcon (bsc#1193629). - commit 324a379 - cifs: update internal version number (bsc#1193629). - commit 069cbf3 - smb2: clarify rc initialization in smb2_reconnect (bsc#1193629). - commit 7fb1cf7 - cifs: populate server_hostname for extra channels (bsc#1193629). - commit a78bb02 - cifs: nosharesock should be set on new server (bsc#1193629). - commit f9c0a11 - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1193629). - commit 75cf16a - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1193629). - commit 7b74cfa - cifs: move debug print out of spinlock (bsc#1193629). - commit 3fe9ee3 - cifs: do not duplicate fscache cookie for secondary channels (bsc#1193629). - commit ec76d5a - cifs: connect individual channel servers to primary channel server (bsc#1193629). - commit c5cace7 - cifs: protect session channel fields with chan_lock (bsc#1193629). - commit fc55a6d - cifs: do not negotiate session if session already exists (bsc#1193629). - commit 61214c8 - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1193629). - commit ed23408 - cifs: fix potential use-after-free bugs (bsc#1193629, jsc#SLE-20043). - commit 5c08eeb - smb3: add additional null check in SMB311_posix_mkdir (bsc#1193629). - commit ceaffcf - cifs: release lock earlier in dequeue_mid error case (bsc#1193629). - commit c5b3ecb - smb3: add additional null check in SMB2_tcon (bsc#1193629). - commit 4035864 - smb3: add additional null check in SMB2_open (bsc#1193629). - commit 8ea5886 - smb3: add additional null check in SMB2_ioctl (bsc#1193629). - commit a851210 - smb3: remove trivial dfs compile warning (bsc#1193629, jsc#SLE-20043). - commit 890475c - cifs: support nested dfs links over reconnect (bsc#1193629, jsc#SLE-20043). - commit 59d47b4 - cifs: for compound requests, use open handle if possible (bsc#1193629). - commit 02e1bae - cifs: split out dfs code from cifs_reconnect() (bsc#1193629, jsc#SLE-20043). - commit af9cd3d - cifs: convert list_for_each to entry variant (bsc#1193629, jsc#SLE-20043). - commit dce8737 - cifs: introduce new helper for cifs_reconnect() (bsc#1193629, jsc#SLE-20043). - commit 5e2b90c - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1193629, jsc#SLE-20043). - commit 449aafc - cifs: send workstation name during ntlmssp session setup (bsc#1193629). - Refresh patches.suse/cifs-fix-memory-leak-of-smb3_fs_context_dup-server_h.patch. - commit 343b351 - cifs: nosharesock should not share socket with future sessions (bsc#1193629). - commit 7e97086 - smb3: add dynamic trace points for socket connection (bsc#1193629). - commit 893bf17 - cifs: Move SMB2_Create definitions to the shared area (bsc#1193629). - commit ecfb219 - cifs: Move more definitions into the shared area (bsc#1193629). - commit 89babe6 - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1193629). - commit 445edea - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1193629). - commit ed5b95d - cifs: add mount parameter tcpnodelay (bsc#1193629). - commit a35b30c - smb3: correct server pointer dereferencing check to be more consistent (bsc#1193629). - commit 528e69d - cifs: Clear modified attribute bit from inode flags (bsc#1193629). - commit 877f02c - cifs: Deal with some warnings from W=1 (bsc#1193629). - commit 48de0a6 - cifs: Deferred close performance improvements (bsc#1193629). - commit 3284ea4 - cifs: fix incorrect kernel doc comments (bsc#1193629). - commit e10f67b - cifs: remove pathname for file from SPDX header (bsc#1193629). - commit eba423d - cifs: move SMB FSCTL definitions to common code (bsc#1193629). - commit 5fa969c - cifs: rename cifs_common to smbfs_common (bsc#1193629). - Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4 - Update configs to add CONFIG_SMBFS_COMMON=m. - commit ece4318 - cifs: cifs_md4 convert to SPDX identifier (bsc#1193629). - commit d7aa128 - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1193629). - commit 79d9d13 - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1193629). - commit ac6203b - cifs: update FSCTL definitions (bsc#1193629). - commit 66c717f - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1190497). - commit c9f5572 ++++ expat: - update to 2.4.2: * Link againgst libm for function "isnan" * Include expat_config.h as early as possible * Autotools: Include files with release archives: - buildconf.sh - fuzz/*.c * Autotools: Sync CMake templates * docs: Document that function XML_GetBuffer may return NULL when asking for a buffer of 0 (zero) bytes size * docs: Fix return value docs for both XML_SetBillionLaughsAttackProtection* functions * Version info bumped from 9:1:8 to 9:2:8 ++++ yast2-trans: - Update to version 84.87.20211227.623da84d84: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2021-12-23 - Dec 23 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Drop the preempt kernel flavor (jsc#SLE-18857) The extra -preempt flavor is no longer needed when we have PREEMPT_DYNAMIC enabled and the boot-time "preempt=" option available. - commit 9d1770c ++++ pango: - Update to version 1.50.3: + pango-view: Add --serialize-to option for easy bug reporting. + Revert a transformation change that broke metrics for vertical text. + Handle fonts without space glyph (such as icon fonts) better. + Fix some corner cases of line width accounting. + Fix line height with emulated Small Caps. ++++ net-snmp: - Fix LFH violation during v3 user creation (bsc#1181591). Add net-snmp-5.7.3-fix-create-v3-user-outfile.patch ++++ libzypp: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of iso: URL components (bsc#954813) - Handle armv8l as armv7hl compatible userland. - Introduce zypp-curl a sublibrary for CURL related code. - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set. - Save all signatures associated with a public key in its PublicKeyData. - version 17.29.0 (22) ++++ ovmf: - Removed useless patch files because they are merged to edk2-stable202111 - ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch - ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch - ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch - Updated URL to the edk2 repo on github - Use downloaded edk2-edk2-stable%{version}.tar.gz instead of the URL for Source0 because the edk2-edk2-stable202111 tarball is broken in tianocore repo which can not pass the "osc service runall download_files" testing. - We ill change it back to the following setting when upstream fixed tarball: Source0: https://github.com/tianocore/edk2/releases/download/edk2-stable%{version}/edk2-edk2-stable%{version}.tar.gz ++++ yast2: - properly pass named arguments in ruby3 (bsc#1193192) - 4.4.32 ++++ zypper: - Singletrans: handle fatal and non-fatal script errors properly. - Add SingleTransReportReceiver. - Immediately write out additional rpm output. - BuildRequires: libzypp-devel >= 17.29.0. Need SingleTransReport and immediate rpm script output reports. - version 1.14.51 ------------------------------------------------------------------ ------------------ 2021-12-22 - Dec 22 2021 ------------------- ------------------------------------------------------------------ ++++ glibc: - Add support for livepatches (jsc#SLE-20049). - Enable livepatching on x86_64. - Generate ipa-clones tarball artifact when livepatching is enabled. ++++ gnutls: - FIPS: Provide a service-level indicator [bsc#1190698] * Add support for a "service indicator" as required in the FIPS140-3 Implementation Guidance in section 2.4.C * Add patches: - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch ++++ kernel-default: - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - commit ef4c569 - arm64: Implement HAVE_PREEMPT_DYNAMIC (jsc#SLE-18857). - arm64: Implement IRQ exit preemption static call for dynamic preemption (jsc#SLE-18857). - sched/preempt: Prepare for supporting !CONFIG_GENERIC_ENTRY (jsc#SLE-18857). - arm64: implement support for static call trampolines (jsc#SLE-18857). - commit 2443f87 - blacklist.conf: ef775a0e36c6 x86/Kconfig: Fix an unused variable error in dell-smm-hwmon - commit 79fbdb8 - static_call: Use non-function types to refer to the trampolines (jsc#SLE-18857). - commit 16af38a - clk: renesas: r8a779a0: Add the DSI clocks (git-fixes). - commit 4144466 - clk: renesas: r8a779a0: Add the DU clock (git-fixes). - commit e4f5038 - bpf: Make sure bpf_disable_instrumentation() is safe vs preemption (git-fixes). - commit 3c01bdb - bpf, x86: Fix "no previous prototype" warning (git-fixes). - commit d18ea1d - arm64: mm: Fix VM_BUG_ON(mm != &init_mm) for trans_pgd (git-fixes). - commit 3d5d99f - PM: sleep: Fix error handling in dpm_prepare() (git-fixes). - commit 1d4147f - HID: holtek: fix mouse probing (git-fixes). - commit e70fdd2 - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - commit 403e13c ++++ net-snmp: - Fix hrStorage autofs objects timeout problems (bsc#1179699, bsc#1145864). Add net-snmp-5.7.3-host-mib-skip-autofs-entries.patch Add net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch - Fix NSS mounted volumes in hrStorageDescr (bsc#1100146). Add net-snmp-5.7.3-recognize-nss-pools-and-nss-volumes-oes.patch - Fix subagent crash at save_set_var() (bsc#1178021). Add net-snmp-5.7.3-subagent-set-response.patch - Fix subagent data corruption (bsc#1178351, bsc#1179009). Add net-snmp-5.7.3-fix-subagent-data-corruption.patch ++++ permissions: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ++++ qemu: - Fix testsuite failures by not using modules when building tests (and some other, also testsuite related, spec file problems) ++++ rpm: - Backport header check changes so that old rpms get no longer rejected [bsc#1190824] updated patch: headerchk3.diff ------------------------------------------------------------------ ------------------ 2021-12-21 - Dec 21 2021 ------------------- ------------------------------------------------------------------ ++++ dosfstools: - To be able to create filesystems compatible with previous version, add -g command line option to mkfs (boo#1188401, dosfstools-add-g.patch). - BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use "-a" command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use "file -s $IMAGE", check its "sectors/track" and "heads", and use them in the newly introduced "-g" command line argument. ++++ grub2: - Fix CVE-2021-3981 (bsc#1189644) * 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch ++++ gtk3: - Update to version 3.24.31: + input: Fix a crash with touch on GtkScale. + clipboard: Avoid a double-free. + css: Avoid a crash with radial gradients. + GtkFileChooser: Don't leak search results. + GtkTextView: Support css letterspacing. + Wayland: - Reset position when hiding popups. - Ignore globals we did not bind ourselves. - Avoid infinite loops when hiding surfaces. - Avoid clipboard-related lockups. + X11: - Trap errors while doing XRANDR calls. - Support touchpad gestures with XI 2.4. + Updated translations. ++++ kernel-default: - RDMA/hns: Replace kfree() with kvfree() (bsc#1190336). - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes). - RDMA/hns: Fix RNR retransmission issue for HIP08 (bsc#1190336). - sfc_ef100: potential dereference of null pointer (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (jsc#SLE-18384). - ixgbe: Document how to enable NBASE-T support (jsc#SLE-18384). - igc: Fix typo in i225 LTR functions (jsc#SLE-18377). - igbvf: fix double free in `igbvf_probe` (jsc#SLE-18379). - igb: Fix removal of unicast MAC filters of VFs (jsc#SLE-18379). - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (git-fixes). - ice: Don't put stale timestamps in the skb (jsc#SLE-18375). - ice: Use div64_u64 instead of div_u64 in adjfine (jsc#SLE-18375). - iavf: do not override the adapter state in the watchdog task (again) (jsc#SLE-18385). - iavf: missing unlocks in iavf_watchdog_task() (jsc#SLE-18385). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (git-fixes). - net: hns3: fix race condition in debugfs (bsc#1190336). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (bsc#1190336). - commit c8da480 - USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - commit 21acdf8 - usb: cdnsp: Fix lack of spin_lock_irqsave/spin_lock_restore (git-fixes). - commit 0ecdeb8 - usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe (git-fixes). - commit 706591c - usb: cdnsp: Fix incorrect status for control request (git-fixes). - commit 39c7644 - usb: cdnsp: Fix issue in cdnsp_log_ep trace event (git-fixes). - commit 6a1899d - usb: cdnsp: Fix incorrect calling of cdnsp_died function (git-fixes). - commit 6500212 - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - commit de812df - fscache: Use refcount_t for the cookie refcount instead of atomic_t (bsc#1190277). - fscache: Fix fscache_cookie_put() to not deref after dec (bsc#1190277). - cachefiles: Change %p in format strings to something else (bsc#1190277). - fscache: Change %p in format strings to something else (bsc#1190277). - fscache: Remove the object list procfile (bsc#1190277). - fscache, cachefiles: Remove the histogram stuff (bsc#1190277). - fscache: Procfile to display cookies (bsc#1190277). - fscache: Add a cookie debug ID and use that in traces (bsc#1190277). - commit 7bdee94 ++++ libthai: - Update to version 0.1.29. * Rewritten thbrk test. * More compliance with UAX#14 (Unicode Line Breaking Algorithm) for thbrk. * Fix a typo in TIS-620 character name in tis.h. * Updated word break dictionary. ++++ qemu: - [JIRA] (SLE-20965) Make QEMU guests more failsafe when resizing SCSI passthrough disks * Patches added: scsi-generic-replace-logical-block-count.patch ++++ ovmf: - Update to edk2-stable202111 - Features (https://github.com/tianocore/edk2/releases): Add SSDT CPU topology generator Support ACPI 6.4 in GTDT parser and generator Support ACPI 6.4 in DynamicTables FADT parser Support ACPI 6.4 in Acpiview PCCT parser Support ACPI 6.4 in Acpiview HMAT parser Add support for the microvm machine type (qemu) OVMF/ArmVirt: add support for virtio-mmio 1.0 IntelFsp2Pkg: adopt FSP 2.3 specification UefiCpuPkg VTF0 X64: Build page tables using Linear-Address Translation to a 1-GByte Page Enable wildcard host name matching in HTTPS/TLS implementation Add QuickSort function into BaseLib Add SMM NV variable support in universal UEFI payload Add TDVF to OvmfPkg Make package and platform builds reproducible across source format changes - Patches (git log --oneline --reverse edk2-stable202108~..edk2-stable202111): 7b4a99be8a CryptoPkg: BaseCryptLib fix incorrect param order 82f7e315d6 MdeModulePkg/PeiCore: Remove MigrateSecModulesInFv() 8b15024dc7 Maintainers: Add kraxel as Reviewer to ArmVirtPkg and OvmfPkg 80e67af9af OvmfPkg: introduce a common work area ab77b6031b OvmfPkg/ResetVector: update SEV support to use new work area format b9af5037b2 OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm a82bad9730 ArmPkg/GicV3Dxe: Don't signal EOI on arbitrary interrupts 94e465e5cb OvmfPkg/Virtio10: Add virtio-mmio 1.0 defines 08293e43da OvmfPkg/VirtioMmioDeviceLib: Add virtio 1.0 detection. 212a2b9bb8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Fix SetPageSize. 537a724421 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Fix SetQueueAddress 6a3e9576b8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Add default QueueNum ae12188cf8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Adapt feature bit handling 77d5fa8024 OvmfPkg/VirtioMmioDeviceLib: enable virtio 1.0 b04453d36b MdeModulePkg/EbcDxe: Mitigate memcpy intrinsics dc995ce906 MdeModulePkg: Add BootDiscoveryPolicyOld variable. 443300be46 MdePkg:Update IndustryStandard/Nvme.h with Nvme amdin controller data 0f11537548 MdeModulePkg:Increase Nvme capacity display cae735f613 ArmPkg: Enable boot discovery policy for ARM package. cb0d24637d OvmfPkg/OvmfXen: set PcdAcpiS3Enable at initialization 28152333bc OvmfPkg/LockBoxLib: use PcdAcpiS3Enable to detect S3 support 52e2dabc0f OvmfPkg/PlatformBootManagerLib: use PcdAcpiS3Enable to detect S3 support 5b5f10d746 OvmfPkg/SmmControl2Dxe: use PcdAcpiS3Enable to detect S3 support 9f3eda177a OvmfPkg/OvmfXen: add QemuKernelLoaderFsDxe f0fe55bca4 UefiPayloadPkg: Fix the build error when enable Core ci for UefiPayloadPkg 5d34cc49d5 UefiCpuPkg/PiSmmCpuDxeSmm: Update mPatchCetSupported set condition cdda3f74a1 UefiPayloadPkg/UefiPayloadEntry: Fix memory corruption 3b3f882288 MdeModulePkg/PiSmmCore: Drop deprecated image profiling commands b170806518 UefiCpuPkg: Clean up save state boundary checks and comments. 12e33dca4c IntelFsp2Pkg: Support Config File and Binary delta comparison 63fddc98e0 UefiPayloadPkg: Create .yaml file in UefiPayloadPkg e3ee8c8dbd .azurepipelines: Add UefiPayloadPkg in gate-build-job.yml and CISetting.py b6bc203375 MdeModulePkg/HiiDatabaseDxe:remove dead code block c5e805ffe1 MdeModulePkg: Fix typo of "memory" in RamDiskDxe debug message 81d71fb86e Maintainers.txt: Update maintainer/reviewer roles in MdeModulePkg edf8bc6d24 SecurityPkg/MemoryOverwriteControl: Add missing argument to DEBUG print 4473834e7d OvmfPkg/OvmfXen: Fix build with QemuKernelLoaderFsDxe a7cf2c5664 RedfishPkg: Fix various typos 851785ea67 UefiPayloadPkg: Include more modules in UefiPayloadPkg. d248516b3a UefiPayloadPkg: Include Network modules in UefiPayloadPkg. 6c7d6d4a5e UefiCpuPkg: ResetVector Tool Support for Python 3 cf7c650592 UefiCpuPkg: ResetVector Tool additional debug prints d96df7e993 UefiPayloadPkg: Fix the bug in dump guid HOB info functions dcd3d63f4f UefiPayloadPkg: Dump hob info from gEdkiiBootManagerMenuFileGuid 610d8073f2 SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms 4d5f39cd22 SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib ebbc8ab2cd SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms 2906e572c6 SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues f108178c56 SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy a4867dea2a SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms 2fa89c8e11 SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues 3b69fcf5f8 SecurityPkg: Add references to header and inf files to SecurityPkg 6c80564b89 MdeModulePkg/Core/Pei: Fix typo in function descriptions 6f501a7c9b MdeModulePkg/Core/Pei: Make migrated PEIM message verbose c19d18136e MdeModulePkg/Core/Pei: Fix pointer size mismatch in EvacuateTempRam() f4e72cf9d6 UefiPayloadPkg: Add script to build UniversalPayload in UefiPayloadPkg bda3546c55 UefiPayloadPkg: Fix the warning when building UefiPayloadPkg with IA32+X64 010753b7e7 UefiCpuPkg: Refactor initialization of CPU features during S3 resume 89f7ed8b29 UefiCpuPkg: Prevent from re-initializing CPU features during S3 resume 60d8bb9f28 UefiCpuPkg: VTF0 Linear-Address Translation to a 1-GByte Page till 512GB ac6388add4 ArmPkg/ProcessorSubClassDxe: Fix the format of ProcessorId e3e47d7963 UefiCpuPkg: SecCoreNative without ResetVector 542cba73d2 SecurityPkg: Add debug log for indicating IBB verified OBB successfully f334c5a41d IntelFsp2WrapperPkg: Make PcdFspModeSelection dynamic 79019c7a42 OvmfPkg: set a default value for the WorkAreaHeader PCD fdeff3fdae EmbeddedPkg: Remove duplicate libfdt.h include f2a7e24e38 EmbeddedPkg: AndroidBootImgBoot error handling updates c0cd26f43c EmbeddedPkg: Install FDT if UpdateDtb is not present 7ea7f9c077 EmbeddedPkg: Add LoadFile2 for linux initrd d60915b751 UefiPayloadPkg: Add Macro to enable or disable some drivers. 46b4606ba2 MdeModulePkg/PciBusDxe: Improve the flow of testing support attributes f57040b038 MdeModulePkg/BootManagerMenuApp: Limit string drawing within one line b0f1b1c5fd MdePkg: Fix DEVICE_SECURITY_EVENT_DATA_HEADER version definition cc5a67269e UefiPayloadPkg: Build a HOB from bootloader ACPI table dc430ccf3f UefiPayloadPkg: Use dummy constructor for PlatformHookLib 4a1899dd79 UefiPayloadPkg: Add ".upld_info" in universal payload 2ea0a0a414 BaseTools: Switch to downloading the ARM compiler from Arm's site 1ce6ceb75b BaseTools: Switch to downloading the AARCH64 compiler from Arm's site c214128a38 BaseTools/GenMake: Use ToolDefinition as fallback option 259c184c8f BaseTools/build: Set MakefileName 445c39f757 BaseTools: Remove Makefile/MakefileName fields c7d5b046d9 BaseTools: Remove hard-coded strings for target and tools_def 442e46d3b6 UefiPayloadPkg: Update maximum logic processor to 256 499c4608b1 OvmfPkg/TPM PPI: Connect default consoles for user interaction b8675deaa8 OvmfPkg: Handle TPM 2 physical presence opcodes much earlier 8ab8fbc016 OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation bd298d7593 OvmfPkg: Reference new Tcg2PlatformPei in the build system f86de75862 MdePkg: MmCommunication: Added definition of MM Communication PPI 8b4bb94f64 MdePkg: CI YAML: Added new GUID to ignore duplicate list 9e950cda6a MdeModulePkg: CI YAML: Added new GUID to ignore duplicate list 2273799677 SecurityPkg: Fix SecureBootDefaultKeysDxe failed to start 422e5d2f7f UefiPayloadPkg: Remove asm code and sharing libraries 0875443f7e DynamicTablesPkg: Extract AcpiHelperLib from TableHelperLib 20775950c6 DynamicTablesPkg: Update TableHelperLib.inf 1ad5182500 DynamicTablesPkg: Rename single char input parameter 653113412f DynamicTablesPkg: Add HexFromAscii() to AcpiHelperLib 72ab552554 DynamicTablesPkg: Add AmlGetEisaIdFromString() to AcpiHelperLib 96e006b37e DynamicTablesPkg: Add Configuration Manager Object parser 235ff9fcd1 DynamicTablesPkg: Use %a formatter in AmlDbgPrint 7a8c037e9e DynamicTablesPkg: Update DynamicTablesPkg.ci.yaml 691c5f7762 DynamicTablesPkg: Deprecate Crs specific methods in AmlLib 22873f58c4 DynamicTablesPkg: Rework AmlResourceDataCodegen.c/h 4cc1458dbe IntelFsp2Pkg: Adopt FSP 2.3 specification. c49cb8f30e ArmPkg: SmbiosMiscDxe: Don't populate ExtendedBiosSize when size < 16MB 282122ec5f ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib b3685956d2 ArmVirtPkg: Reference new TPM classes in the build system for compilation c806b76865 ArmVirtPkg: Disable the TPM2 platform hierarchy 606340fba3 OvmfPkg/Microvm: copy OvmfPkgX64 files as-is 4932f05a00 OvmfPkg/Microvm: rename output files, fix includes 2a49c19b9e OvmfPkg/Microvm: no smm 60d55c4156 OvmfPkg/Microvm: no secure boot 0569c52b15 OvmfPkg/Microvm: no tpm 06fa1f1931 OvmfPkg/Microvm: no sev 6073bf6cd8 OvmfPkg/Microvm: no csm b9dd64b80e OvmfPkg/Microvm: no emulated scsi 27de86ae41 OvmfPkg/Microvm: use MdePkg/Library/SecPeiDxeTimerLibCpu 76602f45dc OvmfPkg/Microvm: use XenTimerDxe (lapic timer) 6a8e9ad24b OvmfPkg/Microvm: PlatformPei/MemDetect tweaks 8583b57c5c OvmfPkg/Microvm: PlatformPei/Platform memory map tweaks bf02d73e74 OvmfPkg/Microvm: PlatformPei/Platform: add id. 1d3e89f349 OvmfPkg/ResetSystemLib: add driver for microvm 2c467c9be2 OvmfPkg/Microvm: BdsPlatform: PciAcpiInitialization tweak. 8456785986 OvmfPkg/Microvm: use PciHostBridgeLibNull 55f47d2299 OvmfPkg/Microvm: wire up serial console, drop super-io 862e814de4 OvmfPkg/Microvm: add Maintainers.txt entry 06a326caf1 DynamicTablesPkg: Update FADT generator to ACPI 6.4 f09dbf20b9 DynamicTablesPkg: Rename SBSA generic watchdog 942c9bd357 ShellPkg: Update Acpiview GTDT parser to ACPI 6.4 80e67bcb23 ShellPkg: Update Acpiview PCCT parser to ACPI 6.4 b4da6c29f1 ShellPkg: Add Type 5 PCC Subspace Structure parser 5ece2ad36c MdeModulePkg/Core/Dxe: Add lock protection in CoreLocateHandleBuffer() 30400318a2 ShellPkg: Update Acpiview HMAT parser to ACPI spec version 6.4 71c3c9c0c4 DynamicTablesPkg: Remove unnecessary includes 25cf58a163 DynamicTablesPkg: Add missing parameter check bfaf7c8b9e DynamicTablesPkg: Add AddSsdtAcpiHeader() 28b2df475f DynamicTablesPkg: Add AmlRdSetEndTagChecksum() 74addfeab6 DynamicTablesPkg: Add AmlSetRdListCheckSum() 7b2022d39e DynamicTablesPkg: Set EndTag's Checksum if RdList is modified 2dd7dd3952 DynamicTablesPkg: Clear pointer in node creation fcts 37bd08176c DynamicTablesPkg: Update error handling for node creation 6d2777d85f DynamicTablesPkg: Make AmlNodeGetIntegerValue public f995f8672b DynamicTablesPkg: AML Code generation for Register() 9454d1ebcb DynamicTablesPkg: AML Code generation for Resource data EndTag 1e33479b39 DynamicTablesPkg: AML code generation for a Package 12e65fd258 DynamicTablesPkg: Helper function to compute package length ce15936f2f DynamicTablesPkg: AML code generation for a ResourceTemplate de62ccbf4f DynamicTablesPkg: AML code generation for a Method e2d7b4950b DynamicTablesPkg: AML code generation to Return a NameString 3e958e93ce DynamicTablesPkg: AML code generation for a Method returning a NS 018a962d92 DynamicTablesPkg: AML code generation for a _LPI object a5e36ad9bc DynamicTablesPkg: AML code generation to add an _LPI state f17ef10e63 DynamicTablesPkg: Add CM_ARM_LPI_INFO object 769e63999f DynamicTablesPkg: SSDT CPU topology and LPI state generator 19ee56c4b3 UefiPayloadPkg: Add a macro to select the SecurityStubDxe driver. 782d018703 MdePkg: Add ProcessorUpgradeSocketLGA4677 from SMBIOS 3.5.0 ba4ae92234 ShellPkg: Support ProcessorUpgradeSocketLGA4677 from SMBIOS 3.5.0 f22feb0e3b CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() 4225a464c6 MdePkg/BaseLib: Add QuickSort function on BaseLib 6ed6abd6c1 BaseTools: Change RealPath to AbsPath 978d428ec3 UefiPayloadPkg: Add PCI root bridge info hob support for SBL 43b3840873 MdeModulePkg/Sd: Corrections for Extra.uni files a7fcab7aa3 MdeModulePkg/Core/Dxe: Acquire a lock when iterating gHandleList e40fefafa9 ArmVirtPkg/FdtClintDxe: Move FdtClientDxe to EmbeddedPkg fb759b8b73 MdePkg: Add PcdPciIoTranslation PCD 7d78a86ecf ArmPkg: Use PcdPciIoTranslation PCD from MdePkg 77e9b3a7c6 ArmVirtPkg/FdtPciPcdProducerLib: Relocate PciPcdProducerLib to OvmfPkg d881c6ddf5 ArmVirtPkg/HighMemDxe: Relocate HighMemDxe to OvmfPkg 47bd85e9f9 OvmfPkg/HighMemDxe: Add RISC-V in the supported arch. f8d0501ded ArmVirtPkg/QemuFwCfgLib: Relocate QemuFwCfgLib to OvmfPkg 26aa241d2f OvmfPkg/QemuFwCfgLibMmio: Add RISC-V arch support c6770f4b88 MdePkg: Add PcdPciMmio32(64)Translation PCDs 9a7509e465 ArmVirtPkg/FdtPciHostBridgeLib: Relocate FdtPciHostBridgeLib to OvmfPkg/Fdt b21c6794de OvmfPkg/FdtPciHostBridgeLib: Add RISC-V in the supported arch. e0c23cba5e ArmVirtPkg/VirtioFdtDxe: Relocate VirtioFdtDxe to OvmfPkg/Fdt f2400e06db BaseTools: add edk2-test repo to SetupGit.py 785cfd3305 UefiPayloadPkg: Use SECURITY_STUB_ENABLE to control the SecurityStubDxe 7e43d3e086 ArmPkg/Smbios: Fix max cache size 2 wrong issue f10a112f08 UefiPayloadPkg: Fix the build issue for coreboot 2108698346 StandaloneMmPkg: Support CLANGPDB builds 11a4af85a4 Ovmfpkg: update Ia32 build to use new work area 36b561623a OvmfPkg/AmdSev: update the fdf to use new workarea PCD 91a978ce7e UefiPayloadPkg: Replace MEMROY_ENTRY by MEMORY_ENTRY 6ef5797447 UefiPayloadPkg: Fix ECC reported issues 90246a6d9f UefiPayloadPkg: Fix the build failure for non-universal payload 37a33f02aa UefiCpuPkg: Cpu feature data stored in memory may be migrated 4fdf843c75 DynamicTablesPkg: Fix unitialized variable use 6893865b30 DynamicTablesPkg: Fix void pointer arithmetic 99325a8b65 MdeModulePkg/SortLib: Add QuickSort function on BaseLib 305fd6bee0 UefiCpuPkg/CpuCacheInfoLib: Add QuickSort function on BaseLib 2f286930a8 ShellPkg: Parse I/O APIC and x2APIC structure bd5ec03d87 NetworkPkg/HttpBootDxe: make file extension check case-insensitive 6254037223 ArmPkg: Implement PlatformBootManagerLib for LinuxBoot f079e9b450 OvmfPkg: Copy Main.asm from UefiCpuPkg to OvmfPkg's ResetVector 5a2411784b OvmfPkg: Clear WORK_AREA_GUEST_TYPE in Main.asm c9ec74a198 OvmfPkg: Add IntelTdxMetadata.asm 8b76f23534 OvmfPkg: Enable TDX in ResetVector 87a34ca0cf UefiPayloadPkg: Add a common SmmAccessDxe module e7e8ea27d4 UefiPayloadPkg: Add a common SMM control Runtime DXE module bed990aae6 UefiPayloadPkg: Add bootloader SMM support module 1d66480aa4 UefiPayloadPkg: Add SpiFlashLib 04714cef46 UefiPayloadPkg: Add FlashDeviceLib ae8acce8ae UefiPayloadPkg: Add a common FVB SMM module 242dcfe30f UefiPayloadPkg: Add a SMM dispatch module b80c17b62d UefiPayloadPkg: Add SMM support and SMM variable support 2f6f3329ad FmpDevicePkg/FmpDxe: Use new Variable Lock interface 9a95d11023 IntelFsp2Pkg/SplitFspBin.py: adopt FSP 2.3 specification. bb146ce32d MdePkg Cpuid.h: Define CPUID.(EAX=7,ECX=0):EDX[30] 1bc232aae3 RedfishPkg: Update link to staging/RedfishClientPkg in Readme.md e7663fdd82 UefiPayloadPkg: Remove SystemTableInfo GUID. 91b772ab62 RedfishPkg: Add more information to Readme.md c8594a5311 SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V 939c2355da IntelFsp2Pkg SplitFspBin.py: Correct file name in file header 6f9e83f757 NetworkPkg/HttpDxe: Enable wildcard host name matching for HTTP+TLS. b258f12889 BaseTools/VrfCompile: Fix uninitialized field from unnamed field 0f4cdad25b DynamicTablesPkg: Add missing BaseStackCheckLib instance e13e53cb2f NetworkPkg/NetworkPkg.dsc: Add RngLib mapping for ARM and RISCV64 c1f2287635 SecurityPkg/SecurityPkg.dsc: Add missing RngLib for ARM and RISCV64 b0a03ca4a9 SignedCapsulePkg/SignedCapsulePkg.dsc: Add RngLib mapping 15e635d1b5 UefiCpuPkg/MtrrLib/UnitTest: Fix 32-bit GCC build issues 4050c873b5 MdeModulePkg/Variable/RuntimeDxeUnitTest: Fix 32-bit GCC builds d79df34beb BaseTools: Fix StructurePcd offset error. b5d4a35d90 MdeModulePkg/XhciSched: Fix missing DEBUG arguments 48452993ad MdePkg/Include: Enhance DebugLib to support reproduce builds 5948ec3647 MdePkg: Reproduce builds across source format changes f331310a10 ArmPkg: Reproduce builds across source format changes 77dcd03ecf MdeModulePkg: Reproduce builds across source format changes 45137bca2f NetworkPkg: Reproduce builds across source format changes d939a25d41 SecurityPkg: Reproduce builds across source format changes fd42dcb1fc OvmfPkg: Reproduce builds across source format changes 8c1b1fe634 ShellPkg: Add comment that ItemPtr is set after validation d6e6337cd6 MdePkg: Fix ACPI memory aggregator/device type mismatch c974257821 MdeModulePkg AtaAtapiPassThru: Always do S.M.A.R.T. check if device support aab6bb3d32 MdeModulePkg/DxeCapsuleLibFmp: Capsule on Disk file name capsule a7b35aae13 MdeModulePkg\UfsBlockIoPei: UFS MMIO address size support both 32/64 bits f826b20811 UefiCpuPkg/UefiCpuLib: Add GetCpuFamilyModel and GetCpuSteppingId 8c8867c5da MdeModulePkg/DxeCapsuleLibFmp: Use new Variable Lock interface 22c3b5a865 BaseTools: Add authenticated variable store support a92559671a OvmfPkg/Xen: Fix VS2019 build issues 4c495e5e3d OvmfPkg/Bhyve/PlatformPei: Fix VS2019 X64 NOOPT build issue 466ebdd2e0 MdeModulePkg/FPDT: Lock boot performance table address variable at EndOfDxe 455b0347a7 UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow Stack e1e7306b54 OvmfPkg/Library/ResetSystemLib: Fix Microvm VS2019 NOOPT build issue 4c7ce0d285 MdeModulePkg AtaAtapiPassThru: Skip the potential NULL pointer access bb1bba3d77 NetworkPkg: Fix invalid pointer for DNS response token on error - Removed patches which are merged to mainline: - ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch to fix the S3 detection in ovmf-xen - cb0d24637d edk2-stable202111-rc1~220 - ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch to add QemuKernelLoaderFsDxe to ovmf-xen to load kernel from qemu fw_cfg - 9f3eda177a edk2-stable202111-rc1~216 - ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch - 4473834e7d edk2-stable202111-rc1~203 - The edk2-stable202111 includes the following patches for bsc#1192126 to fix unlimited reset. (bsc#1192126) 80e67af9af OvmfPkg: introduce a common work area ab77b6031b OvmfPkg/ResetVector: update SEV support to use new work area format b9af5037b2 OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm ++++ supermin: - Add initrd_support_ztd-compressed_modules.patch: backport of 4306a131c6cd to add support of zstd compressed kernel modules. ++++ wicked: - version 0.6.68 - sysctl: process sysctl.d directories as in sysctl --system - sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353) - cleanup: warnings, time calculations and dhcp fixes (bsc#1188019) - wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495) - tuntap: avoid sysfs attr read error (bsc#1192311) - ifstatus: fix warning of unexpected interface flag combination (bsc#1192164) ------------------------------------------------------------------ ------------------ 2021-12-20 - Dec 20 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). ++++ cockpit-podman: - Add source-offest to _service to fix build error in Leap. ++++ kernel-default: - add kvmsmall flavor for aarch64 - cherry-picked from master - commit ddd3a02 - ceph: initialize pathlen variable in reconnect_caps_cb (bsc#1193925). - ceph: fix duplicate increment of opened_inodes metric (bsc#1193924). - commit e2145a2 - tracing/uprobe: Fix uprobe_perf_open probes iteration (git-fixes). - commit ed9f636 - x86/fpu/signal: Initialize sw_bytes in save_xstate_epilog() (bsc#1190497). - commit 7191fb9 - Revert "usb: early: convert to readl_poll_timeout_atomic()" (git-fixes). - commit cb61d99 - usb: typec: tcpm: fix tcpm unregister port but leave a pending timer (git-fixes). - commit 5235800 - USB: gadget: bRequestType is a bitfield, not a enum (git-fixes). - commit 7d60d0b - xen/netback: don't queue unlimited number of packages (CVE-2021-28715 XSA-392 bsc#1193442). - commit 3c72c0c - xen/netback: fix rx queue stall detection (CVE-2021-28714 XSA-392 bsc#1193442). - commit caace15 - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713 XSA-391 bsc#1193440). - commit 146b839 - xen/netfront: harden netfront against event channel storms (CVE-2021-28712 XSA-391 bsc#1193440). - commit d10254c - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711 XSA-391 bsc#1193440). - commit e1ca522 ++++ libapparmor: - Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). ++++ libmbim: - Update to version 1.26.2: + The GUdev optional build/runtime requirement is now fully dropped, it's no longer used. + Implemented new link management operations, exclusively for the cdc_mbim driver for now. These new operations allow creating or deleting VLAN network interfaces in order to run multiplexed data sessions over one single physical network interface. + Added support for the Microsoft-defined SAR service, including the following operations: - MBIM_CID_MS_SAR_CONFIG - MBIM_CID_MS_SAR_TRANSMISSION_STATUS + libmbim-glib: - Logic updated to make sure full packets are written at once, instead of writing them in chunks. - Updated the "LTE attach status" APIs in order to avoid creating unneeded struct types in the interface. The older methods have been deprecated and maintained in the library for compatibility purposes only. + Bugfixes. - Drop pkgconfig(gudev-1.0) BuildRequires: no longer used. ++++ libqmi: - Mention libqmi.keyring - update to 1.30.2: * libqmi-glib: * * Added support for 'hsic', 'bam-dmux' and 'unknown' endpoint types. * * Added support for QMAPv2, QMAPv3 and QMAPv4 data aggregation types. * * Added support for 'NGRAN' access technology identifier. * * New 'qmi_device_add_link_with_flags()' method, in order to give e.g. rmnet specific checksum offload related flags when creating a new link. * qmicli: * * New '--nas-get-preferred-networks' command. * * New '--nas-set-preferred-networks' command. * * New '--uim-get-configuration' command. * * New '--uim-depersonalization' command. * * New '--wms-get-routes' command. * * New '--dpm-open-port' command. * * New '--dpm-close-port' command. * * Updated '--wds-create-profile' with an additional 'apn-type-mask' setting. * * Updated '--wds-modify-profile' with an additional 'apn-type-mask' setting. * * Updated '--link-add' with an additional optional 'flags' setting. * qmi-network: * * New PROFILE configuration setting to allow specifying which WDS profile to use when connecting. * * New IP-TYPE configuration setting to allow selecting the IP type requested * collections: * * basic: added voice call management operations. * * basic: added voice supplementary service related operations. * * basic: added NAS preferred networks related operations. * * basic: added NAS network reject indications. * * basic: added UIM depersonalization related operations. * Several other minor improvements and fixes. - add gpg validation ++++ net-snmp: - Fix output for high memTotalReal RAM values (bsc#1152968). Add net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch ++++ suse-module-tools: - Update to version 15.4.10: * same as Factory version 16.0.17 * 60-io-scheduler.rules: add rules for virtual devices (boo#1193759) * 60-io-scheduler.rules: enforce "none" for loop devices (boo#1193759) * install some modprobe.d files only for relevant architectures (apm_bios, sonypi, toshiba, legacy rtc) (bsc#1192974) ++++ yast2: - Do not reinitialize the packaging system during offline upgrade (bsc#1193784 and bsc#1192437). - 4.4.31 ++++ yast2-trans: - Update to version 84.87.20211219.ed0ba1e469: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'tune'. * New POT for text domain 'registration'. * New POT for text domain 'installation'. * New POT for text domain 'packager'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * New POT for text domain 'registration'. * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Catalan) * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) ------------------------------------------------------------------ ------------------ 2021-12-19 - Dec 19 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update ++++ kernel-default: - NFSD: Fix exposure in nfsd4_decode_bitmap() (bnc#1193663 CVE-2021-4090). - commit 2b4cae0 ++++ libapparmor: - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update ++++ patterns-microos: - do not require kernel-default (bsc#1193955) ------------------------------------------------------------------ ------------------ 2021-12-18 - Dec 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Don't show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - commit 0e017c0 ++++ util-linux: - blockdev: Remove NBSP character in values (bsc#1188507#c31, blockdev-remove-nbsp.patch). ++++ util-linux-systemd: - blockdev: Remove NBSP character in values (bsc#1188507#c31, blockdev-remove-nbsp.patch). ------------------------------------------------------------------ ------------------ 2021-12-17 - Dec 17 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.52.5: + Fix mangled output in rsvg-convert when redirecting output to a pipe on Windows. + When outputting to SVG, rsvg-convert now uses the width/height units specified in the command line; it always used pixels before. + Fix incorrect top/left margins for SVG/PS/EPS/PDF output. + Fix incorrect placement of glyphs when text has non-uniform scaling in the X/Y axes. This is not a librsvg bug, but is fixed by Pango 1.49.3 and later. Hopefully Pango 1.48.11 will be released soon with this fix as well. Note that this release of librsvg cannot increase the minimum Pango version to 1.48.11 because it is not released yet. + Miscellaneous: Updated crate dependencies: assert_cmd, cast, clap cssparser, float-cmp, itertools, nalgebra, png, proptest, rctree, selectors, system-deps. ++++ grub2: - Fix can't allocate initrd error (bsc#1191378) * 0001-Factor-out-grub_efi_linux_boot.patch * 0002-Fix-race-in-EFI-validation.patch * 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch * 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch * 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch * 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch * 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch * 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch * 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch * 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch * 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch ++++ hwinfo: - merge gh#openSUSE/hwinfo#109 - fix logic around cdrom detection - 21.80 ++++ kernel-default: - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving "unused parameter" and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we don't have to set it here anymore. - commit 972c692 ++++ harfbuzz: - Update to 3.2.0: + Fixed shaping of Apple Color Emoji flags in right-to-left context + Fixed positioning of CFF fonts in HB_TINY profile + OpenType 1.9 language tags update + Add HB_NO_VERTICAL config option + Add HB_CONFIG_OVERRIDE_H for easier configuration + Improved packing of cmap, loca, and Ligature tables + Significantly improved overflow-resolution strategy in the repacker - Update to 3.1.2: + hb-shape / hb-view: revert treating text on the commandline as single paragraph (was introduced in 3.0.0); add new - -single-par to do that + Subsetter bug fixes ++++ net-snmp: - Make extended MIB read-only (bsc#1174961, CVE-2020-15862). Add net-snmp-5.7.3-make-extended-mib-read-only.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#556 - don't add Y2* install boot options to target system (jsc#SLE-21308) ------------------------------------------------------------------ ------------------ 2021-12-16 - Dec 16 2021 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - starting with 12SP4 lvconvert no longer takes stripes option (bsc#1183905) + bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch - LVM vgimportclone on hardware snapshot does not work (bsc#1193181) + bug-1193181_vgimportclone_on_hardware_snapshot_does_not_work.patch ++++ gnutls: - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] * fips: allow more RSA modulus sizes * Add gnutls-FIPS-RSA-mod-sizes.patch * Delete gnutls-3.6.7-fips-rsa-4096.patch ++++ kernel-default: - supported.conf: enable ffa-module (jsc#SLE-21844) - commit f52f878 ++++ mozilla-nss: - Mozilla NSS 3.68.2 (bsc#1193845) * mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses (bmo#966856) ++++ lvm2: - starting with 12SP4 lvconvert no longer takes stripes option (bsc#1183905) + bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch - LVM vgimportclone on hardware snapshot does not work (bsc#1193181) + bug-1193181_vgimportclone_on_hardware_snapshot_does_not_work.patch ++++ openssl-1_1: - Add support for livepatches (jsc#SLE-20049). - Generate ipa-clones tarball artifact when livepatching is enabled. ++++ pango: - Update to version 1.50.2: + Fix a problem with font fallback for Arabic. + Fix handling of fonts without a space glyph. + Various documentation improvements. + Fix build issues. ++++ python3-core: - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). ++++ python3: - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). ++++ qemu: - Add an audio-oss sub-package - Add some new (mostly documentation) files in the package - Remove option --audio-drv-list because audio is detected by meson automatically in latest version. - Remove options --disable-jemalloc and --disable-tcmalloc which are changed in v6.2.0. - Update to v 6.2.0. For full release notese, see: * https://wiki.qemu.org/ChangeLog/6.2. Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * virtio-mem: guest memory dumps are now fully supported, along with pre-copy/post-copy migration and background guest snapshots * QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect guest-reported hotplug failures * TCG: improvements to TCG plugin argument syntax, and multi-core support for cache plugin * 68k: improved support for Apple’s NuBus, including ability to load declaration ROMs, and slot IRQ support * ARM: macOS hosts with Apple Silicon CPUs now support ‘hvf’ accelerator for AArch64 guests * ARM: emulation support for Fujitsu A64FX processor model * ARM: emulation support for kudo-mbc machine type * ARM: M-profile MVE extension is now supported for Cortex-M55 * ARM: ‘virt’ machine now supports an emulated ITS (Interrupt Translation Service) and supports more than 123 CPUs in emulation mode * ARM: xlnx-zcu102 and xlnx-versal-virt machines now support BBRAM and eFUSE devices * PowerPC: improved POWER10 support for the ‘powernv’ machine type * PowerPC: initial support for POWER10 DD2.0 CPU model * PowerPC: support for FORM2 PAPR NUMA descriptions for ‘pseries’ machine type * RISC-V: support for Zb[abcs] instruction set extensions * RISC-V: support for vhost-user and numa mem options across all boards * RISC-V: SiFive PWM support * x86: support for new Snowridge-v4 CPU model * x86: guest support for Intel SGX * x86: AMD SEV guests now support measurement of kernel binary when doing direct kernel boot (not using a bootloader) * Patches dropped: 9pfs-fix-crash-in-v9fs_walk.patch block-introduce-max_hw_iov-for-use-in-sc.patch hmp-Unbreak-change-vnc.patch hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch net-vmxnet3-validate-configuration-value.patch pcie-rename-native-hotplug-to-x-native-h.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-nbd-Change-default-cache-mode-to-wr.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-arm-Don-t-skip-M-profile-reset-en.patch target-i386-add-missing-bits-to-CR4_RESE.patch tcg-arm-Fix-tcg_out_vec_op-function-sign.patch uas-add-stream-number-sanity-checks.patch vhost-vsock-fix-migration-issue-when-seq.patch virtio-balloon-don-t-start-free-page-hin.patch virtio-mem-pci-Fix-memory-leak-when-crea.patch virtio-net-fix-use-after-unmap-free-for-.patch ++++ yast2: - Fixed RelURL to work properly with the FTP URLs (related to jsc#SLE-22669) - 4.4.30 ------------------------------------------------------------------ ------------------ 2021-12-15 - Dec 15 2021 ------------------- ------------------------------------------------------------------ ++++ bcm43xx-firmware: - Introduce firmware files for Raspberry Pi Zero 2 W support (jsc#SLE-23064). - Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) - Change source file links from branch master to branch buster. ++++ iputils: - Update to version 20211215 https://github.com/iputils/iputils/releases/tag/20211215 - rarpd and rdisc are going to be removed in next release (https://github.com/iputils/iputils/issues/363) therefore don't pack it since this release - Drop harden_rdisc.service.patch, which was 1) merged upstream 4bb0ace ("systemd: Add ProtectHostname, ProtectKernelLogs") for all services 2) we don't build rdisc since this release ++++ kernel-default: - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1190497). - commit 8e47d62 - tracing: Add length protection to histogram string copies (git-fixes). - commit 0ebdac5 - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - commit 64a2763 - xen/netfront: don't trust the backend response data blindly (git-fixes). - commit 3d79f0a - xen/netfront: disentangle tx_skb_freelist (git-fixes). - commit 843455b - xen/netfront: don't read data from request on the ring page (git-fixes). - commit a7d9222 - xen/netfront: read response from backend only once (git-fixes). - commit 7ac98d9 - xen/blkfront: don't trust the backend response data blindly (git-fixes). - commit 8fa0a17 - xen/blkfront: don't take local copy of a request from the ring page (git-fixes). - commit ff5aa10 - xen/blkfront: read response from backend only once (git-fixes). - commit 160dbd1 - usb: core: config: using bit mask instead of individual bits (git-fixes). - USB: gadget: zero allocate endpoint 0 buffers (git-fixes). - USB: gadget: detect too-big endpoint 0 requests (git-fixes). - libata: add horkage for ASMedia 1092 (git-fixes). - platform/x86: amd-pmc: Fix s2idle failures on certain AMD laptops (git-fixes). - mmc: spi: Add device-tree SPI IDs (git-fixes). - usb: gadget: uvc: fix multiple opens (git-fixes). - commit e549085 - HID: Ignore battery for Elan touchscreen on Asus UX550VE (git-fixes). - HID: google: add eel USB id (git-fixes). - HID: add USB_HID dependancy to hid-prodikeys (git-fixes). - HID: add USB_HID dependancy to hid-chicony (git-fixes). - HID: bigbenff: prevent null pointer dereference (git-fixes). - HID: sony: fix error path in probe (git-fixes). - HID: add USB_HID dependancy on some USB HID drivers (git-fixes). - HID: check for valid USB device for many HID drivers (git-fixes). - HID: wacom: fix problems when device is not a valid USB device (git-fixes). - HID: add hid_is_usb() function to make it simpler for USB detection (git-fixes). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - HID: Ignore battery for Elan touchscreen on HP Envy X360 15-eu0xxx (git-fixes). - HID: sony: support for the ghlive ps4 dongles (git-fixes). - HID: sony: Fix more ShanWan clone gamepads to not rumble when plugged in (git-fixes). - commit 66fc3e6 ++++ gcc11: - Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173 * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [boo#1193659] ++++ supportutils: - Changes to version 3.1.19 + Removed chronyc DNS lookups with -n switch (bsc#1193732) ++++ yast2: - Fixed RelURL unit test randomly crashing (related to jsc#SLE-22669) - 4.4.29 ------------------------------------------------------------------ ------------------ 2021-12-14 - Dec 14 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Add python-rpm-macros (bsc#1180125) ++++ hwinfo: - merge gh#openSUSE/hwinfo#108 - Donot close the open tray after read_cdrom_info. - Donot close the open tray after read. - 21.79 ++++ kernel-default: - Revert "- rpm/*build: use buildroot macro instead of env variable" buildroot macro is not being expanded inside a shell script. go back to the environment variable usage. This reverts parts of commit e2f60269b9330d7225b2547e057ef0859ccec155. - commit fe85f96 - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - commit a631240 - vfio: Introduce a vfio_uninit_group_dev() API call (jsc#SLE-22601). - Refresh patches.suse/vfio-fsl-Move-to-the-device-set-infrastructure.patch. - Refresh patches.suse/0447-vfio-Provide-better-generic-support-for-open-release.patch. - commit 880f484 - sched/fair: Document the slow path and fast path in select_task_rq_fair (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix detection of per-CPU kthreads waking a task (bsc#1189999 (Scheduler functional and performance backports)). - commit d543e74 - Refresh patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Refresh patches.suse/sched-fair-Use-weight-of-SD_NUMA-domain-in-find_busiest_group.patch. - commit 24ff0a3 - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - commit 7ac82ba - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - commit 47ed1f0 - Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158) - commit 5a1da74 - vdpa: Consider device id larger than 31 (git-fixes). - virtio/vsock: fix the transport to work with VMADDR_CID_ANY (git-fixes). - virtio_ring: Fix querying of maximum DMA mapping size for virtio device (git-fixes). - virtio: always enter drivers/virtio/ (git-fixes). - vdpa: check that offsets are within bounds (git-fixes). - commit a40ec17 ++++ util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). ++++ libvirt: - libxl: Implement domainGetMessages API cbae4eaa-libxl-add-domainGetMessages.patch bsc##1193623 ++++ qemu: - Reinstate Lin Ma's fixes for bsc#1192147 as they were submitted only to IBS. * Patches added: hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch pcie-rename-native-hotplug-to-x-native-h.patch - Rename the Guest Agent service qemu-guest-agent, like in other distros (and upstream). bsc#1185543 ++++ rpm: - Add explicit requirement on python-rpm-macros to avoid widespread breakage by package mistakenly ignoring their requirement of python-rpm-macros (bsc#1180125, bsc#1193711). ++++ runc: - Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. - Drop runc-rpmlintrc because we don't have runc-test anymore. ++++ util-linux-systemd: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). ++++ yast2: - Added RelURL class for working with relative URLs ("relurl://") (jsc#SLE-22669) - 4.4.28 ------------------------------------------------------------------ ------------------ 2021-12-13 - Dec 13 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: scsi_debug: Fix buffer size of REPORT ZONES command (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: scsi_debug: Zero clear zones at reset write pointer (git-fixes). - scsi: mpt3sas: Fix incorrect system timestamp (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - commit 590254f - RDMA/irdma: Don't arm the CQ more than two times if no CE for this CQ (jsc#SLE-18383). - RDMA/irdma: Report correct WC errors (jsc#SLE-18383). - RDMA/irdma: Fix a potential memory allocation issue in 'irdma_prm_add_pble_mem()' (jsc#SLE-18383). - RDMA/irdma: Fix a user-after-free in add_pble_prm (jsc#SLE-18383). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (jsc#SLE-19242). - IB/hfi1: Fix early init panic (jsc#SLE-19242). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (jsc#SLE-19242). - IB/hfi1: Correct guard on eager buffer deallocation (jsc#SLE-19242). - RDMA/rtrs: Call {get,put}_cpu_ptr to silence a debug kernel warning (jsc#SLE-19249). - RDMA/hns: Do not destroy QP resources in the hw resetting phase (bsc#1190336). - RDMA/hns: Do not halt commands during reset until later (bsc#1190336). - RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow (jsc#SLE-19253). - RDMA: Fix use-after-free in rxe_queue_cleanup (jsc#SLE-19249). - vmxnet3: fix minimum vectors alloc issue (bsc#1190406). - ice: safer stats processing (jsc#SLE-18375). - ice: fix adding different tunnels (jsc#SLE-18375). - ice: fix choosing UDP header type (jsc#SLE-18375). - ice: ignore dropped packets during init (jsc#SLE-18375). - ice: Fix problems with DSCP QoS implementation (jsc#SLE-18375). - ice: rearm other interrupt cause register after enabling VFs (jsc#SLE-18375). - ice: fix FDIR init missing when reset VF (jsc#SLE-18375). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (jsc#SLE-18378). - i40e: Fix pre-set max number of queues for VF (jsc#SLE-18378). - i40e: Fix failed opcode appearing if handling messages from VF (jsc#SLE-18378). - iavf: Fix reporting when setting descriptor count (jsc#SLE-18385). - iavf: restore MSI state on reset (jsc#SLE-18385). - devlink: fix netns refcount leak in devlink_nl_cmd_reload() (git-fixes). - bonding: make tx_rebalance_counter an atomic (git-fixes). - net/tls: Fix authentication failure in CCM mode (git-fixes). - tcp: fix page frag corruption on page fault (git-fixes). - commit ed7a8c9 - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64. - commit e6448a3 - ima: Fix undefined arch_ima_get_secureboot() and co (bsc#1193674). - commit acf34be - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - commit 6e691fe - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - commit 301a3a7 - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - commit e2f6026 - Move upstreamed rtw89 patch into sorted section - commit 0950df1 - net: mana: Fix memory leak in mana_hwc_create_wq (git-fixes). - commit 1fcab05 - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - bus: mhi: core: Add support for forced PM resume (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: gyro: adxrs290: fix data signedness (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Don't return error code in interrupt handler (git-fixes). - iio: kxsd9: Don't return error code in trigger handler (git-fixes). - iio: ltr501: Don't return error code in trigger handler (git-fixes). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - misc: rtsx: Avoid mangling IRQ during runtime PM (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - bus: mhi: pci_generic: Fix device recovery failed issue (git-fixes). - clocksource/drivers/dw_apb_timer_of: Fix probe failure (git-fixes). - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (git-fixes). - irqchip: nvic: Fix offset for Interrupt Priority Offsets (git-fixes). - irqchip/aspeed-scu: Replace update_bits with write_bits (git-fixes). - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (git-fixes). - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (git-fixes). - clocksource/drivers/arc_timer: Eliminate redefined macro error (git-fixes). - commit 458f7dd - Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btusb: Add gpio reset way for qca btsoc in cmd_timeout (bsc#1193655). - Bluetooth: btusb: Add support for IMC Networks Mediatek Chip(MT7921) (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: Add protocol for MediaTek bluetooth devices(MT7922) (bsc#1193655). - Bluetooth: btusb: Support public address configuration for MediaTek Chip (bsc#1193655). - commit aa63c80 ++++ colord: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_colord.service.patch ++++ libvirt: - Don't spawn pkttyagent when stdin is not a tty 0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch bsc#1193574 ++++ qemu: - disable QOM cast debug outside the testsuite as the corresponding asserts show up occassionally as top #1 in perf(1) traces under heavy virtio load - enable LTO when we'd like to use LTO ++++ rust-keylime: - Update to version 0.1.0+git.1639176416.fc90088: * Code refactor to use updated tss-esapi - Drop add_property_tag_variant_for_maxcapbuffer.patch, included in the upstream crate ++++ suse-module-tools: - Update to version 15.4.9: * same as Factory version 16.0.16 * modprobe.d: split conf files (jsc#SLE-21626, boo#1193059) - Rather than shipping two large files with modprobe.d options (00-system.conf and 50-blacklist.conf), ship multiple small per-module files. This makes it easier for users to override distribution defaults. * blacklist isst_if_mbox_msr (bsc#1187196) * boot-sysctl: make sure file exists (fix for containers) * remove blacklist entry for snd_bt87x (bsc#1192974, bsc#51718) ------------------------------------------------------------------ ------------------ 2021-12-12 - Dec 12 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - i2c: mpc: Use atomic read and fix break condition (git-fixes). - clk: qcom: sm6125-gcc: Swap ops of ice and apps on sdcc1 (git-fixes). - clk: imx: use module_platform_driver (git-fixes). - clk: qcom: clk-alpha-pll: Don't reconfigure running Trion (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - commit 3747790 ------------------------------------------------------------------ ------------------ 2021-12-11 - Dec 11 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - ALSA: ctl: Fix copy of updated id with element read/write (git-fixes). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - ALSA: pcm: oss: Limit the period size to 16MB (git-fixes). - ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes). - commit 70606b1 - thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL (git-fixes). - PM: runtime: Fix pm_runtime_active() kerneldoc comment (git-fixes). - hwmon: (pwm-fan) Ensure the fan going on in .probe() (git-fixes). - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (git-fixes). - hwmon: (corsair-psu) fix plain integer used as NULL pointer (git-fixes). - Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge" (git-fixes). - mmc: renesas_sdhi: initialize variable properly when tuning (git-fixes). - ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes). - ASoC: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - ASoC: tegra: Use normal system sleep for ADX (git-fixes). - ASoC: tegra: Use normal system sleep for AMX (git-fixes). - ASoC: tegra: Use normal system sleep for Mixer (git-fixes). - ASoC: tegra: Use normal system sleep for MVC (git-fixes). - ASoC: tegra: Use normal system sleep for SFC (git-fixes). - ASoC: tegra: Balance runtime PM count (git-fixes). - ASoC: rt5682: Fix crash due to out of scope stack vars (git-fixes). - ALSA: usb-audio: Reorder snd_djm_devices[] entries (git-fixes). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - commit 847c219 ++++ pango: - Update to version 1.50.1: + Fix a crash in tab handling. + Fix tab positioning without line wrapping. + Fix an assertion failure found by fuzzing. + Make underlines work again for broken fonts. ------------------------------------------------------------------ ------------------ 2021-12-10 - Dec 10 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.183.g7d569585: * fix(dracut.spec): update usrmerged mkinitrd dir * fix(url-lib): improve ca-bundle detection (bsc#1175892) ++++ kernel-default: - can: m_can: make custom bittiming fields const (git-fixes). - commit 5d86bd5 - Update BT fix patch for regression with 8087:0026 device (bsc#1193124) Also corrected the references and patch description - commit 4cf2593 - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - commit 2b31676 - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs (bsc#1192120). - sched/fair: Use weight of SD_NUMA domain in find_busiest_group (bsc#1192120). - commit 818b2ce - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter (git-fixes). - can: m_can: pci: use custom bit timings for Elkhart Lake (git-fixes). - can: m_can: pci: fix incorrect reference clock rate (git-fixes). - can: m_can: Disable and ignore ELO interrupt (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: pch_can: pch_can_rx_normal: fix use after free (git-fixes). - mtd: dataflash: Add device-tree SPI IDs (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: Fix nand_choose_best_timings() on unsupported interface (git-fixes). - mtd: rawnand: Fix nand_erase_op delay (git-fixes). - HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested (git-fixes). - soc: fsl: dpio: Unsigned compared against 0 in qbman_swp_set_irq_coalescing() (git-fixes). - commit 3db25ff - Refresh patches.suse/0011-PM-hibernate-require-hibernate-snapshot-image-to-be-.patch. - commit 90d6396 - Refresh patches.suse/0010-PM-hibernate-a-option-to-request-that-snapshot-image.patch. Update config files. CONFIG_HIBERNATE_VERIFICATION_FORCE is not set - commit c101ebd - unmark patches.suse/0009-PM-hibernate-prevent-EFI-secret-key-to-be-regenerate.patch - commit 3684c18 - Refresh patches.suse/0008-PM-hibernate-Generate-and-verify-signature-for-snaps.patch. Update config files. CONFIG_HIBERNATE_VERIFICATION=y - commit 402ebf2 - Refresh patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch. - commit fbd4629 - Refresh patches.suse/0006-efi-allow-user-to-regenerate-secret-key.patch. - commit a86713d - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. Update config files. CONFIG_EFI_SECRET_KEY=y - commit 6e77a16 - unmark patches.suse/0002-hibernate-avoid-the-data-in-hidden-area-to-be-snapsh.patch - commit f20ffd1 - Refresh patches.suse/0001-security-create-hidden-area-to-keep-sensitive-data.patch. Update config files. CONFIG_HIDDEN_AREA - commit f4223b3 ++++ alsa: - Update to version 1.2.6.1: a minor fix release: * conf: fix the device parsing when arguments has no defaults * conf: accept '_' character in the variable name ++++ openssh: - Add openssh-CVE-2021-28041-agent-double-free.patch (bsc#1183137, CVE-2021-28041), from upstream. ++++ samba: - Update to 4.15.3 * Recursive directory delete with veto files is broken in 4.15.0; (bso#14878); * A directory containing dangling symlinks cannot be deleted by SMB2 alone when they are the only entry in the directory; (bso#14879); * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used uninitialized in rmdir_internals(); (bso#14892); * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694); * The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token; (bso#14901); (bsc#1192849); * User with multiple spaces (eg FredNurk) become un-deletable; (bso#14902); * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127); * smbXsrv_client_global record validation leads to crash if existing record points at non-existing process; (bso#14882); * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call; (bso#14890); * Samba process doesn't log to logfile; (bso#14897); * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert; (bso#14907); * Kerberos authentication on standalone server in MIT realm broken; (bso#14922); * Segmentation fault when joining the domain; (bso#14923); * Support for ROLE_IPA_DC is incomplete; (bso#14903); * rpcclient cannot connect to ncacn_ip_tcp services anymore; (bso#14767); * winexe crashes since 4.15.0 after popt parsing; (bso#14893); * net ads status -P broken in a clustered environment; (bso#14908); * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before smbd_smb2_ioctl_send; (bso#14788); * winbindd doesn't start when "allow trusted domains" is off; (bso#14899); * smbclient login without password using '-N' fails with NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883); * A schannel client incorrectly detects a downgrade connecting to an AES only server; (bso#14912); * Possible null pointer dereference in winbind; (bso#14921); * Fix -k legacy option for client tools like smbclient, rpcclient, net, etc.; (bso#14846); * Add Debian 11 CI bootstrap support; (bso#14872); * Crash in recycle_unlink_internal(); (bso#14888); ------------------------------------------------------------------ ------------------ 2021-12-9 - Dec 9 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.179.g3cf989c2: * fix(cpio): write zeros instead of seek for padding and alignment (bsc#1190982) * fix(dracut.sh): check kernel zstd support early * fix(dracut.sh): check availability of configured compression * fix(dracut.sh): inform user about auto-selected compression method * fix(dracut.sh): drop pointless check for module compression method * chore(suse): add dracut-cpio archiver (jsc#SLE-16157) * ci(TEST-63-DRACUT-CPIO): kernel extraction tests for dracut-cpio * feat(dracut.sh): add "--enhanced-cpio" option for calling dracut-cpio * feat(Makefile): cargo wrapper for dracut-cpio build * feat(cpio): add newc archive creation utility * feat(cpio): add rust argument parsing library from crosvm * ci(TEST-62-SKIPCPIO): add simple skipcpio test * ci(test): export basedir and testdir as absolute paths * ci(TEST-60-BONDBRIDGEVLANIFCFG): use toplevel Makefile * fix(dracut.spec): check for non-usrmerged environments * fix(zfcp_rules): add quotes around rule installation argument * fix(zipl): correct argument for uuid to device conversion * fix(fips): missing value of _vmname variable (bsc#1193267) * chore(suse): add fido2 module (jsc#SLE-21070) * feat(crypt): check if fido2 module is needed in hostonly mode (jsc#SLE-21070) * feat(fido2): introducing the fido2 module (jsc#SLE-21070) * feat(crypt): check if tpm2-tss module is needed in hostonly mode (jsc#SLE-21070) * fix(dracut-functions.sh): get block device driver if in a virtual subsystem (bsc#1189776) * fix(mdraid): allow UUID comparison for more than one UUID (bsc#1192665) ++++ kdump: - Sync with SLE15-SP4 changelog. These patches were never applied to Factory: * kdump-avoid-endless-loop-EAI_AGAIN.patch * kdump-calibrate-Add-LUKS2-Argon2-requirements-to-the-reser.patch * kdump-calibrate-Fix-kernel-command-line-parsing.patch * kdump-do-not-add-rd.neednet.patch * kdump-Do-not-list-all-block-devices-if-no-block-devices-ar.patch * kdump-ensure-initrd.target.wants-directory.patch * kdump-Enumerate-all-BTRFS-devices-for-btrfs-mount-points.patch * kdump-Implement-KString-isHexNumber.patch * kdump-install-etc-resolv.conf-using-resolved-path.patch * kdump-Mount-and-device-resolution-using-libmount-and-lsblk.patch * kdump-remove-console-hvc0-from-commandline.patch * kdump-set-serial-console-from-Xen-cmdline.patch ++++ kernel-default: - drm/i915/dp: Perform 30ms delay after source OUI write (git-fixes). - commit ffbcf49 - usb: cdns3: gadget: fix new urb never complete if ep cancel previous requests (git-fixes). - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - drm/amd/display: Allow DSC on supported MST branch devices (git-fixes). - iwlwifi: mvm: retry init flow if failed (git-fixes). - ata: libahci: Adjust behavior when StorageD3Enable _DSD is set (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - drm/amd/amdgpu: fix potential memleak (git-fixes). - drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - platform/x86: thinkpad_acpi: Add support for dual fan control (git-fixes). - platform/x86: dell-wmi-descriptor: disable by default (git-fixes). - net: usb: r8152: Add MAC passthrough support for more Lenovo Docks (git-fixes). - mac80211: fix throughput LED trigger (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - drm/connector: fix all kernel-doc warnings (git-fixes). - commit 9be7e24 - tty: serial: fsl_lpuart: add timeout for wait_event_interruptible in .shutdown() (jsc#SLE-19033). - crypto: caam - save caam memory to support crypto engine retry mechanism (jsc#SLE-19033). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (jsc#SLE-19033). - tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of .shutdown() (jsc#SLE-19033). - tty: serial: imx: clear the RTSD status before enable the RTSD irq (jsc#SLE-19033). - memory: fsl_ifc: populate child devices without relying on simple-bus (jsc#SLE-19033). - soc: fsl: dpio: fix qbman alignment error in the virtualization context (jsc#SLE-19033). - net: stmmac: Disable Tx queues when reconfiguring the interface (jsc#SLE-19033). - dmaengine: fsl-edma: support edma memcpy (jsc#SLE-19033). - vfio/fsl-mc: Add per device reset support (jsc#SLE-19033). - bus/fsl-mc: Add generic implementation for open/reset/close commands (jsc#SLE-19033). - ASoC: fsl_spdif: implement bypass mode from in to out (jsc#SLE-19033). - ASoC: fsl_rpmsg: add soc specific data structure (jsc#SLE-19033). - net: dpaa2: add adaptive interrupt coalescing (jsc#SLE-19033). - soc: fsl: dpio: add Net DIM integration (jsc#SLE-19033). - net: dpaa2: add support for manual setup of IRQ coalesing (jsc#SLE-19033). - soc: fsl: dpio: add support for irq coalescing per software portal (jsc#SLE-19033). - soc: fsl: dpio: extract the QBMAN clock frequency from the attributes (jsc#SLE-19033). - spi: Convert NXP flexspi to json schema (jsc#SLE-19033). - vfio/fsl: Move to the device set infrastructure (jsc#SLE-19033). - tty: serial: fsl_lpuart: do software reset for imx7ulp and imx8qxp (jsc#SLE-19033). - tty: serial: fsl_lpuart: enable two stop bits for lpuart32 (jsc#SLE-19033). - tty: serial: fsl_lpuart: check dma_tx_in_progress in tx dma callback (jsc#SLE-19033). - net: phy: at803x: finish the phy id checking simplification (jsc#SLE-19033). - mmc: sdhci: Correct the tuning command handle for PIO mode (jsc#SLE-19033). - commit bad7a12 - Refresh patches.suse/mm-vmscan-Reduce-throttling-due-to-a-failure-to-make-progress.patch. Mmotm fix for a report stating there was a NULL pointer exception for a THP-intensive workload. - commit de8b975 ++++ python3-core: - Don't use OpenSSL 1.1 on platforms which don't have it. ++++ nvme-cli: - Update to version 1.16: + Print ProductName found even if subvendor/subdevice is unknown. + Add New fields on PEL based on NVMe 2.0a. + nvme-cli: - Split media units written/read into hi/lo 64 bit fields. - Add support for new SN650 device. - Update WDC pluging version to 1.15.3. - fix the [data|mdata]_len param (boo#1193547). - Add support for C3/Latency Monitor Log page parsing. - ctrl-loss-tmo should accept -1 as value. + nvme: add spinup control feature (fid=0x1A). + nvme: Add Identify for CNS 08h NVMe spec 2.0a based. + nvme: add boot partition log support. + nvme: add support for fid supported and effects log(lid = 0x12). + add identify endurance group list (cns 0x19) support. + add json support for zns report zones. + fabrics: fix 'nvme discover' segfault if sysfs path is not available. ++++ podman: - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 ++++ python3: - Don't use OpenSSL 1.1 on platforms which don't have it. ------------------------------------------------------------------ ------------------ 2021-12-8 - Dec 8 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Configure to use dbus-broker when available. - Add libsystemd to BuildRequires: needed for dbus-broker support. ++++ grub2: - Add support for simplefb (boo#1193532). + grub2-simplefb.patch ++++ kdump: - Update to 0.9.2 * Isolate fadump initrd within the default one (jsc#SLE-18272) * Bug fixes * Code cleanups - Remove patches that have been upstreamed: * kdump-mounts.cc-Include-sys-ioctl.h.patch * kdump-Add-bootdev-to-dracut-command-line.patch * kdump-do-not-iterate-past-end-of-string.patch * kdump-fix-incorrect-exit-code-checking.patch * kdump-avoid-endless-loop-on-EAI_AGAIN.patch * kdump-install-real-resolv.conf.patch * kdump-Store-kdump-initrd-in-kernel-image-path.patch - Remove patches that have been solved differently: * kdump-on-error-option-yesno.patch ++++ kernel-default: - Refresh patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch. - commit c1e3bcb - bus: fsl-mc: rescan devices if endpoint not found (jsc#SLE-19033). - bus: fsl-mc: pause the MC firmware when unloading (jsc#SLE-19033). - bus: fsl-mc: pause the MC firmware before IOMMU setup (jsc#SLE-19033). - bus: fsl-mc: add .shutdown() op for the bus driver (jsc#SLE-19033). - bus: fsl-mc: fully resume the firmware (jsc#SLE-19033). - bus: fsl-mc: handle DMA config deferral in ACPI case (jsc#SLE-19033). - bus: fsl-mc: extend fsl_mc_get_endpoint() to pass interface ID (jsc#SLE-19033). - commit 5b2ac90 - Revert "drm/i915: Implement Wa_1508744258" (git-fixes). - commit 78bf6ea - blacklist.conf: 1cbf731ef3a1 drm/i915: Fix missing docbook chapters for i915 uapi. - commit 6777126 - xen: remove stray preempt_disable() from PV AP startup code (bsc#1193524). - commit 39c2dee - xen/pvh: add missing prototype to header (git-fixes). - commit e49e355 - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - commit 4f8d143 - ipmi: ssif: initialize ssif_info->client early (bsc#1193490). - commit e8af4dd - Delete patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Delete patches.suse/sched-fair-Use-weight-of-SD_NUMA-domain-in-find_busiest_group.patch. New revision pending upstream. - commit dd182d0 - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - commit 10dc5b5 - blacklist.conf: went in through stable - commit c751562 ++++ tpm2-0-tss: - Version 3.1.0 includes: + cover update to 2.4.5 (jsc#SLE-17366) + cover update to 2.3.0 (jsc#SLE-9515) + fix policy session for TPM2_PolicyAuthValue (bsc#1160736) - Add version the configuration file tpm2-tss-fapi.conf ++++ tpm2.0-abrmd: - Version 2.4.0 + remover syslog deprecation warning (bsc#1185154) + cover update to 2.3.3 (jsc#SLE-17366) + contains reload fix (bsc#1166936~ + fix tcti loading using short / long names (bsc#1159176) ++++ podman: - Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521). ++++ ovmf: - For preparing push to SLE15-SP4, add more notes: - Drop upstreamed ovmf-jscSLE-16075-SEV-ES-fixes.patch from 15-SP4 - All patches in the above big patch are in edk2-stable202011 - Some changes in ovmf.spec file of 15-SP4: - brotli-v1.0.7-17-g666c328-c.tar.xz and "add brotli" section be removed because ovmf-disable-brotli.patch. - Using %{_prefix} instead of /usr hard code. - Redundant %defattr(-,root,root) are removed. - BuildRoot be removed because factory doesn't have it. - Sync some differences in the change log between 15-SP3 with openSUSE TW since "Wed Jan 24 06:31:21 UTC 2018": - Add TLS and IPv6 supports for ArmVirtQemu. - ovmf-bsc1119454-additional-scsi-drivers.patch to support more SCSI drivers (PvScsi, MptScsi, and LsiScsi) (bsc#1119454) - already in edk2-stable202008 - Drop the build requirement of python2 ++++ tpm2-tss-engine: - --disable-defaultflags fix also bsc#1183895 - Drop 0001-build-add-disable-defaultflags.patch, already included in upstream code. ++++ tpm2.0-tools: - The update to 5.2 fill also jsc#SLE-9515 (4.1) and jsc#SLE-17366 (4.3.0) ------------------------------------------------------------------ ------------------ 2021-12-7 - Dec 7 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Add chrony-htonl.patch to work around undocumented behaviour of htonl() in older glibc versions (SLE-12) on 64 bit big endian architectures (s390x). ++++ hwdata: - Update to version 0.354: + Updated pci, usb and vendor ids. ++++ kernel-default: - drm/connector: Give connector sysfs devices there own device_type (jsc#SLE-19356). - commit 5b7ab45 - drm/connector: Add a fwnode pointer to drm_connector and register with ACPI (v2) (jsc#SLE-19356). - commit f0b908e - drm/connector: Add support for out-of-band hotplug notification (v3) (jsc#SLE19356). - commit 6fa8d3d - drm/connector: Add drm_connector_find_by_fwnode() function (v3) (jsc#SLE-19356). - commit f8f4127 - usb: typec: ucsi: Don't stop alt mode registration on busy condition (jsc#SLE-19356). - commit d1dd3c7 - usb: typec: ucsi: Always cancel the command if PPM reports BUSY condition (jsc#SLE-19356). - commit 7d740d2 - usb: typec: altmodes/displayport: Notify drm subsys of hotplug events (git-fixes). - commit 5f1a962 - Remove patches.suse/nvme-add-sibling-to-list-after-full-initialization.patch As it turns out this fix is not correct. - commit bb77a4c - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - commit 00a7ff5 - Update patches.suse/powerpc-security-Use-a-mutex-for-interrupt-exit-code.patch (stable-5.14.19 bsc#1193470 ltc#195599). - commit a8808ca - Refresh patches.suse/0004-MODSIGN-checking-the-blacklisted-hash-before-loading.patch. - commit 4f48964 - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (jsc#SLE-19256). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net/mlx5e: SHAMPO, Fix constant expression result (jsc#SLE-19253). - net/mlx5: Fix access to a non-supported register (jsc#SLE-19253). - net/mlx5: Fix too early queueing of log timestamp work (jsc#SLE-19253). - net/mlx5: Fix use after free in mlx5_health_wait_pci_up (jsc#SLE-19253). - net/mlx5: E-Switch, Use indirect table only if all destinations support it (jsc#SLE-19253). - net/mlx5: E-Switch, Check group pointer before reading bw_share value (jsc#SLE-19253). - net/mlx5: E-Switch, fix single FDB creation on BlueField (jsc#SLE-19253). - net/mlx5: E-switch, Respect BW share of the new group (jsc#SLE-19253). - net/mlx5: Lag, Fix recreation of VF LAG (jsc#SLE-19253). - net/mlx5: Move MODIFY_RQT command to ignore list in internal error state (jsc#SLE-19253). - net/mlx5e: Sync TIR params updates against concurrent create/modify (jsc#SLE-19253). - net/mlx5e: Fix missing IPsec statistics on uplink representor (jsc#SLE-19253). - net/mlx5e: IPsec: Fix Software parser inner l3 type setting in case of encapsulation (jsc#SLE-19253). - ice: xsk: clear status_error0 for each allocated desc (jsc#SLE-18375). - net/mlx4_en: Update reported link modes for 1/10G (jsc#SLE-19256). - net: qed: fix the array may be out of bound (jsc#SLE-19001). - igb: fix netpoll exit with traffic (jsc#SLE-18379). - net: chelsio: cxgb4vf: Fix an error code in cxgb4vf_pci_probe() (jsc#SLE-18992). - ice: avoid bpf_prog refcount underflow (jsc#SLE-18375). - ice: fix vsi->txq_map sizing (jsc#SLE-18375). - iavf: Fix VLAN feature flags after VFR (jsc#SLE-18385). - iavf: Fix refreshing iavf adapter stats on ethtool request (jsc#SLE-18385). - iavf: Fix deadlock occurrence during resetting VF interface (jsc#SLE-18385). - iavf: Prevent changing static ITR values if adaptive moderation is on (jsc#SLE-18385). - igb: unbreak I2C bit-banging on i350 (jsc#SLE-18379). - commit 24091ea - Delete patches.suse/0003-MODSIGN-load-blacklist-from-MOKx.patch. The ebd9c2ae369a45 patch introduced mokx support since v5.13 on upstream. Let's remove this downstream patch. (fate#316531, bnc#854875) - commit cd4e1c6 - Delete patches.suse/0001-efi-add-a-function-to-convert-the-status-code-to-a-s.patch. Delete patches.suse/0002-efi-show-error-messages-only-when-loading-certificat.patch Because upstream patch ebd9c2ae369a "efi: Only print errors about failing to get certs if EFI vars are found" already introduced new behavior of log. So those two SUSE downstream patches can be removed. (fate#316531, bnc#854875) - commit f98e665 - Refresh patches.suse/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch. - Refresh patches.suse/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch merge with patches.suse/0001-integrity-use-arch_ima_get_secureboot-instead-of-che.patch. (bsc#1188366) - Delete patches.suse/0001-integrity-use-arch_ima_get_secureboot-instead-of-che.patch. - commit f00ef99 - blacklist.conf: Add git-fixes patches checked into perf userspace - commit 032d842 ++++ libgcrypt: - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480] * gcry_mpi_sub_ui: fix subtracting from negative value * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch ++++ systemd: - move files related to static nodes to udev ++++ podman: - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416). * API - Updated the containers/image library to v5.17.0 - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). * Misc - Podman now builds by default with cgo enabled on OS X, resolving some issues with SSH (#10737). ++++ qemu: * Patches added (bsc#1186256): qemu-binfmt-conf.sh-allow-overriding-SUS.patch ------------------------------------------------------------------ ------------------ 2021-12-6 - Dec 6 2021 ------------------- ------------------------------------------------------------------ ++++ glib-networking: - Update to version 2.70.1: + Fix crashes when handshake is cancelled + OpenSSL: fix spurious certificate expired verification errors + GnuTLS: - Fix tests on 32-bit systems - Fix crash when invalid priority string is forced - Add check section and run meson_test macro during build. ++++ grub2: - Fix extent not found when initramfs contains shared extents (bsc#1190982) * 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch ++++ kernel-default: - perf: Ignore sigtrap for tracepoints destined for other tasks (git-fixes). - perf/x86/intel/uncore: Fix IIO event constraints for Snowridge (git-fixes). - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (git-fixes). - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR M3UPI event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR M2PCIE event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR CHA event constraints (git-fixes). - commit 1cfbe90 - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1190497). - commit 00aee08 - tracing/histograms: String compares should not care about signed values (git-fixes). - commit fa5ea58 - tracing: Fix pid filtering when triggers are attached (git-fixes). - commit 3c359a7 - blacklist.conf: 27ff768fa21c ("tracing: Test the 'Do not trace this pid' case in create event") Not needed. The backported "broken" commit is already fixed. - commit 2c0434d - tracing: Check pid filtering when creating events (git-fixes). - commit 90d7fd0 - arm64: cpufeature: Export this_cpu_has_cap helper (jsc#SLE-19046). - commit fd033df - coresight: Use devm_bitmap_zalloc when applicable (jsc#SLE-19046). - arm64: errata: Enable TRBE workaround for write to out-of-range address (jsc#SLE-19046). - arm64: errata: Enable workaround for TRBE overwrite in FILL mode (jsc#SLE-19046). - coresight: trbe: Work around write to out of range (jsc#SLE-19046). - coresight: trbe: Make sure we have enough space (jsc#SLE-19046). - coresight: trbe: Add a helper to determine the minimum buffer size (jsc#SLE-19046). - coresight: trbe: Workaround TRBE errata overwrite in FILL mode (jsc#SLE-19046). - coresight: trbe: Add infrastructure for Errata handling (jsc#SLE-19046). - coresight: trbe: Allow driver to choose a different alignment (jsc#SLE-19046). - coresight: trbe: Decouple buffer base from the hardware base (jsc#SLE-19046). - coresight: trbe: Add a helper to pad a given buffer area (jsc#SLE-19046). - coresight: trbe: Add a helper to calculate the trace generated (jsc#SLE-19046). - coresight: trbe: Prohibit trace before disabling TRBE (jsc#SLE-19046). - coresight: trbe: End the AUX handle on truncation (jsc#SLE-19046). - coresight: trbe: Do not truncate buffer on IRQ (jsc#SLE-19046). - coresight: trbe: Fix handling of spurious interrupts (jsc#SLE-19046). - coresight: trbe: irq handler: Do not disable TRBE if no action is needed (jsc#SLE-19046). - coresight: trbe: Unify the enabling sequence (jsc#SLE-19046). - coresight: trbe: Drop duplicate TRUNCATE flags (jsc#SLE-19046). - coresight: trbe: Ensure the format flag is always set (jsc#SLE-19046). - coresight: etm-pmu: Ensure the AUX handle is valid (jsc#SLE-19046). - coresight: etm4x: Use Trace Filtering controls dynamically (jsc#SLE-19046). - coresight: etm4x: Save restore TRFCR_EL1 (jsc#SLE-19046). - coresight: Don't immediately close events that are run on invalid CPU/sink combos (jsc#SLE-19046). - coresight: tmc-etr: Speed up for bounce buffer in flat mode (jsc#SLE-19046). - coresight: Update comments for removing cs_etm_find_snapshot() (jsc#SLE-19046). - coresight: tmc-etr: Use perf_output_handle::head for AUX ring buffer (jsc#SLE-19046). - coresight: tmc-etf: Add comment for store ordering (jsc#SLE-19046). - coresight: tmc-etr: Add barrier after updating AUX ring buffer (jsc#SLE-19046). - coresight: tmc: Configure AXI write burst size (jsc#SLE-19046). - arm64: errata: Add detection for TRBE write to out-of-range (jsc#SLE-19046). - arm64: errata: Add workaround for TSB flush failures (jsc#SLE-19046). - arm64: errata: Add detection for TRBE overwrite in FILL mode (jsc#SLE-19046). - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (jsc#SLE-19046). - commit d3c2191 - Update patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr.ss_family.patch (stable-5.14.10 bsc#1192845 CVE-2021-43975). Added CVE reference - commit 8142e42 - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (bsc#1192845 CVE-2021-43975). - commit 283c0a0 - perf: qcom_l2_pmu: ACPI: Use ACPI_COMPANION() directly (git-fixes). - drivers/perf: thunderx2_pmu: Change data in size tx2_uncore_event_update() (git-fixes). - drivers/perf: hisi: Fix PA PMU counter offset (git-fixes). - KVM: arm64: Fix PMU probe ordering (git-fixes). - KVM: arm64: perf: Replace '0xf' instances with ID_AA64DFR0_PMUVER_IMP_DEF (git-fixes). - commit 91fb475 - usb: typec: altmodes/displayport: Make dp_altmode_notify() more generic (git-fixes). - commit 5136280 - x86/entry: Use the correct fence macro after swapgs in kernel CR3 (bsc#1190497). - commit e1ed0c4 - Refresh patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch. - commit 2d12b8e - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1190497). - commit 69d2c59 - unmark patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch - commit 36647a7 - Refresh patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch. - commit e4b09e3 - unmark patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch - commit 0cf1770 - Refresh patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch. - Update config files. x86_64, arm64, ppc64le, s390x - Add CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y - commit 6189d45 - Refresh patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch. - commit f2a5454 - Refresh patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch. - commit f2c3a99 - usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - serial: 8250_bcm7271: UART errors after resuming from S2 (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - serial: liteuart: fix minor-number leak on probe errors (git-fixes). - serial: liteuart: fix use-after-free and memleak on unbind (git-fixes). - serial: liteuart: Fix NULL pointer dereference in ->remove() (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - commit 3fabb98 - Move upstreamed USB fix into sorted section - commit e02363b ++++ kmod: - Ensure that kmod and packages linking to libkmod provide same features (bsc#1193430). ++++ multipath-tools: - Update to 0.8.8+38+suse.2bdd3a14.obscpio * upstream version bump. Code-wise identical to 0.8.7+138+suse.7c9afe31 ++++ alsa: - Update to version 1.2.6: lots of changes, including UCM and config updates and rawmidi framing mode support: for details, see below https://www.alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-lib - Add *.sig file for the source tarball ++++ mozilla-nss: - Update FIPS validation string to version-release format. - Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC from list of FIPS approved algorithms. ++++ makedumpfile: - Non-existent patches must be listed twice to appear as added in a unified diff against a version that had them. Only that can make factory-auto happy. Here we go: * makedumpfile-Retrieve-MAX_PHYSMEM_BITS-from-vmcoreinfo.patch * makedumpfile-arm64-Add-support-for-ARMv8.2-LPA-52-bit-PA-su.patch ++++ qemu: - cross-i386-binutils and cross-i386-gcc are not needed and were dropped from Factory - boo#1193424 ++++ ovmf: - cross-i386-binutils and cross-i386-gcc have been dropped from Factory, so use only cross-x86_64-* - boo#1193424 ++++ runc: - Update to runc v1.0.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784 bsc#1193436 * A potential vulnerability was discovered in runc (related to an internal usage of netlink), however upon further investigation we discovered that while this bug was exploitable on the master branch of runc, no released version of runc could be exploited using this bug. The exploit required being able to create a netlink attribute with a length that would overflow a uint16 but this was not possible in any released version of runc. For more information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784. Due to an abundance of caution we decided to do an emergency release with this fix, but to reiterate we do not believe this vulnerability was possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for discovering and reporting this vulnerability so quickly. * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ++++ yast2-trans: - Update to version 84.87.20211204.c55adb9b7a: * New POT for text domain 'installation'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * New POT for text domain 'update'. * New POT for text domain 'storage'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'base'. * New POT for text domain 'add-on'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * New POT for text domain 'users'. * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * New POT for text domain 'update'. * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-12-4 - Dec 4 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/cs8409: Set PMSG_ON earlier inside cs8409 driver (git-fixes). - commit e3352ca - ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes). - commit 992fab0 - drm/vc4: kms: Fix previous HVS commit wait (git-fixes). - drm/vc4: kms: Don't duplicate pending commit (git-fixes). - drm/vc4: kms: Clear the HVS FIFO commit pointer once done (git-fixes). - drm/vc4: kms: Add missing drm_crtc_commit_put (git-fixes). - drm/vc4: kms: Fix return code check (git-fixes). - drm/vc4: kms: Wait for the commit before increasing our clock rate (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - iwlwifi: Fix memory leaks in error handling path (git-fixes). - iwlwifi: fix warnings produced by kernel debug options (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - commit 7d5a7f0 - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow (git-fixes). - atlantic: Remove warn trace message (git-fixes). - atlantic: Fix statistics logic for production hardware (git-fixes). - atlantic: Add missing DIDs and fix 115c (git-fixes). - atlantic: Fix to display FW bundle version instead of FW mac version (git-fixes). - atlatnic: enable Nbase-t speeds with base-t (git-fixes). - atlantic: Increase delay for fw transactions (git-fixes). - ASoC: rk817: Add module alias for rk817-codec (git-fixes). - ASoC: tegra: Fix kcontrol put callback in Mixer (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADX (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AMX (git-fixes). - ASoC: tegra: Fix kcontrol put callback in SFC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in MVC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - ASoC: tegra: Fix wrong value type in MVC (git-fixes). - ASoC: tegra: Fix wrong value type in SFC (git-fixes). - ASoC: tegra: Fix wrong value type in DSPK (git-fixes). - ASoC: tegra: Fix wrong value type in DMIC (git-fixes). - ASoC: tegra: Fix wrong value type in I2S (git-fixes). - ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes). - ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec (git-fixes). - commit d6b0e1d ------------------------------------------------------------------ ------------------ 2021-12-3 - Dec 3 2021 ------------------- ------------------------------------------------------------------ ++++ blog: - Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0 - Remove patch fcb9e0c2.patch as now part of tar ball ++++ glib2: - Update to version 2.70.2: + Fix use of the default log writer with journald namespaces + Fix hang in `dbus-daemon` under `GTestDBus` when `G_MESSAGES_DEBUG=all` is set + Speed up `g_canonicalize_filename()` to avoid pathogenic cases with `..` + Fix URI for pcre subproject as it’s moved upstream + Fix storing GSettings dictionaries on macOS + Speed up ‘remove dot segments’ algorithm in `GUri` to avoid pathogenic cases with `..` + Fix infinite loops in D-Bus message parsing for truncated inputs + Improve correctness of version information returned by `g_get_os_info()` for Windows 10/Server 2019+ + Bugs fixed: glgo#GNOME/GLib#2400, glgo#GNOME/GLib#2426, glgo#GNOME/GLib#2528, glgo#GNOME/GLib#2530, glgo#GNOME/GLib#2537, glgo#GNOME/GLib#2541, glgo#GNOME/GLib!2312, glgo#GNOME/GLib!2313, glgo#GNOME/GLib!2314, glgo#GNOME/GLib!2316, glgo#GNOME/GLib!2320, glgo#GNOME/GLib!2335, glgo#GNOME/GLib!2337, glgo#GNOME/GLib!2340, glgo#GNOME/GLib!2344, glgo#GNOME/GLib!2356, glgo#GNOME/GLib!2359, glgo#GNOME/GLib!2361, glgo#GNOME/GLib!2363, glgo#GNOME/GLib!2366, glgo#GNOME/GLib!2375, glgo#GNOME/GLib!2383. + Updated translations. ++++ kernel-default: - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - commit 713d069 - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - commit e4fbc61 - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - commit 667806f ++++ multipath-tools: - Drop versioned dependency on libmpath0 again (bsc#1190622) * Since 0.8.6, libmultipath and libmpathpersist have got proper ABI versioning, and rpmbuild auto-generates dependencies on libmultipath.so.0(LIBMULTIPATH_13.0.0) etc. ++++ pango: - Update to version 1.50.0: + Fix glyph placement in gravity east + Fix line heights in improper gravities + Only shown selected ignorables with nicks + Support tab alignments other than left + Support custom decimal points on decimal tabs + Fix a pango-view crash + Optimize handling of many tabs + Drop json-glib dependency - Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed. ++++ zlib: - Update 410.patch to include new fixes from upstream, fixes bsc#1192688 - Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch to match upstream commit - Drop patches which changes have been merged in 410.patch: * zlib-compression-switching.patch * zlib-390x-z15-fix-hw-compression.patch * bsc1174551-fxi-imcomplete-raw-streams.patch ++++ makedumpfile: - Merge SLE15 SP3 changelog. - Patches that were never actually applied to Factory: * makedumpfile-Retrieve-MAX_PHYSMEM_BITS-from-vmcoreinfo.patch (included in 1.6.8) * makedumpfile-arm64-Add-support-for-ARMv8.2-LPA-52-bit-PA-su.patch (included in 1.6.8) ++++ ovmf: - Merge the difference from SLE for pushing back to SLE15-SP4 - Add/Update 50-xen-hvm-x86_64.json in descriptors.tar.xz - Add the json descriptor for xen-hvm (bsc#1180050) - Add "nvram-template" and change the firmware file to ovmf-x86_64-ms-4m.bin (bsc#1180050, bsc#1181264) - The following patches in SLE are already in edk2-edk2-stable202108 in factory, so they will be removed from 15-SP4 - ovmf-bsc1177789-cryptopkg-fix-null-dereference.patch to fix the potential NULL dereference in AuthenticodeVerify() (bsc#1177789, CVE-2019-14584) - 26442d11e620a9 edk2-stable202011~124 - ovmf-bsc1180079-amd-sev-es-mitigation.patch to mitigate the potential AMD SEV-ES security issues (bsc#1180079) - a91b700e385e74 edk2-stable202102~181 - ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch as the follow-up patch for SEV-ES to fix the flash writing (jsc#SLE-16075) - 3a3501862f7309 edk2-stable202102~105 - ovmf-bsc1183578-lzma-catch-4GB.patch to fix the possible heap corruption (bsc#1183578, CVE-2021-28211) - e7bd0dd26db7e5 edk2-stable202011~7 - ovmf-bsc1183579-fix-fv-recursion.patch to fix unlimited FV recursion (bsc#1183579, CVE-2021-28210) - b9bdfc72853fe9 edk2-stable202011~9 - Add ovmf-bsc1186151-fix-iscsi-overflows.patch to fix the possible overflows in IScsiDxe (bsc#1186151) - 83761337ec91fb edk2-stable202108-rc0~171 ------------------------------------------------------------------ ------------------ 2021-12-2 - Dec 2 2021 ------------------- ------------------------------------------------------------------ ++++ blog: - Add upstream patch fcb9e0c2.patch * On s390/x and PPC64 gcc misses unused arg0 - Update to version 2.24 * Avoid install errror due missed directory - Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (boo#1186506) ++++ librsvg: - Remove librsvg-s390x-cairo-has-current-point.patch - it is included in the upstream tarball now. ++++ kernel-default: - Bluetooth: Apply initial command workaround for more Intel chips (bsc#83f2dafe2a62). - commit e1329be - drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown() (git-fixes). - commit 905574f - Refresh patches.suse/drm-i915-Extend-the-async-flip-VT-d-w-a-to-skl-bxt.patch. Alt-commit - commit afad9d5 - Refresh patches.suse/drm-i915-gvt-fix-the-usage-of-ww-lock-in-gvt-schedul.patch. Alt-commit - commit 0475b7e - Refresh patches.suse/drm-amdgpu-Fix-even-more-out-of-bound-writes-from-de.patch. Alt-commit. Also updated the patch-mainline tag. - commit ce4a8c2 - Refresh patches.suse/drm-amd-display-Fix-deadlock-when-falling-back-to-v2.patch. Alt-commit - commit fadf24f - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - commit 9ae484d - fuse: release pipe buf after last use (bsc#1193318). - commit fad20a3 - drm/msm/dsi: fix wrong type in msm_dsi_host (git-fixes). - commit 9d4cd6e - drm/msm/dsi: do not enable irq handler before powering up the host (git-fixes). - commit 21c53a3 - mm: vmscan: Reduce throttling due to a failure to make progress (bsc#1190208 (MM functional and performance backports)). - commit c9d43e5 - sched,x86: Fix L2 cache mask (bsc#1193302). - commit 512a2f3 - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs (bsc#1192120). - sched/fair: Use weight of SD_NUMA domain in find_busiest_group (bsc#1192120). - commit 67de029 - Delete patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCS.patch. - commit 79c1d08 - drm/msm/dsi: rename dual DSI to bonded DSI (git-fixes). - commit 383555c - drm/amd/pm: Fix incorrect power limit readback in smu11 if POWER_SOURCE_DC (git-fixes). - commit c04f48c - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range() (git-fixes). - commit bf0c1da - Refresh patches.suse/drm-i915-Remove-memory-frequency-calculation.patch. Alt-commit - commit 2650497 - Refresh patches.suse/0001-drm-i915-guc-drop-guc_communication_enabled.patch. Alt-commit - commit 01f68ee - blacklist.conf: faf890985e30 drm/i915: Fix syncmap memory leak - commit 62955ef - Refresh patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch. Alt-commit - commit 3b7e322 - staging: rtl8723bs: remove a second possible deadlock (git-fixes). - commit e15a622 - USB: serial: option: add Fibocom FM101-GL variants (git-fixes). - USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB (git-fixes). - drm/nouveau: recognise GA106 (git-fixes). - drm/amdgpu: IH process reset count when restart (git-fixes). - PCI: aardvark: Simplify initialization of rootcap on virtual bridge (git-fixes). - PCI: aardvark: Implement re-issuing config requests on CRS response (git-fixes). - staging: rtl8723bs: remove a third possible deadlock (git-fixes). - staging: rtl8723bs: remove possible deadlock when disconnect (v2) (git-fixes). - commit cbbc2ed - rpm/kernel-binary.spec.in: don't strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - commit 83af88d ++++ multipath-tools: - Update to version 0.8.7+138+suse.7c9afe31: New upstream version (pre-0.8.8) * deprecate "config_dir" and "multipath_dir" config options (will be removed in future version) * remove dependency on systemd-udevd-settle.service (boo#1193336) * fix crash in remove_map (boo#1193334) * CLI: add path wildcard "%I" for init state * CLI: add "reconfigure all" command * allow multiple pending "reconfigure" commands (bsc#1189551) * speed up "reconfigure" by avoiding unnecessary map reloads (bsc#1189551) * rework of CLI command handler (unix socket handler) to avoid hanging CLI commands (bsc#1189551) * fix multipathd startup after stop during reconfigure (boo#1193338) * improve error detection and warning messages in config file parser * fix exit status of multipath -T (bsc#1191900) * fix defects reported by coverity (boo#1193342) - avoid sleeping with locks held - exit if bindings file is broken - set umask before mkstemp - add bounds and consistency checks in SCSI VPD parsing code * add hardware table entry for DellEMC/ME4 (PowerVault ME4) ++++ rdma-core: - Update to v38.0 (jsc#SLE-18383) - Bugfixes on all providers - New provider for irdma support - Add rdma-ndd to recommended depencies of rdma-core ++++ mozilla-nss: - Mozilla NSS 3.68.1 MFSA 2021-51 (bsc#1193170) * CVE-2021-43527 (bmo#1737470) Memory corruption via DER-encoded DSA and RSA-PSS signatures - Remove now obsolete patch nss-bsc1193170.patch ++++ libseccomp: - reenable python bindings at least for the distro default python3 package: - adds make-python-build.patch ++++ libvirt: - libxl: Fix libvirtd deadlocks and segfaults 23b51d7b-libxl-disable-death-event.patch, a4e6fba0-libxl-rename-threadinfo-struct.patch, e4f7589a-libxl-shutdown-thread-name.patch, b9a5faea-libxl-handle-death-thread.patch, 5c5df531-libxl-search-domid-in-thread.patch, a7a03324-libxl-protect-logger-access.patch bsc#1191668, bsc#1192017 - Update to libvirt 7.10.0 - jsc#SLE-18260, jsc#SLE-19264 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v7-10-0-2021-12-01 ++++ python-libvirt-python: - Update to 7.10.0 - Add all new APIs and constants in libvirt 7.10.0 - jsc#SLE-18260, jsc#SLE-19264 ++++ yast2: - Drop support for subscription-tools, that package is not present in SLE15 anymore - removed modules/ProductProfiles.rb file (bsc#1193339) - 4.4.27 - Popup.YesNo(): Unify the internal [No] button ID (bsc#1193326) - 4.4.26 ------------------------------------------------------------------ ------------------ 2021-12-1 - Dec 1 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Ignore multipath devices when probing devices for a btrfs filesystem (bsc#1192983) * 0001-btrfs-progs-Add-optional-dependency-on-libudev.patch * 0002-btrfs-progs-Ignore-devices-representing-paths-in-mul.patch * 0003-btrfs-progs-Add-fallback-code-for-path-device-ignore.patch ++++ ignition: - Update to version 2.13.0: * news: add notes for 2.13.0 * config/v3_4_exp: noProxy entries cannot be null * config/v3_4_exp: mark ignition.version as required * docs/supported-platforms: add some description about Nutanix * providers/nutanix: add Nutanix platform * tests: use umountPath as a thin wrapper around umountPartition * internal/providers: refactor handling of unmounting the mount path * tests: address gostatic-check warning * tests: Add base64 decoding test * Dockerfile.validate: build with Fedora 35 * go.mod: update dataurl to 1.0.0 * ci: give blackbox tests two hours to run * tests/filesystem: fix umountPartition retry loop * templates: skip vendoring the new version in favor of dependabot * go.mod: update vcontext * providers/virtualbox: read config from /Ignition/Config guest property * stages/filesystems: use mkfs.fat instead of mkfs.vfat * docs/supported-platforms: switch to Afterburn docs URL * docs/supported-platforms: drop reference to platform-specific agents * test: ensure all platforms are documented * docs/supported-platforms: add missing platforms * stages/files: rename `relabelDirsForFile` and add docstring * stages/files: make variable name follow Go convention * docs/supported-platforms: update platform names and URLs * docs/supported-platforms: sort by platform ID * docs/supported-platforms: add platform IDs * docs: Remove default layout from front matter * docs: Do not convert -- & --- to en/em-dash * internal/*: change the location of Ignition report * internal/exec/util: rename FindFirstMissingDirForFile and tweak docs * providers/qemu: start reporting progress reading fw_cfg after 10 s * providers/qemu: optimize fw_cfg read size * ci: use coreos-ci-lib helper for kola testiso * *: gofmt 1.17 * workflows: bump Go and golangci-lint * config: update versions in comments - Removed obsolete ignition-rpmlintrc ++++ kernel-default: - Refresh patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch. Alt-commit - commit 18c0378 - Refresh patches.suse/drm-amdkfd-fix-dma-mapping-leaking-warning.patch. Alt-commit - commit d513741 - Refresh patches.suse/0001-drm-amd-display-Fix-white-screen-page-fault-for-gpuv.patch. Alt-commit - commit d8362fa - Refresh patches.suse/0001-drm-amdgpu-fix-use-after-free-during-BO-move.patch. Alt-commit - commit 6231070 - Refresh patches.suse/drm-i915-tc-Fix-TypeC-port-init-resume-time-sanitiza.patch. Alt-commit - commit 75478ec - Refresh patches.suse/0425-drm-i915-Update-memory-bandwidth-parameters.patch. Alt-commit - commit 20108dd - blacklist.conf: b6dfa4161729 drm/i915/dp: Drop redundant debug print - commit c59ba00 - Refresh patches.suse/0001-drm-i915-dp-return-proper-DPRX-link-training-result.patch. Alt-commit - commit 70fb6b8 - blacklist.conf: d8959fb33890 drm/i915/dp: remove superfluous EXPORT_SYMBOL() - commit 83d3fca - blacklist.conf: f6864b27d6d3 drm/i915/edp: fix eDP MSO pipe sanity checks for ADL-P - commit fc8a263 - blacklist.conf: 8b46cc6577f4 drm/i915: Tweaked Wa_14010685332 for all PCHs - commit 8d282e0 - blacklist.conf: c5589bb5dccb drm/i915: Only access SFC_DONE when media domain is not fused off - commit e46b9ce - blacklist.conf: 70418a68713c drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg - commit 0ee0cf4 - rtw89: add AXIDMA and TX FIFO dump in mac_mem_dump (bsc#1188303). - rtw89: fix potentially access out of range of RF register array (bsc#1188303). - rtw89: remove unneeded variable (bsc#1188303). - rtw89: remove unnecessary conditional operators (bsc#1188303). - rtw89: update tx power limit/limit_ru tables to R54 (bsc#1188303). - rtw89: update rtw89 regulation definition to R58-R31 (bsc#1188303). - rtw89: fill regd field of limit/limit_ru tables by enum (bsc#1188303). - commit bdba716 - Update rtw89 fix with the upstream patch from wireless-drivers tree - commit 70a5c33 - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976 bsc#1192847). - commit 4829170 ++++ kernel-firmware: - Update to version 20211123 (git commit b0e898fbaf37): * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * amdgpu: update yellow carp dmcub firmware * amdgpu: update vangogh DMCUB firmware * Update ath10k/QCA6174/hw3.0/board-2.bin * mrvl: prestera: Update Marvell Prestera Switchdev v4.0 * QCA: Add Bluetooth firmware for WCN685x - Fix the script to adapt ZSTD compressed modules (jsc#SLE-21256) - Update _service to follow branch main instead - Update aliases ++++ libXfixes: - update to version 6.0 is needed for GNOME41, particularly the gnome-settings-daemon's new feature to disconnect from Xwayland (JIRA #SLE-22829) ++++ suseconnect-ng: - Update to version 0.0.4~git0.64b80e9: * Makefile: also run tests under ./suseconnect * Switch yast-test to upstream * Removed examples leftover from the POC phase * Add HA repo to get rubygem(ffi) before it's in the baseproduct * Add versions and lib deps * Post-review cleanup * Package libsuseconnect and shim * Align with yast-registration tests * Fix SSLCertificate mixins * Fix logger crash and restore mixin * Removed TODO item handled separately * Enable debug early * Add package search for YaST's "Online Search" * Clarify Repo fields * Export UpdateSystem() * Export SystemActivations() * Add migration functions * Fix handling of IsBase attribute * Add missing JSONError * Add list_installer_updates * Add "update certificates" * Add more specific errors * Improved SSL error handling * Init defaults for get_config() * Improved debug logging * Fix error scopes * Fix ApiError interface * Added DEFAULT_CREDENTIALS_DIR const * get proxy credentials from curlrc * Forward logs from Connect to YaST * Separate Info logger * Added more TODO items * Simplify Config object init * Map Repo and Config fields to JSON * Add remaining fields listed in addon.rb * Add product_type field to product * First working yast part * Add relative path support to credentials * Add steps to test from yast * Add yast create_credentials_file * Add CreateCredentials() method * Add yast credentials() * Add yast announce_system - WIP * Add MergeJSON method for Config * Add readme for YaST integration * Fix usage text * Add missing -g argument * Fix OBS CI, it now requires target * Add manpage placeholder * Simplify packageWanted() * Add sorting and grouping options * Add local repo search and duplicate removal * Add basic online package search * Update rpm spec for zypper-search-packages-plugin * Add CLI for zypper search-packages plugin * Optional base product in package search * Use DefaultTransport defaults + client timeout * Extract ReleaseType from zypper output * Print failed command on zypper error like the Ruby * Add package_search API wrapper * Allow de-register/de-activate a single product * Improve docstring for the Status struct * Always show subscription information if available * Refactor getStatuses() to ease testing * Add SUMA/Uyuni check * Fix status output order to follow zypper product xml * Change GetExtensionsList() to reduce calls * Add the subscription name to status output * allow --instance-data together with --regcode * Post-review cleanups * Add selfupdate functionality * Handle Leap -> SLES migration scenario * Add offline migrations support * Change parse error string and add block comment * Add disabling of obsolete repos * Add zypper repos listing * Add interactive migration selection * Allow loading Config from any path * Remove dummy flag * Add snapper support * Add zypper backup/restore functions * Use connect.StringSet * Add --query option * Add product and break-my-system options * Add note on conflicting flags * Check for flag contradictions * Add echoing output of executed commands to console * Move product printing out of checkProducts() * Split --debug and --verbose * Add zypper dist-upgrade part * Split migration code * Extract migration sorting * Expose migration(Add|Remove)Service() functions * Trap SIGINT/SIGTERM * Add zypper.RefreshRepos() * Expose client.upgradeProduct() * Add --root parameter * Add --migration N parameter * Prepare available migrations * Add API call to get online migration paths * Add system products checking * Add quiet logger for easier --quiet handling * Add zypper migration plugin implementation. * Export toTriplet and installReleasePackage * Add basic string set implementation * Remove quiet param from execute() and zypperRun() * Simplify mocking of external commands ++++ yast2: - Add register_target to the Y2Packager::Product class (bsc#1193212). - 4.4.25 - Do not crash when it is not possible to fetch the package containing the release notes (bsc#1193148). - 4.4.24 ------------------------------------------------------------------ ------------------ 2021-11-30 - Nov 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - commit 86d3c56 - crypto: dh - call dh_init() after drbg_init() and jent_mod_init() (jsc#SLE-21132,bsc#1191256). - commit 61dfd91 - crypto: dh - implement FIPS PCT (jsc#SLE-21132,bsc#1191256). - commit 9f91254 - crypto: dh - accept only approved safe-prime groups in FIPS mode (jsc#SLE-21132,bsc#1191256). - commit 2d1a8e9 - crypto: dh - try to match domain parameters to a known safe-prime group (jsc#SLE-21132,bsc#1191256). - commit 26a335b - crypto: dh - calculate Q from P for the full public key verification (jsc#SLE-21132,bsc#1191256). - commit b4037c4 - crypto: dh - store group id in dh-generic's dh_ctx (jsc#SLE-21132,bsc#1191256). - commit f0486a1 - lib/mpi: export mpi_rshift (jsc#SLE-21132,bsc#1191256). - commit 4310d0e - crypto: testmgr - add DH test vectors for key generation (jsc#SLE-21132,bsc#1191256). - commit 54bd083 - crypto: dh - introduce support for ephemeral key generation to qat driver (jsc#SLE-21132,bsc#1191256). - commit 7368cee - crypto: dh - introduce support for ephemeral key generation to hpre driver (jsc#SLE-21132,bsc#1191256). - commit 2b8dc8a - crypto: dh - introduce support for ephemeral key generation to dh-generic (jsc#SLE-21132,bsc#1191256). - commit 3773460 - crypto: dh - implement private key generation primitive (jsc#SLE-21132,bsc#1191256). - commit 6465374 - crypto: testmgr - run only subset of DH vectors based on config (jsc#SLE-21132,bsc#1191256). - commit ac8f2bb - crypto: testmgr - add DH RFC 3526 modp2048 test vector (jsc#SLE-21132,bsc#1191256). - commit d59cad5 - crypto: dh - introduce RFC 3526 safe-prime groups (jsc#SLE-21132,bsc#1191256). - Update config files. - commit 7ce8fbd - crypto: testmgr - add DH RFC 7919 ffdhe3072 test vector (jsc#SLE-21132,bsc#1191256). - commit 66277b9 - crypto: dh - introduce RFC 7919 safe-prime groups (jsc#SLE-21132,bsc#1191256). - Update config files. - commit ffde948 - hwmon: (dell-smm-hwmon) Fix fan mutliplier detection for 3rd fan (git-fixes). - commit fc58f7c - hwmon: (dell-smm-hwmon) Convert to devm_hwmon_device_register_with_info() (git-fixes). - commit 8eb28b7 - crypto: dh - optimize domain parameter serialization for well-known groups (jsc#SLE-21132,bsc#1191256). - commit 0e9a462 - crypto: dh - constify struct dh's pointer members (jsc#SLE-21132,bsc#1191256). - commit cd58585 - crypto: dh - remove struct dh's ->q member (jsc#SLE-21132,bsc#1191256). - commit ca28b3e - hwmon: (dell-smm-hwmon) Move variables into a driver private data structure (git-fixes). - commit a97cfe2 - hwmon: (dell-smm-hwmon) Use devm_add_action_or_reset() (git-fixes). - commit 12a377a - hwmon: (dell-smm-hwmon) Mark functions as __init (git-fixes). - commit a95801d - ptp: ocp: add COMMON_CLK dependency (git-fixes). - commit c11a32b - hwmon: (dell-smm-hwmon) Use platform device (git-fixes). - commit f051ae7 - mm: Add kvrealloc() (git-fixes). - commit ef97709 - crypto: jitter - quit sample collection loop upon RCT failure (jsc#SLE-21132,bsc#1191259). - commit 990cfda - crypto: jitter - don't limit ->health_failure check to FIPS mode (jsc#SLE-21132,bsc#1191259). - commit 583d284 - crypto: drbg - ignore jitterentropy errors if not in FIPS mode (jsc#SLE-21132,bsc#1191259). - commit a216735 - mt76: drop MCU header size from buffer size in __mt76_mcu_send_firmware (git-fixes). - commit 3d10da9 - mt76: introduce __mt76_mcu_send_firmware routine (git-fixes). - commit a54556a - x86/hyperv: Move required MSRs check to initial platform probing (git-fixes). - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes). - Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size (git-fixes). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185726). - PCI: hv: Remove unnecessary use of %hx (git-fixes). - Drivers: hv : vmbus: Adding NULL pointer check (git-fixes). - x86/hyperv: Remove duplicate include (git-fixes). - x86/hyperv: Remove duplicated include in hv_init (git-fixes). - Drivers: hv: vmbus: Remove unused code to check for subchannels (git-fixes). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Report OS info to the PF driver (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - hv_netvsc: Add comment of netvsc_xdp_xmit() (git-fixes). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: use eth_hw_addr_set() (jsc#SLE-19256). - commit 64933c8 - Revert "drm/i915: Fix missing docbook chapters for i915 uapi" This reverts commit d33eb4b2a0b7422c9dc94bcd23d0d9ef458f2f77. - commit 6e0d735 - bpf: Stop caching subprog index in the bpf_pseudo_func insn (git-fixes). - commit 76c87a6 ++++ mozilla-nss: - Add patch to fix CVE-2021-43527 (bsc#1193170): nss-bsc1193170.patch ++++ libgcrypt: - FIPS: Define an entropy source SP800-90B compliant [bsc#1185140] * Disable jitter entropy by default in random.conf * Disable only-urandom option by default in random.conf ++++ sqlite3: - SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. ++++ raspberrypi-firmware-dt: Enable RaspberryPi Zero 2 (jsc#SLE-23131). - Update to 14c1845ff9 (2021-11-19): * Add DTS: - bcm2710-rpi-zero-2-w.dts - bcm2710-rpi-zero-2.dts * Add overlays: - adafruit-st7735r-overlay.dts - fbtft-overlay.dts - imx519-overlay.dts - mcp2515-overlay.dts - mlx90640-overlay.dts ++++ yast2: - Prepare code for ruby3 (bsc#1193192) - 4.4.23 ------------------------------------------------------------------ ------------------ 2021-11-29 - Nov 29 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Use %autosetup - Don't include sample rules as %doc, they're already installed as normal files - Fix create-augenrules-service.patch: * auditd.service needs to require augenrules.service, not the other way around - Fix documentation for enable-stop-rules.patch ++++ kernel-default: - usb: ohci: disable start-of-frame interrupt in ohci_rh_suspend (git-fixes). - commit 474865f - Refresh patches.suse/0410-drm-i915-adl_p-Also-disable-underrun-recovery-with-M.patch. Add alt-commit tag for duplicate - commit b076848 - drm/i915/guc: Reset LRC descriptor if register returns -ENODEV (git-fixes). - commit 65e549a - drm/i915/guc: Take context ref when cancelling request (git-fixes). - commit 506a6d9 - drm/i915/guc: Copy whole golden context, set engine state size of subset (git-fixes). - commit b1fdf4a - drm/i915/guc: Don't enable scheduling on a banned context, guc_id invalid, not registered (git-fixes). - commit c06d135 - drm/i915/guc: Kick tasklet after queuing a request (git-fixes). - commit 35e2726 - drm/i915/guc: Workaround reset G2H is received after schedule done G2H (git-fixes). - commit e25f4c3 - drm/i915/guc: Don't drop ce->guc_active.lock when unwinding context (git-fixes). - commit 380814a - drm/i915/guc: Unwind context requests in reverse order (git-fixes). - commit b4b0087 - drm/i915/guc: Fix outstanding G2H accounting (git-fixes). - commit bd00cfe - drm/i915/guc: Fix blocked context accounting (git-fixes). - commit 5787530 - drm/i915: Fix missing docbook chapters for i915 uapi (git-fixes). - commit d33eb4b - config: set the default cpufreq governor on x86 to "ondemand" (bsc#1190923) "Ondemand" has been the default cpufreq governor in previous SLES releases. Upstream has now set the default to be "schedutil" on all x86_64 systems except for the most recent Intel CPUs (see a00ec3874e7d3 ("cpufreq: intel_pstate: Select schedutil as the default governor")). We estimate this choice carries a notable performance regression. The direct effect of this patch is to restore "ondemand" as default governor on AMD systems. Setting CPU_FREQ_DEFAULT_GOV_CONSERVATIVE=n explicitely is necessary otherwise "make syncconfig" thinks that option is new and stops the build, if no silent config updates are permitted. - commit 5f12495 - Revert "cpufreq: Avoid configuring old governors as default with intel_pstate" (bsc#1190923). - commit a145265 - net: hns3: fix incorrect components info of ethtool --reset command (bsc#1190336). - net: hns3: fix one incorrect value of page pool info when queried by debugfs (bsc#1190336). - net: hns3: add check NULL address for page pool (bsc#1190336). - net: hns3: fix VF RSS failed problem after PF enable multi-TCs (bsc#1190336). - ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() (jsc#SLE-19253). - nixge: fix mac address error handling again (jsc#SLE-19253). - ptp: ocp: Fix a couple NULL vs IS_ERR() checks (jsc#SLE-19253). - RDMA/core: Set sgtable nents when using ib_dma_virt_map_sg() (jsc#SLE-19249). - ethernet: fix up ps3_gelic_net.c for "ethernet: use eth_hw_addr_set()" (jsc#SLE-19256). - ethernet: ehea: add missing cast (jsc#SLE-19256). - dma-mapping: fix the kerneldoc for dma_map_sgtable() (jsc#SLE-19249). - dma-mapping: fix the kerneldoc for dma_map_sg_attrs (jsc#SLE-19249). - ptp: ocp: Have Kconfig select NET_DEVLINK (jsc#SLE-19253). - commit 5d25d7c - iommu/vt-d: Fix unmap_pages support (git-fixes). - commit 7a9b51b - rpm/modules.fips: remove des3 and des (jsc#SLE-21132,bsc#1191261). DES3 has been marked as not approved for FIPS now, remove it from modules.fips. - commit e1ec547 - iommu/rockchip: Fix PAGE_DESC_HI_MASKs for RK3568 (git-fixes). - iommu/dma: Account for min_align_mask w/swiotlb (git-fixes). - swiotlb: Support aligned swiotlb buffers (git-fixes). - iommu/dma: Check CONFIG_SWIOTLB more broadly (git-fixes). - iommu/dma: Fold _swiotlb helpers into callers (git-fixes). - iommu/dma: Skip extra sync during unmap w/swiotlb (git-fixes). - iommu/dma: Fix sync_sg with swiotlb (git-fixes). - iommu/vt-d: Drop "0x" prefix from PCI bus & device addresses (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - commit 27f96b2 - crypto: ecdh - implement FIPS PCT (jsc#SLE-21132,bsc#1191256). - commit 4be783b - crypto: populate downstream list of drivers unapproved for FIPS mode usage (jsc#SLE-21132,bsc#1191270). - commit cf79007 - crypto: implement downstream solution for disabling drivers in FIPS mode (jsc#SLE-21132,bsc#1191270). - commit 267194d - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (bsc#1192946 CVE-2021-4002). - commit 9a6f8ea - locking/rwsem: Optimize down_read_trylock() under highly contended case (bsc#1190137). - locking/rwsem: Make handoff bit handling more consistent (bsc#1190137). - shm: extend forced shm destroy to support objects from several IPC nses (git-fixes). - net: stats: Read the statistics in ___gnet_stats_copy_basic() instead of adding (bsc#1189998). - lib/logic_iomem: fix sparse warnings (git-fixes). - net/sched: cls_api, reset flags on replay (bsc#1189998). - commit 2753e49 ++++ python3-core: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ++++ systemd: - Update 1009-drop-or-soften-deprecation-warnings.patch (bsc#1193086) It rewords the warning about the use of 'KillMode=none'. ++++ tpm2.0-abrmd: - Warp selinux into a bcond ++++ python3: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ++++ tpm2.0-tools: - Fix python3-PyYAML requirement - Move the tests inside a bcond. Disabled by default. ++++ yast2-trans: - Update to version 84.87.20211126.cedf3cc035: * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * New POT for text domain 'autoinst'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'xpram'. * New POT for text domain 's390'. * New POT for text domain 'packager'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-11-28 - Nov 28 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Move upstreamed xhci patch into sorted section - commit e524866 - crypto: dh - limit key size to 2048 in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit 5ff1146 - crypto: rsa - limit key size to 2048 in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit e13c64c - crypto: des - disallow des3 in FIPS mode (jsc#SLE-21132,bsc#1191261). - commit 5cba32d - crypto: jitter - consider 32 LSB for APT (jsc#SLE-21132,bsc#1191259). - commit e52f765 - crypto: drbg - reseed 'nopr' drbgs periodically from get_random_bytes() (jsc#SLE-21132,bsc#1191259). - commit 9772beb - crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors (jsc#SLE-21132,bsc#1191259). - commit 5d82af9 - crypto: drbg - make reseeding from get_random_bytes() synchronous (jsc#SLE-21132,bsc#1191259). - commit c503088 - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (jsc#SLE-21132,bsc#1191259). - commit fe4673f - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (jsc#SLE-21132,bsc#1191259). - commit 832d7de - crypto: drbg - prepare for more fine-grained tracking of seeding state (jsc#SLE-21132,bsc#1191259). - commit 832ea10 - crypto: drbg - Fix unused value warning in drbg_healthcheck_sanity() (jsc#SLE-21132,bsc#1191259). - commit 585265f ------------------------------------------------------------------ ------------------ 2021-11-27 - Nov 27 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf: Fix toctou on read-only map's constant scalar tracking (bsc#1192990,CVE-2021-4001). - commit a65db58 - bpf: Use kvmalloc for map keys in syscalls (bsc#1192990,CVE-2021-4001). - Refresh patches.suse/bpf-Fix-error-usage-of-map_fd-and-fdget-in-generic_m.patch. - commit 8529db1 - usb: hub: Fix locking issues with address0_mutex (git-fixes). - commit 6e122fb - mdio: aspeed: Fix "Link is Down" issue (git-fixes). - lan743x: fix deadlock in lan743x_phy_link_status_change() (git-fixes). - ACPI: Get acpi_device's parent from the parent field (git-fixes). - ACPI: CPPC: Add NULL pointer check to cppc_get_perf() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - staging/fbtft: Fix backlight (git-fixes). - USB: serial: pl2303: fix GC type detection (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: dwc3: leave default DMA for PCI devices (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer (git-fixes). - usb: dwc3: gadget: Ignore NoStream after End Transfer (git-fixes). - usb: dwc3: core: Revise GHWPARAMS9 offset (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - commit 41fc655 ++++ pango: - Update to version 1.49.4: + Require fontconfig 2.13 + Require harfbuzz 2.6 + Many fixes to line breaking accuracy + coretext: Correctly clamp text weights at min/max values + Add serialization api for PangoLayout, PangoFont and PangoAttrList + Require json-glib + tests: - Use serialized layouts for test cases - Include fonts in git + pango-view: Accept serialized layouts + Fix a rounding problem with font metrics + Fix visible space display using ␣ - Changes from version 1.49.3: + Fix hinting of glyph metrics + Fix logical glyph extents in vertical gravities + Visualize more default-ignorable glyphs + Fix advance widths in transformed contexts + Implement Small Caps and other casing variations - Changes from version 1.49.2: + Update Unicode data to Unicode 14 + Fix underlining of spaces + Round font metrics when appropriate + Fix some corner cases of cursor positioning + Handle Catalan middle-dot in text segmentation - Changes from version 1.49.1: + Only recompute log attrs when needed + Validate log attrs + Fix conformance issues in Thai and Indic linebreaking + Add pango_attr_break to support customizing line and word breaks + Add font-dependent baseline shifts and sizing for super- and subscripts + Improve hyphenation support + pango-view: - Visualize caret positions and slopes - Show glyph rects - Make --annotate easier to use + Add pango_layout_get_caret_pos to support sloped carets + Improve caret positioning for ligatures + Better under- and overline placement + layout: - Allocate a bit less - Fix cluster extents with rise + Add pango_layout_iter_get_run_baseline + Add pango_glyph_string_index_to_x_full + coretext: Set size on font descriptions + Add color information to PangoGlyphVisAttr - Changes from version 1.49.0: + Require fribidi 1.0.6 + Fix threadsafety issues with Thai + Fix a rounding problem on i386 + Fix font choice for ellipsis + New api: - pango_font_get_languages - Introspection helpers for attributes + Ignore width in horizontal context when itemizing + markup: - Allow specifying size and rise in points - Allow specifying size as percentage + Rewrite pango_layout_move_cursor_visually + Add a line-height attribute and make logical line extents respect it + Add pango_justify_last_line + Add pango_shape_item + Add a text-transform attribute and implement it + Clean up fribidi api usage + Fix a bug in the gravity data table + pango-view: Improve the --annotate option + Fix a possible crash in rendering strikethroughs - Add pkgconfig(json-glib-1.0) BuildRequires, new dependency. ++++ python3-core: - build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566) ++++ python3: - build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566) ------------------------------------------------------------------ ------------------ 2021-11-26 - Nov 26 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Port change from Thu Sep 30 08:51:55 UTC 2022 forword to current version which includes a rename of patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch as otherwise autopatch macro does not work anymore ++++ gnutls: - Drop bogus condition "> 1550": that would mean 'more recent than Tumbleweed' which is technically impossible, as Tumbleweed is the leading project (and the condition causes issues as Tumbleweed needs to move away from 1550 due to CODE 15 SP5 plans). ++++ kernel-default: - drm/dp: Don't zero PWMGEN_BIT_COUNT when driver_pwm_freq_hz not specified (git-fixes). - commit c054b5e - Alt-commit updates for duplicates - Refresh patches.suse/0409-drm-i915-Use-designated-initializers-for-init-exit-t.patch. - Refresh patches.suse/0411-drm-i915-gt-Potential-error-pointer-dereference-in-p.patch. - Refresh patches.suse/0412-drm-i915-selftest-Fix-use-of-err-in-igt_reset_-fail-.patch. - Refresh patches.suse/0419-drm-i915-gem-Fix-the-mman-selftest.patch. - Refresh patches.suse/0420-drm-i915-Release-ctx-syncobj-on-final-put-not-on-ctx.patch. - Refresh patches.suse/0421-drm-i915-Get-PM-ref-before-accessing-HW-register.patch. - Refresh patches.suse/0422-drm-i915-selftests-Do-not-use-import_obj-uninitializ.patch. - Refresh patches.suse/0423-drm-i915-selftests-Always-initialize-err-in-igt_dmab.patch. - Refresh patches.suse/0426-drm-i915-Move-__i915_gem_free_object-to-ttm_bo_destr.patch. - Refresh patches.suse/0427-drm-i915-Free-all-DMC-payloads.patch. - Refresh patches.suse/0429-drm-i915-guc-docs-Fix-pdfdocs-build-error-by-removin.patch. - Refresh patches.suse/0432-drm-i915-fix-blank-screen-booting-crashes.patch. - Refresh patches.suse/0439-drm-i915-Fix-bug-in-user-proto-context-creation-that.patch. - Refresh patches.suse/0440-drm-i915-Free-the-returned-object-of-acpi_evaluate_d.patch. - Refresh patches.suse/0445-drm-i915-Revert-guc_id-from-i915_request-tracepoint.patch. - commit 6fe956e - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - commit 60fc53f - iio: imu: adis16400: Fix buffer alignment requirements (git-fixes). - iio: gyro: mpu3050: Fix alignment and size issues with buffers (git-fixes). - iio: adc: ti-adc108s102: Fix alignment of buffer pushed to iio buffers (git-fixes). - staging: wfx: ensure IRQ is ready before enabling it (git-fixes). - commit 594abf0 - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: arm_scmi: Fix type error assignment in voltage protocol (git-fixes). - HID: multitouch: disable sticky fingers for UPERFECT Y (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - iio: core: Introduce iio_push_to_buffers_with_ts_unaligned() (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - memory: tegra20-emc: Add runtime dependency on devfreq governor module (git-fixes). - commit 872c3f8 - drm/hyperv: Fix device removal on Gen1 VMs (git-fixes). - drm/aspeed: Fix vga_pw sysfs output (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after GPU reset (git-fixes). - firmware: arm_scmi: Fix type error in sensor protocol (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scmi: Fix base agent discover response (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - commit 90685db - drm/amd/pm: avoid duplicate powergate/ungate setting (git-fixes). - drm/nouveau: clean up all clients on device removal (CVE-2020-27820 bsc#1179599 git-fixes). - drm/nouveau: Add a dedicated mutex for the clients list (CVE-2020-27820 bsc#1179599 git-fixes). - drm/nouveau: use drm_dev_unplug() during device removal (CVE-2020-27820 bsc#1179599 git-fixes). - clk: sunxi-ng: Unregister clocks/resets when unbinding (git-fixes). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - bus: ti-sysc: Use context lost quirk for otg (git-fixes). - bus: ti-sysc: Add quirk handling for reinit on context lost (git-fixes). - ASoC: rt5682: fix a little pop while playback (git-fixes). - ASoC: Intel: sof_sdw: add missing quirk for Dell SKU 0A45 (git-fixes). - ASoC: Intel: soc-acpi: add missing quirk for TGL SDCA single amp (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: rt5651: Use IRQF_NO_AUTOEN when requesting the IRQ (git-fixes). - ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - drm/amd/display: Update swizzle mode enums (git-fixes). - drm/amd/display: Limit max DSC target bpp for specific monitors (git-fixes). - commit acb861b - Move upstreamed media and ARM patches into sorted section Dropped a corresponding blacklist entry, too - commit c1e7317 ++++ brotli: - Fix CVE-2020-8927, decoder: integer overflow when input chunk is larger than 2GiB. (CVE-2020-8927, bsc#1175825) * fix-cve-2020-8927.patch ++++ gcc11: - Enable the cross compilers also on i586 - Enable some cross compilers also in rings - Remove cross compilers for i386 target ++++ libgcrypt: - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240] * rsa: Check RSA keylen constraints for key operations. * rsa: Fix regression in not returning an error for prime generation. * tests: Add 2k RSA key working in FIPS mode. * tests: pubkey: Replace RSA key to one of 2k. * tests: pkcs1v2: Skip tests with small keys in FIPS. * Add patches: - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch ++++ zstd: - Update to version 1.5.0 (jsc#SLE-20392) * https://github.com/facebook/zstd/releases/tag/v1.5.0 * Improved Middle-Level Compression Speed * Improved High-Level Compression Ratio * Faster Decompression Speed * Dynamic Library Supports Multithreading by Default ++++ openssh: - Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch (bsc#1190975, CVE-2021-41617), backported from upstream by Ali Abdallah. ++++ python-Babel: - Add CVE-2021-42771-rel-path-traversal.patch fixing CVE-2021-42771 by cleaning locale identifiers before loading from file (bsc#1185768). ++++ sysuser-tools: - Disable systemd-sysuser on SLE15 to stay compatible (disable-systemd-sysusers.patch) ------------------------------------------------------------------ ------------------ 2021-11-25 - Nov 25 2021 ------------------- ------------------------------------------------------------------ ++++ kdump: - kdump-Store-kdump-initrd-in-kernel-image-path.patch: Fix kdumprd location for usrmerge kernels (boo#1190920). ++++ kernel-default: - powerpc/kexec_file: Add KEXEC_SIG support (jsc#SLE-18145 bsc#1192295). Update config files. - commit b9bad9a - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - commit 823022d - x86/sev: Fix noinstr for vc_ghcb_invalidate() (bsc#1169514). - commit 794a8a0 - x86: Always inline ip_within_syscall_gap() (bsc#1169514). - commit cfc10d5 - x86/kvm: Always inline evmcs_write64() (bsc#1169514). - commit 22c39a2 - x86/kvm: Always inline to_svm() (bsc#1169514). - commit 5a2d299 - x86: Always inline context_tracking_guest_enter() (bsc#1169514). - commit 57c3b6f - x86/kvm: Always inline vmload() / vmsave() (bsc#1169514). - commit bd03ad7 - x86/kvm: Always inline sev_*guest() (bsc#1169514). - commit cc1d87a - objtool: Introduce CFI hash (bsc#1169514). - Refresh patches.suse/objtool-Handle-__sanitize_cov-tail-calls.patch. - commit 4b4d3bb - HID: input: set usage type to key on keycode remap (git-fixes). - HID: input: Fix parsing of HID_CP_CONSUMER_CONTROL fields (git-fixes). - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts (git-fixes). - commit 00be7f6 ++++ tpm2.0-abrmd: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_tpm2-abrmd.service.patch ++++ policycoreutils: - Add run_init.pamd.patch to adjust to SUSE pam setup. Removed run_init_use_pam_keyinit.patch and included it in the new patch (bsc#1190098) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#547 - linuxrc handles LIBSTORAGE_* and YAST_* boot options (jsc#SLE-21308) - 16.57.10 ------------------------------------------------------------------ ------------------ 2021-11-24 - Nov 24 2021 ------------------- ------------------------------------------------------------------ ++++ aide: - aide-disable-gcrypt-MD5-in-fips-mode.patch: gcrypt aborts if MD5 is used in fips mode, so disable it also in aide (bsc#1191422). ++++ combustion: - Look for filesystems with uppercase labels as well ++++ kernel-default: - Refresh patches.suse/lib-scatterlist-Provide-a-dedicated-function-to-supp.patch. Fixes warning: ../drivers/gpu/drm/i915/gem/i915_gem_ttm.c:382:22: warning: unused variable 'sg' [-Wunused-variable] - commit 883a20a - ASoC: cs42l42: Assume 24-bit samples are in 32-bit slots (bsc#1192354). - commit 41fb147 - ASoC: rt1015: remove possible unused variable `bclk_ms' (bsc#1192354). - ASoC: rt1015p: add new acpi id and comapatible id (bsc#1192354). - ASoC: max98390: Add support change dsm param name (bsc#1192354). - ASoC: cs42l42: Update module authors (bsc#1192354). - ASoC: cs42l42: Validate dai_set_sysclk() frequency (bsc#1192354). - ASoC: cs42l42: Add PLL configuration for 44.1kHz/16-bit (bsc#1192354). - ASoC: max98090: remove duplicate status reads and useless assignmment (bsc#1192354). - ASoC: tlv320aic32x4: make array clocks static, makes object smaller (bsc#1192354). - ASoC: rt1015: Remove unnecessary flush work on rt1015 driver (bsc#1192354). - commit 79753e1 - ASoC: Intel: bytcht_es8316: Utilize dev_err_probe() to avoid log saturation (bsc#1192354). - ASoC: Intel: bytcht_es8316: Switch to use gpiod_get_optional() (bsc#1192354). - ASoC: Intel: bytcht_es8316: Use temporary variable for struct device (bsc#1192354). - ASoC: Intel: bytcht_es8316: Get platform data via dev_get_platdata() (bsc#1192354). - ASoC: SOF: trace: Omit error print when waking up trace sleepers (bsc#1192354). - ASoC: SOF: loader: Re-phrase the missing firmware error to avoid duplication (bsc#1192354). - ASoC: Intel: boards: Fix CONFIG_SND_SOC_SDW_MOCKUP select (bsc#1192354). - commit f37efd9 - ASoC: rt5682: fix headset background noise when S3 state (bsc#1192354). - ASoC: rt5682: Fix the vol+ button detection issue (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Make rt5640_jack_gpio/rt5640_jack2_gpio static (bsc#1192354). - ASoC: SOF: intel: remove duplicate include (bsc#1192354). - ASoC: Intel: Skylake: Select first entry for singular pipe config arrays (bsc#1192354). - ASoC: Intel: Skylake: Properly configure modules with generic extension (bsc#1192354). - ASoC: Intel: Skylake: Support modules with generic extension (bsc#1192354). - ASoC: Intel: Skylake: Support multiple format configs (bsc#1192354). - ASoC: Intel: Skylake: Simplify m_state for loadable modules (bsc#1192354). - ASoC: Intel: Skylake: Select proper format for NHLT blob (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Mark hp_elitepad_1000g2_jack?_check functions static (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add support for HP Elite Pad 1000G2 jack-detect (bsc#1192354). - ASoC: rt5640: Add rt5640_set_ovcd_params() helper (bsc#1192354). - ASoC: rt5640: Add optional hp_det_gpio parameter to rt5640_detect_headset() (bsc#1192354). - ASoC: rt5640: Delay requesting IRQ until the machine-drv calls set_jack (bsc#1192354). - ASoC: rt5640: Move rt5640_disable_jack_detect() up in the rt5640.c file (bsc#1192354). - ASoC: rt5514: make array div static const, makes object smaller (bsc#1192354). - ASoC: rt5682: enable SAR ADC power saving mode during suspend (bsc#1192354). - commit 048b9dc - ASoC: Intel: sof_sdw: pass card information to init/exit functions (bsc#1192354). - Refresh patches.suse/ASoC-Intel-sof_sdw-tag-SoundWire-BEs-as-non-atomic.patch. - commit 1e10617 - ASoC: Intel: bytct_rt5640: Add a separate "Headset Mic 2" DAPM pin for the mic on the 2nd jack (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Use cfg-lineout:2 in the components string (bsc#1192354). - ASoC: Intel: boards: use software node API in Atom boards (bsc#1192354). - ASoC: Intel: remove device_properties for Atom boards (bsc#1192354). - ASoC: Intel: use software node API in SoundWire machines (bsc#1192354). - ASoC: Intel: sof_sdw_rt711*: keep codec device reference until remove (bsc#1192354). - ASoC: Intel: boards: get codec device with ACPI instead of bus search (bsc#1192354). - ASoC: Intel: boards: handle errors with acpi_dev_get_first_match_dev() (bsc#1192354). - ASoC: Intel: boards: harden codec property handling (bsc#1192354). - ASoC: SOF: Intel: make DMI L1 selection more robust (bsc#1192354). - commit 5cbe7a7 - ASoC: SOF: Intel: simplify logic for DMI_L1 handling (bsc#1192354). - ASoC: SOF: Intel: hda-stream: remove always true condition (bsc#1192354). - ASoC: SOF: Intel: Kconfig: clarify DMI L1 option description (bsc#1192354). - ASoC: amd: vangogh: Drop superfluous mmap callback (bsc#1192354). - ASoC: Intel: sof_sdw_max98373: remove useless inits (bsc#1192354). - ASoC: SOF: Intel: Use DMI string to search for adl_mx98373_rt5682 variant (bsc#1192354). - ASoC: Intel: sof_sdw: add quirk for Dell XPS 9710 (bsc#1192354). - soundwire: intel: introduce shim and alh base (bsc#1192354). - ASoC: SOF: intel: add snd_sof_dsp_check_sdw_irq ops (bsc#1192354). - commit e73d522 - ASoC: SOF: intel: move sof_intel_dsp_desc() forward (bsc#1192354). - Refresh patches.suse/ASoC-SOF-Intel-hda-fix-hotplug-when-only-codec-is-su.patch. - commit 6f291a3 - ASoC: SOF: intel: hda: remove HDA_DSP_REG_SNDW_WAKE_STS definition (bsc#1192354). - ASoC: SOF: intel: add sdw_shim/alh_base to sof_intel_dsp_desc (bsc#1192354). - soundwire: move intel sdw register definitions to sdw_intel.h (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Fix HP ElitePad 1000 G2 quirk (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add support for a second headset mic input (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add support for a second headphones output (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add a byt_rt5640_get_codec_dai() helper (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add line-out support (bsc#1192354). - ASoC: intel: skylake: Drop superfluous mmap callback (bsc#1192354). - commit d756b8c - ASoC: amd: enable vangogh acp5x driver build (bsc#1192354). - Update config files. - commit 1e2e7cc - ASoC: amd: Drop superfluous mmap callbacks (bsc#1192354). - ASoC: Intel: Fix spelling contraction "cant" -> "can't" (bsc#1192354). - ASoC: amd: fix an IS_ERR() vs NULL bug in probe (bsc#1192354). - ASoC: amd: Use dev_probe_err helper (bsc#1192354). - ASoC: amd: Don't show messages about deferred probing by default (bsc#1192354). - ASoC: amd: add vangogh i2s dma driver pm ops (bsc#1192354). - ASoC: amd: add vangogh pci driver pm ops (bsc#1192354). - ASoC: amd: add vangogh i2s dai driver ops (bsc#1192354). - ASoC: amd: add vangogh i2s controller driver (bsc#1192354). - commit 97bb2cd - ASoC: amd: add ACP5x pcm dma driver ops (bsc#1192354). - ASoC: amd: irq handler changes for ACP5x PCM dma driver (bsc#1192354). - ASoC: amd: add ACP5x PCM platform driver (bsc#1192354). - ASoC: amd: create acp5x platform devices (bsc#1192354). - ASoc: amd: add acp5x init/de-init functions (bsc#1192354). - ASoC: amd: add Vangogh ACP PCI driver (bsc#1192354). - ASoC: amd: add Vangogh ACP5x IP register header (bsc#1192354). - ASOC: Intel: sof_sdw: add quirk for Intel 'Bishop County' NUC M15 (bsc#1192354). - ASoC: Intel: sof_sdw: update quirk for jack detection in ADL RVP (bsc#1192354). - ASoC: Intel: sof_sdw: include rt711.h for RT711 JD mode (bsc#1192354). - commit 725b1cd - ASoC: Intel: sof_sdw: extends SOF_RT711_JDSRC to 4 bits (bsc#1192354). - ASoC: Intel: sof_rt5682: code refactor for max98360a (bsc#1192354). - ASoC: Intel: sof_cs42l42: add support for jsl_cs4242_mx98360a (bsc#1192354). - ASoC: Intel: maxim-common: support max98360a (bsc#1192354). - ASoC: Intel: sof_cs42l42: support arbitrary DAI link sequence (bsc#1192354). - ASoC: Intel: sof_cs42l42: use helper function to get bclk frequency (bsc#1192354). - ASoC: SOF: add a helper to get topology configured bclk (bsc#1192354). - ASoC: Intel: soc-acpi: add support for SoundWire of TGL-H-RVP (bsc#1192354). - ASoC: amd: fix spelling mistakes (bsc#1192354). - ASoC: intel: atom: Revert PCM buffer address setup workaround again (bsc#1192354). - soundwire: cadence: do not extend reset delay (bsc#1192354). - soundwire: intel: conditionally exit clock stop mode on system suspend (bsc#1192354). - soundwire: intel: skip suspend/resume/wake when link was not started (bsc#1192354). - soundwire: cadence: override PDI configurations to create loopback (bsc#1192354). - soundwire: cadence: add debugfs interface for PDI loopbacks (bsc#1192354). - soundwire: stream: don't program mockup device ports (bsc#1192354). - soundwire: bus: squelch error returned by mockup devices (bsc#1192354). - soundwire: add flag to ignore all command/control for mockup devices (bsc#1192354). - soundwire: stream: don't abort bank switch on Command_Ignored/-ENODATA (bsc#1192354). - ASoC: Intel: boards: sof_sdw: add SoundWire mockup codecs for tests (bsc#1192354). - commit 01f384c - ASoC: codecs: add SoundWire mockup device support (bsc#1192354). - Update config files. - commit cb6d378 - ASoC: soc-acpi: tgl: add table for SoundWire mockup devices (bsc#1192354). - ASoC: soc-acpi: cnl: add table for SoundWire mockup devices (bsc#1192354). - soundwire: cadence: add paranoid check on self-clearing bits (bsc#1192354). - soundwire: dmi-quirks: add quirk for Intel 'Bishop County' NUC M15 (bsc#1192354). - soundwire: bus: update Slave status in sdw_clear_slave_status (bsc#1192354). - soundwire: cadence: Remove ret variable from sdw_cdns_irq() (bsc#1192354). - soundwire: bus: filter out more -EDATA errors on clock stop (bsc#1192354). - soundwire: dmi-quirks: add ull suffix for SoundWire _ADR values (bsc#1192354). - commit 96de317 - Revert "ALSA: hda: Drop workaround for a hang at shutdown again" (bsc#1192354). - Refresh patches.suse/ALSA-hda-Use-position-buffer-for-SKL-again.patch. - commit 14d0e54 - ALSA: hda: Drop workaround for a hang at shutdown again (bsc#1192354). - Refresh patches.suse/ALSA-hda-Use-position-buffer-for-SKL-again.patch. - commit 0b88e07 - ALSA: hda/cirrus: Move CS8409 HDA bridge to separate module (bsc#1192354). - Update config files. - commit af1e7cf - ALSA: hda: fix general protection fault in azx_runtime_idle (bsc#1192354). - ALSA: hda/cs8409: Setup Dolphin Headset Mic as Phantom Jack (bsc#1192354). - ALSA: hda/cs8409: Initialize Codec only in init fixup (bsc#1192354). - ALSA: hda/cs8409: Ensure Type Detection is only run on startup when necessary (bsc#1192354). - ALSA: hda: Disable runtime resume at shutdown (bsc#1192354). - ALSA: hda: Allow model option to specify PCI SSID alias (bsc#1192354). - ALSA: hda: Code refactoring snd_hda_pick_fixup() (bsc#1192354). - ALSA: hda/analog - Sink ad198x_shutup() and shuffle CONFIG_PM guards (bsc#1192354). - ALSA: hda/sigmatel - Sink stac_shutup() into stac_suspend() (bsc#1192354). - ALSA: hda: Nuke unused reboot_notify callback (bsc#1192354). - ALSA: hda: Suspend codec at shutdown (bsc#1192354). - ALSA: hda: conexant: Turn off EAPD at suspend, too (bsc#1192354). - ALSA: hda/cs8409: Prevent pops and clicks during suspend (bsc#1192354). - ALSA: hda/cs8409: Unmute/Mute codec when stream starts/stops (bsc#1192354). - ALSA: hda/cs8409: Follow correct CS42L42 power down sequence for suspend (bsc#1192354). - ALSA: hda/cs8409: Remove unnecessary delays (bsc#1192354). - ALSA: hda/cs8409: Use timeout rather than retries for I2C transaction waits (bsc#1192354). - ALSA: hda/cs8409: Set fixed sample rate of 48kHz for CS42L42 (bsc#1192354). - ALSA: hda/cs8409: Enable Full Scale Volume for Line Out Codec on Dolphin (bsc#1192354). - ALSA: hda/cs8409: Add support for dolphin (bsc#1192354). - ALSA: hda/cs8409: Add Support to disable jack type detection for CS42L42 (bsc#1192354). - ALSA: hda/cs8409: Support multiple sub_codecs for Suspend/Resume/Unsol events (bsc#1192354). - ALSA: hda/cs8409: Move codec properties to its own struct (bsc#1192354). - ALSA: hda/cs8409: Separate CS8409, CS42L42 and project functions (bsc#1192354). - ALSA: hda/cs8409: Support i2c bulk read/write functions (bsc#1192354). - ALSA: hda/cs8409: Avoid re-setting the same page as the last access (bsc#1192354). - ALSA: hda/cs8409: Avoid setting the same I2C address for every access (bsc#1192354). - ALSA: hda/cs8409: Dont disable I2C clock between consecutive accesses (bsc#1192354). - ALSA: hda/cs8409: Generalize volume controls (bsc#1192354). - ALSA: hda/cs8409: Prevent I2C access during suspend time (bsc#1192354). - ALSA: hda/cs8409: Simplify CS42L42 jack detect (bsc#1192354). - ALSA: hda/cs8409: Mask CS42L42 wake events (bsc#1192354). - ALSA: hda/cs8409: Disable unsolicited response for the first boot (bsc#1192354). - ALSA: hda/cs8409: Disable unsolicited responses during suspend (bsc#1192354). - ALSA: hda/cs8409: Disable unnecessary Ring Sense for Cyborg/Warlock/Bullseye (bsc#1192354). - ALSA: hda/cs8409: Reduce HS pops/clicks for Cyborg (bsc#1192354). - ALSA: hda/cs8409: Mask all CS42L42 interrupts on initialization (bsc#1192354). - ALSA: hda/cs8409: Use enums for register names and coefficients (bsc#1192354). - ALSA: hda/cs8409: Move arrays of configuration to a new file (bsc#1192354). - ALSA: hda: Allocate resources with device-managed APIs (bsc#1192354). - ALSA: hda/hdmi: Add option to enable all pins forcibly (bsc#1192354). - ALSA: hda/ca0132: remove redundant initialization of variable status (bsc#1192354). - commit bdfccf7 - ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec (bsc#1192354). - ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec (bsc#1192354). - ALSA: hda: hdac_ext_stream: fix potential locking issues (bsc#1192354). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (bsc#1192354). - commit 7c0aa55 - ALSA: doc: Fix indentation warning (bsc#1192354). - ALSA: memalloc: Drop superfluous snd_dma_buffer_sync() declaration (bsc#1192354). - commit 856f153 - ALSA: usb-audio: Don't start stream for capture at prepare (bsc#1192354). - ALSA: usb-audio: Switch back to non-latency mode at a later point (bsc#1192354). - ALSA: usb-audio: fix null pointer dereference on pointer cs_desc (bsc#1192354). - ALSA: usb-audio: Initialize every feature unit once at probe time (bsc#1192354). - ALSA: usb-audio: Drop superfluous error message after disconnection (bsc#1192354). - ALSA: usb-audio: Downgrade error message in get_ctl_value_v2() (bsc#1192354). - ALSA: usb-audio: Less restriction for low-latency playback mode (bsc#1192354). - ALSA: usb-audio: Pass JOINT_DUPLEX info flag for implicit fb streams (bsc#1192354). - ALSA: usb-audio: Fix packet size calculation regression (bsc#1192354). - ALSA: usb-audio: disable implicit feedback sync for Behringer UFX1204 and UFX1604 (bsc#1192354). - ALSA: usb-audio: Avoid killing in-flight URBs during draining (bsc#1192354). - ALSA: usb-audio: Improved lowlatency playback support (bsc#1192354). - ALSA: usb-audio: Add spinlock to stop_urbs() (bsc#1192354). - ALSA: usb-audio: Check available frames for the next packet size (bsc#1192354). - ALSA: usb-audio: Disable low-latency mode for implicit feedback sync (bsc#1192354). - ALSA: usb-audio: Disable low-latency playback for free-wheel mode (bsc#1192354). - ALSA: usb-audio: Rename early_playback_start flag with lowlatency_playback (bsc#1192354). - ALSA: usb-audio: fix comment reference in __uac_clock_find_source (bsc#1192354). - commit 9d7667d - ALSA: usb-audio: Move ignore_ctl_error check into quirk_flags (bsc#1192354). - Refresh patches.suse/ALSA-usb-audio-Add-Audient-iD14-to-mixer-map-quirk-t.patch. - Refresh patches.suse/ALSA-usb-audio-Add-Schiit-Hel-device-to-mixer-map-qu.patch. - Refresh patches.suse/Revive-usb-audio-Keep-Interface-mixer.patch. - commit 823344c - ALSA: usx2y: Prefer struct_size over open coded arithmetic (bsc#1192354). - ALSA: usb-audio: Fix microphone sound on Jieli webcam (bsc#1192354). - ALSA: usb-audio: Enable rate validation for Scarlett devices (bsc#1192354). - ALSA: usb-audio: Move set-interface-first workaround into common quirk (bsc#1192354). - ALSA: usb-audio: make array static const, makes object smaller (bsc#1192354). - ALSA: doc: Add the description of quirk_flags option for snd-usb-audio (bsc#1192354). - ALSA: usb-audio: Add quirk_flags module option (bsc#1192354). - ALSA: usb-audio: Move generic DSD raw detection into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move autosuspend quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move rate validation quirk into quirk_flags (bsc#1192354). - commit d167cc1 - ALSA: usb-audio: Move interface setup delay into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move control message delay quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move ITF-USB DSD quirk handling into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move clock setup quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move playback_first flag into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move tx_length quirk handling to quirk_flags (bsc#1192354). - ALSA: usb-audio: Move txfr_quirk handling to quirk_flags (bsc#1192354). - ALSA: usb-audio: Move media-controller API quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Introduce quirk_flags field (bsc#1192354). - commit 6630f4e - ALSA: memalloc: Remove a stale comment (bsc#1192354). - ALSA: memalloc: Use proper SG helpers for noncontig allocations (bsc#1192354). - ALSA: memalloc: Fix a typo in snd_dma_buffer_sync() description (bsc#1192354). - ALSA: memalloc: Support for non-coherent page allocation (bsc#1192354). - ALSA: memalloc: Support for non-contiguous page allocation (bsc#1192354). - ALSA: ISA: not for M68K (bsc#1192354). - ALSA: pcm: Unify snd_pcm_delay() and snd_pcm_hwsync() (bsc#1192354). - ALSA: pcm: Add more disconnection checks at file ops (bsc#1192354). - ALSA: pcm: Add SNDRV_PCM_INFO_EXPLICIT_SYNC flag (bsc#1192354). - ALSA: memalloc: Count continuous pages in vmalloc buffer handler (bsc#1192354). - ALSA: core: control_led: use strscpy instead of strlcpy (bsc#1192354). - ALSA: memalloc: Fix mmap of SG-buffer with WC pages (bsc#1192354). - ALSA: memalloc: Store snd_dma_buffer.addr for continuous pages, too (bsc#1192354). - ALSA: memalloc: Fix pgprot for WC mmap on x86 (bsc#1192354). - ALSA: memalloc: Support WC allocation on all architectures (bsc#1192354). - ALSA: pcm: Allow exact buffer preallocation (bsc#1192354). - ALSA: memalloc: Correctly name as WC (bsc#1192354). - ALSA: memalloc: Minor refactoring (bsc#1192354). - ALSA: core: Fix double calls of snd_card_free() via devres (bsc#1192354). - ALSA: seq: Fix comments of wrong client number for MIDI Passthrough (bsc#1192354). - ALSA: core: Add device-managed request_dma() (bsc#1192354). - ALSA: core: Add managed card creation (bsc#1192354). - ALSA: core: Add device-managed page allocator helper (bsc#1192354). - ALSA: compress: Initialize mutex in snd_compress_new() (bsc#1192354). - ALSA: compress: Drop unused functions (bsc#1192354). - commit f0eac26 - drm/i915/adl_s: Remove require_force_probe protection (jsc#SLE-22724). - commit 276c538 - drm/i915/dp: fix for ADL_P/S dp/edp max source rates (jsc#SLE-22724). - commit f8dd603 - drm/i915/dp: fix DG1 and RKL max source rates (jsc#SLE-22724). - commit ef43dd0 - drm/i915/dp: fix EHL/JSL max source rates calculation (jsc#SLE-22724). - commit 0821357 - drm/i915/dp: fix TGL and ICL max source rates (jsc#SLE-22724). - commit 61199d4 - drm/i915/dp: Fix eDP max rate for display 11+ (jsc#SLE-22724). - commit 468b330 - drm/i915/adl_s: Update ADL-S PCI IDs (jsc#SLE-22724). - commit d125195 - drm/i915: Disable bonding on gen12+ platforms (jsc#SLE-22724). - commit 5d84d6d - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - commit aee8b91 - selinux: fix NULL-pointer dereference when hashtab allocation fails (git-fixes). - ASoC: stm32: i2s: fix 32 bits channel length without mclk (git-fixes). - ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask (git-fixes). - ASoC: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - ASoC: codecs: wcd938x: fix volatile register range (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: SOF: Intel: hda: fix hotplug when only codec is suspended (git-fixes). - media: cec: copy sequence field for the reply (git-fixes). - media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86 (git-fixes). - pinctrl: tegra194: remove duplicate initializer again (git-fixes). - memory: tegra186-emc: Fix error return code in tegra186_emc_probe() (git-fixes). - commit 40b2336 - Delete patches.suse/Fix-breakage-of-swap-over-NFS.patch. A recent patch patches.suse/NFS-move-generic_write_checks-call-from-nfs_file_dir.patch provides a better solution. - commit ab6f39b - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: remove scheduling boost for "SWAPPER" tasks (bsc#1191876). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - commit 11279f5 ++++ gcc11: - Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018 * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [boo#1192951] - Package mwaitintrin.h ++++ openssl-1_1: - POWER10 performance enhancements for cryptography [jsc#SLE-18136] * openssl-1_1-Optimize-ppc64.patch ++++ libsoup2: - Update to version 2.74.2: + Error when libsoup3 is already loaded before libsoup2. ++++ rust-keylime: - Conflict with keylime-agent, keylime-config and keylime-firewalld - Add keylime_ima_emulator tool - Add patch add_property_tag_variant_for_maxcapbuffer.patch ++++ toolbox: - Update to version 2.2+git20211124.09791b1: * Introduce -n/--nostop switch so mutiple sessions can be run inside an existing toolbox ------------------------------------------------------------------ ------------------ 2021-11-23 - Nov 23 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: ufs: core: Improve SCSI abort handling (git-fixes). - commit 13e7c01 - drm/i915: Revert 'guc_id' from i915_request tracepoint (jsc#SLE-22601). - drm/i915: Free the returned object of acpi_evaluate_dsm() (jsc#SLE-22601). - drm/i915: Fix bug in user proto-context creation that leaked contexts (jsc#SLE-22601). - drm/i915: remember to call i915_sw_fence_fini (jsc#SLE-22601). - drm/i915: fix blank screen booting crashes (jsc#SLE-22601). - drm/i915/guc, docs: Fix pdfdocs build error by removing nested grid (jsc#SLE-22601). - drm/i915: Free all DMC payloads (jsc#SLE-22601). - drm/i915: Move __i915_gem_free_object to ttm_bo_destroy (jsc#SLE-22601). - drm/i915: Update memory bandwidth parameters (jsc#SLE-22601). - drm/i915: Enable -Wsometimes-uninitialized (jsc#SLE-22601). - drm/i915/selftests: Always initialize err in igt_dmabuf_import_same_driver_lmem() (jsc#SLE-22601). - drm/i915/selftests: Do not use import_obj uninitialized (jsc#SLE-22601). - drm/i915: Get PM ref before accessing HW register (jsc#SLE-22601). - drm/i915: Release ctx->syncobj on final put, not on ctx close (jsc#SLE-22601). - drm/i915/gem: Fix the mman selftest (jsc#SLE-22601). - tools headers UAPI: Sync drm/i915_drm.h with the kernel sources (jsc#SLE-22601). - drm/i915: use linux/stddef.h due to "isystem: trim/fixup stdarg.h and other headers" (jsc#SLE-22601). - vfio/gvt: Fix open/close when multiple device FDs are open (jsc#SLE-22601). - vfio: Provide better generic support for open/release vfio_device_ops (jsc#SLE-22601). - drm/i915/selftest: Fix use of err in igt_reset_{fail, nop}_engine() (jsc#SLE-22601). - drm/i915/gt: Potential error pointer dereference in pinned_context() (jsc#SLE-22601). - drm/i915/adl_p: Also disable underrun recovery with MSO (jsc#SLE-22601). - drm/i915: Use designated initializers for init/exit table (jsc#SLE-22601). - drm/i915/dg2: Add support for new DG2-G11 revid 0x5 (jsc#SLE-22601). - drm/i915/display/adl_p: Correctly program MBUS DBOX A credits (jsc#SLE-22601). - drm/i915: Apply CMTG clock disabling WA while DPLL0 is enabled (jsc#SLE-22601). - drm/i915/dg1: Adjust the AUDIO power domain (jsc#SLE-22601). - drm/i915: finish removal of CNL (jsc#SLE-22601). - drm/i915: rename/remove CNL registers (jsc#SLE-22601). - drm/i915: remove GRAPHICS_VER == 10 (jsc#SLE-22601). - drm/i915: switch num_scalers/num_sprites to consider DISPLAY_VER (jsc#SLE-22601). - drm/i915: replace random CNL comments (jsc#SLE-22601). - drm/i915: rename CNL references in intel_dram.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from intel_wopcm.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from intel_pch.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from intel_pm.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from i915_irq.c (jsc#SLE-22601). - drm/i915/display: rename CNL references in skl_scaler.c (jsc#SLE-22601). - drm/i915/display: remove CNL ddi buf translation tables (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_display_power.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from skl_universal_plane.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_vdsc.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_dpll_mgr.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_dp.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_dmc.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_display_debugfs.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_ddi.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_crtc.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_combo_phy.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_color.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_cdclk.c (jsc#SLE-22601). - drm/i915/display: remove PORT_F workaround for CNL (jsc#SLE-22601). - drm/i915/dp: DPTX writes Swing/Pre-emphs(DPCD 0x103-0x106) requested during PHY Layer testing (jsc#SLE-22601). - drm/i915/dg2: Update to bigjoiner path (jsc#SLE-22601). - drm/i915/dg2: Update lane disable power state during PSR (jsc#SLE-22601). - drm/i915/dg2: Wait for SNPS PHY calibration during display init (jsc#SLE-22601). - drm/i915/dg2: Update modeset sequences (jsc#SLE-22601). - drm/i915/dg2: Add vswing programming for SNPS phys (jsc#SLE-22601). - drm/i915/dg2: Add MPLLB programming for HDMI (jsc#SLE-22601). - drm/i915/dg2: Add MPLLB programming for SNPS PHY (jsc#SLE-22601). - drm/i915/adl_p: Add ddi buf translation tables for combo PHY (jsc#SLE-22601). - drm/i915/adl_s: Update ddi buf translation tables (jsc#SLE-22601). - drm/i915: dgfx cards need to wait on pcode's uncore init done (jsc#SLE-22601). - drm/i915/adlp: Add workaround to disable CMTG clock gating (jsc#SLE-22601). - drm/i915/adl_p: Allow underrun recovery when possible (jsc#SLE-22601). - drm/i915/display: Disable audio, DRRS and PSR before planes (jsc#SLE-22601). - drm/i915: Implement PSF GV point support (jsc#SLE-22601). - drm/i915: Extend QGV point restrict mask to 0x3 (jsc#SLE-22601). - drm/i915/display/psr2: Fix cursor updates using legacy apis (jsc#SLE-22601). - drm/i915/display/psr2: Mark as updated all planes that intersect with pipe_clip (jsc#SLE-22601). - drm/i915: Program chicken bit during DP MST sequence on TGL+ (jsc#SLE-22601). - drm/i915/dg2: Add DG2 to the PSR2 defeature list (jsc#SLE-22601). - drm/i915/dg2: Classify DG2 PHY types (jsc#SLE-22601). - drm/i915/firmware: Update to DMC v2.03 on RKL (jsc#SLE-22601). - drm/i915/firmware: Update to DMC v2.12 on TGL (jsc#SLE-22601). - drm/i915/dmc: Change intel_get_stepping_info() (jsc#SLE-22601). - drm/i915/step: Add macro magic for handling steps (jsc#SLE-22601). - drm/i915/dg2: DG2 has fixed memory bandwidth (jsc#SLE-22601). - drm/i915/dg2: Don't read DRAM info (jsc#SLE-22601). - drm/i915/dg2: Don't program BW_BUDDY registers (jsc#SLE-22601). - drm/i915/dg2: Add dbuf programming (jsc#SLE-22601). - drm/i915/dg2: Setup display outputs (jsc#SLE-22601). - drm/i915/dg2: Don't wait for AUX power well enable ACKs (jsc#SLE-22601). - drm/i915/dg2: Skip shared DPLL handling (jsc#SLE-22601). - drm/i915/dg2: Add cdclk table and reference clock (jsc#SLE-22601). - drm/i915/dg2: Add fake PCH (jsc#SLE-22601). - drm/i915: Fork DG1 interrupt handler (jsc#SLE-22601). - drm/i915: Make display workaround upper bounds exclusive (jsc#SLE-22601). - drm/i915/rkl: Wa_1408330847 no longer applies to RKL (jsc#SLE-22601). - drm/i915/rkl: Wa_1409767108 also applies to RKL (jsc#SLE-22601). - drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (jsc#SLE-22601). - drm/i915/display: Fix shared dpll mismatch for bigjoiner slave (jsc#SLE-22601). - drm/i915/display: Disable FBC when PSR2 is enabled display 12 and newer (jsc#SLE-22601). - drm/i915/display/adl_p: Implement PSR changes (jsc#SLE-22601). - drm/i915/display/dsc: Force dsc BPP (jsc#SLE-22601). - drm/i915/display/dsc: Add Per connector debugfs node for DSC BPP enable (jsc#SLE-22601). - drm/i915/display: Add write permissions for fec support (jsc#SLE-22601). - drm/i915/debugfs: DISPLAY_VER 13 lpsp capability (jsc#SLE-22601). - drm/i915/display/xelpd: Extend Wa_14011508470 (jsc#SLE-22601). - drm/i915: Limit Wa_22010178259 to affected platforms (jsc#SLE-22601). - drm/i915/display: Settle on "adl-x" in WA comments (jsc#SLE-22601). - drm/i915: Invoke another _DSM to enable MUX on HP Workstation laptops (jsc#SLE-22601). - drm/i915/dg1: Compute MEM Bandwidth using MCHBAR (jsc#SLE-22601). Refresh patches.suse/drm-i915-Remove-memory-frequency-calculation.patch. - drm/i915/display/xelpd: Fix incorrect color capability reporting (jsc#SLE-22601). - drm/i915: Handle cdclk crawling flag in standard manner (jsc#SLE-22601). - drm/i915/plane: add intel_plane_helper_add() helper (jsc#SLE-22601). - drm/i915/dg2: Add SQIDI steering (jsc#SLE-22601). - drm/i915/dg2: Update steering tables (jsc#SLE-22601). - drm/i915/xehpsdv: Define steering tables (jsc#SLE-22601). - drm/i915/xehp: handle new steering options (jsc#SLE-22601). - drm/i915/userptr: Probe existence of backing struct pages upon creation (jsc#SLE-22601). - drm/i915: delete gpu reloc code (jsc#SLE-22601). - drm/i915: Disable gpu relocations (jsc#SLE-22601). - drm/i915/dg2: DG2 uses the same sseu limits as XeHP SDV (jsc#SLE-22601). - drm/i915/xehpsdv: Add maximum sseu limits (jsc#SLE-22601). - drm/i915/xehp: Changes to ss/eu definitions (jsc#SLE-22601). - drm/i915/dg2: Add forcewake table (jsc#SLE-22601). - drm/i915/guc/rc: Setup and enable GuCRC feature (jsc#SLE-22601). - drm/i915/guc/slpc: Add SLPC selftest (jsc#SLE-22601). - drm/i915/guc/slpc: Sysfs hooks for SLPC (jsc#SLE-22601). - drm/i915/guc/slpc: Cache platform frequency limits (jsc#SLE-22601). - drm/i915/guc/slpc: Enable ARAT timer interrupt (jsc#SLE-22601). - drm/i915/guc/slpc: Add debugfs for SLPC info (jsc#SLE-22601). - drm/i915/guc/slpc: Add get max/min freq hooks (jsc#SLE-22601). - drm/i915/guc/slpc: Add methods to set min/max frequency (jsc#SLE-22601). - drm/i915/guc/slpc: Remove BUG_ON in guc_submission_disable (jsc#SLE-22601). - drm/i915/guc/slpc: Enable SLPC and add related H2G events (jsc#SLE-22601). - drm/i915/guc/slpc: Allocate, initialize and release SLPC (jsc#SLE-22601). - drm/i915/guc/slpc: Adding SLPC communication interfaces (jsc#SLE-22601). - drm/i915/guc/slpc: Gate Host RPS when SLPC is enabled (jsc#SLE-22601). Refresh patches.suse/drm-i915-Remove-warning-from-the-rps-worker.patch. - drm/i915/guc/slpc: Initial definitions for SLPC (jsc#SLE-22601). - drm/i915/xehp: Fix missing sentinel on mcr_ranges_xehp (jsc#SLE-22601). - drm/i915/selftests: prefer the create_user helper (jsc#SLE-22601). - drm/i915/gt: remove GRAPHICS_VER == 10 (jsc#SLE-22601). - drm/i915/gt: rename CNL references in intel_engine.h (jsc#SLE-22601). - drm/i915/gt: remove explicit CNL handling from intel_sseu.c (jsc#SLE-22601). - drm/i915/gt: remove explicit CNL handling from intel_mocs.c (jsc#SLE-22601). - drm/i915: Extract i915_module.c (jsc#SLE-22601). - drm/i915: Remove i915_globals (jsc#SLE-22601). - drm/i915: move vma slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move scheduler slabs to direct module init/exit (jsc#SLE-22601). - drm/i915: move request slabs to direct module init/exit (jsc#SLE-22601). - drm/i915: move gem_objects slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move gem_context slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move intel_context slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move i915_buddy slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move i915_active slab to direct module init/exit (jsc#SLE-22601). - drm/i915: Check for nomodeset in i915_init() first (jsc#SLE-22601). - drm/i915/xehpsdv: Correct parameters for IS_XEHPSDV_GT_STEP() (jsc#SLE-22601). - drm/i915/guc: Unblock GuC submission on Gen11+ (jsc#SLE-22601). - drm/i915/guc: Implement GuC priority management (jsc#SLE-22601). - drm/i915/selftest: Bump selftest timeouts for hangcheck (jsc#SLE-22601). - drm/i915/selftest: Fix hangcheck self test for GuC submission (jsc#SLE-22601). - drm/i915/selftest: Increase some timeouts in live_requests (jsc#SLE-22601). - drm/i915/selftest: Fix MOCS selftest for GuC submission (jsc#SLE-22601). - drm/i915/selftest: Fix workarounds selftest for GuC submission (jsc#SLE-22601). - drm/i915/selftest: Better error reporting from hangcheck selftest (jsc#SLE-22601). - drm/i915/guc: Support request cancellation (jsc#SLE-22601). - drm/i915/guc: Implement banned contexts for GuC submission (jsc#SLE-22601). - drm/i915/guc: Add golden context to GuC ADS (jsc#SLE-22601). - drm/i915/guc: Include scheduling policies in the debugfs state dump (jsc#SLE-22601). - drm/i915/guc: Connect reset modparam updates to GuC policy flags (jsc#SLE-22601). - drm/i915/guc: Hook GuC scheduling policies up (jsc#SLE-22601). - drm/i915/guc: Fix for error capture after full GPU reset with GuC (jsc#SLE-22601). - drm/i915/guc: Capture error state on context reset (jsc#SLE-22601). - drm/i915/guc: Enable GuC engine reset (jsc#SLE-22601). - drm/i915/guc: Don't complain about reset races (jsc#SLE-22601). - drm/i915/guc: Provide mmio list to be saved/restored on engine reset (jsc#SLE-22601). - drm/i915/guc: Enable the timer expired interrupt for GuC (jsc#SLE-22601). - drm/i915/guc: Handle engine reset failure notification (jsc#SLE-22601). - drm/i915/guc: Handle context reset notification (jsc#SLE-22601). - drm/i915/guc: Suspend/resume implementation for new interface (jsc#SLE-22601). - drm/i915/guc: Add disable interrupts to guc sanitize (jsc#SLE-22601). - drm/i915: Reset GPU immediately if submission is disabled (jsc#SLE-22601). - drm/i915/guc: Reset implementation for new GuC interface (jsc#SLE-22601). - drm/i915: Move active request tracking to a vfunc (jsc#SLE-22601). - drm/i915: Add i915_sched_engine destroy vfunc (jsc#SLE-22601). - drm/i915/guc: Direct all breadcrumbs for a class to single breadcrumbs (jsc#SLE-22601). - drm/i915/guc: Disable bonding extension with GuC submission (jsc#SLE-22601). - drm/i915: Hold reference to intel_context over life of i915_request (jsc#SLE-22601). - drm/i915/guc: Make hangcheck work with GuC virtual engines (jsc#SLE-22601). - drm/i915/guc: GuC virtual engines (jsc#SLE-22601). - drm/i915/ehl: unconditionally flush the pages on acquire (jsc#SLE-22601). - drm/i915: document caching related bits (jsc#SLE-22601). - drm/i915/gem: Migrate to system at dma-buf attach time (v7) (jsc#SLE-22601). - drm/i915/gem: Correct the locking and pin pattern for dma-buf (v8) (jsc#SLE-22601). - drm/i915/gem: Always call obj->ops->migrate unless can_migrate fails (jsc#SLE-22601). - drm/i915/gem/ttm: Only call __i915_gem_object_set_pages if needed (jsc#SLE-22601). - drm/i915/gem: Unify user object creation (v3) (jsc#SLE-22601). - drm/i915/gem: Call i915_gem_flush_free_objects() in i915_gem_dumb_create() (jsc#SLE-22601). - drm/i915/gem: Refactor placement setup for i915_gem_object_create* (v2) (jsc#SLE-22601). - drm/i915/gem: Check object_can_migrate from object_migrate (jsc#SLE-22601). - drm/i915/gt: nuke gen6_hw_id (jsc#SLE-22601). - drm/i915/xehp: Xe_HP forcewake support (jsc#SLE-22601). - drm/i915/xehp: Extra media engines - Part 3 (reset) (jsc#SLE-22601). - drm/i915/xehp: Extra media engines - Part 2 (interrupts) (jsc#SLE-22601). - drm/i915/xehp: Extra media engines - Part 1 (engine definitions) (jsc#SLE-22601). - drm/i915/xehp: Define multicast register ranges (jsc#SLE-22601). - drm/i915: Extend Wa_1406941453 to adl-p (jsc#SLE-22601). - drm/i915/uapi: reject set_domain for discrete (jsc#SLE-22601). - drm/i915/xehp: VDBOX/VEBOX fusing registers are enable-based (jsc#SLE-22601). - drm/i915/gt: rename legacy engine->hw_id to engine->gen6_hw_id (jsc#SLE-22601). - drm/i915/gt: nuke unused legacy engine hw_id (jsc#SLE-22601). - drm/i915/gt: fix platform prefix (jsc#SLE-22601). - drm/i915: Add intel_context tracing (jsc#SLE-22601). - drm/i915/guc: Add trace point for GuC submit (jsc#SLE-22601). - drm/i915/guc: Update GuC debugfs to support new GuC (jsc#SLE-22601). - drm/i915/guc: Update intel_gt_wait_for_idle to work with GuC (jsc#SLE-22601). - drm/i915/guc: Ensure G2H response has space in buffer (jsc#SLE-22601). - drm/i915/guc: Disable semaphores when using GuC scheduling (jsc#SLE-22601). - drm/i915/guc: Ensure request ordering via completion fences (jsc#SLE-22601). - drm/i915: Disable preempt busywait when using GuC scheduling (jsc#SLE-22601). - drm/i915/guc: Extend deregistration fence to schedule disable (jsc#SLE-22601). - drm/i915/guc: Disable engine barriers with GuC during unpin (jsc#SLE-22601). - drm/i915/guc: Defer context unpin until scheduling is disabled (jsc#SLE-22601). - drm/i915/guc: Insert fence on context when deregistering (jsc#SLE-22601). - drm/i915/guc: Implement GuC context operations for new inteface (jsc#SLE-22601). - drm/i915/guc: Add bypass tasklet submission path to GuC (jsc#SLE-22601). - drm/i915/guc: Implement GuC submission tasklet (jsc#SLE-22601). - drm/i915/guc: Add LRC descriptor context lookup array (jsc#SLE-22601). - drm/i915/guc: Remove GuC stage descriptor, add LRC descriptor (jsc#SLE-22601). - drm/i915/guc: Add new GuC interface defines and structures (jsc#SLE-22601). - drm/i915/xehp: New engine context offsets (jsc#SLE-22601). - drm/i915/xehp: Handle new device context ID format (jsc#SLE-22601). - drm/i915/selftests: Allow for larger engine counts (jsc#SLE-22601). - drm/i915/gen12: Use fuse info to enable SFC (jsc#SLE-22601). - drm/i915/dg2: add DG2 platform info (jsc#SLE-22601). - drm/i915/xehpsdv: add initial XeHP SDV definitions (jsc#SLE-22601). - drm/i915: Add XE_HP initial definitions (jsc#SLE-22601). - drm/i915: Add release id version (jsc#SLE-22601). - drm/i915: do not abbreviate version in debugfs (jsc#SLE-22601). - drm/i915: Make the kmem slab for i915_buddy_block a global (jsc#SLE-22601). - drm/i915: Use a table for i915_init/exit (v2) (jsc#SLE-22601). - drm/i915: Call i915_globals_exit() after i915_pmu_exit() (jsc#SLE-22601). - drm/i915: Ditch i915 globals shrink infrastructure (jsc#SLE-22601). - drm/i915: Make GT workaround upper bounds exclusive (jsc#SLE-22601). - drm/i915: Program DFR enable/disable as a GT workaround (jsc#SLE-22601). - drm/i915/icl: Drop a couple unnecessary workarounds (jsc#SLE-22601). - drm/i915: Fix application of WaInPlaceDecompressionHang (jsc#SLE-22601). - drm/i915: Add TTM offset argument to mmap (jsc#SLE-22601). - drm/i915/uapi: convert drm_i915_gem_userptr to kernel doc (jsc#SLE-22601). - drm/i915/uapi: reject caching ioctls for discrete (jsc#SLE-22601). - Revert "drm/i915: Skip over MI_NOOP when parsing" (jsc#SLE-22601). - drm/i915: Drop error handling from dma_fence_work (jsc#SLE-22601). - drm/i915: Remove allow_alloc from i915_gem_object_get_sg* (jsc#SLE-22601). - drm/i915/icl: Drop workarounds that only apply to pre-production steppings (jsc#SLE-22601). - drm/i915/cnl: Drop all workarounds (jsc#SLE-22601). - drm/i915/dg1: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/rkl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/jsl_ehl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/icl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/glk: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/bxt: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/kbl: Drop pre-production revision from stepping table (jsc#SLE-22601). - drm/i915/skl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915: Make pre-production detection use direct revid comparison (jsc#SLE-22601). - drm/i915/step: s/_revid_tbl/_revids (jsc#SLE-22601). - drm/i915/uapi: convert drm_i915_gem_set_domain to kernel doc (jsc#SLE-22601). - drm/i915/uapi: convert drm_i915_gem_caching to kernel doc (jsc#SLE-22601). - drm/i915/guc: Module load failure test for CT buffer creation (jsc#SLE-22601). - drm/i915/guc: Optimize CTB writes and reads (jsc#SLE-22601). - drm/i915/guc: Add stall timer to non blocking CTB send function (jsc#SLE-22601). - drm/i915/guc: Add non blocking CTB send function (jsc#SLE-22601). - drm/i915/guc: Increase size of CTB buffers (jsc#SLE-22601). - drm/i915/guc: Improve error message for unsolicited CT response (jsc#SLE-22601). - drm/i915/guc: Relax CTB response timeout (jsc#SLE-22601). - drm/i915/adl_s: Extend Wa_1406941453 (jsc#SLE-22601). - drm/i915: Implement Wa_1508744258 (jsc#SLE-22601). - drm/i915: Settle on "adl-x" in WA comments (jsc#SLE-22601). - drm/i915: use consistent CPU mappings for pin_map users (jsc#SLE-22601). - drm/i915: Finalize contexts in GEM_CONTEXT_CREATE on version 13+ (jsc#SLE-22601). - drm/i915/gem: Roll all of context creation together (jsc#SLE-22601). - i915/gem/selftests: Assign the VM at context creation in igt_shared_ctx_exec (jsc#SLE-22601). - drm/i915/selftests: Take a VM in kernel_context() (jsc#SLE-22601). - drm/i915/gem: Don't allow changing the engine set on running contexts (v3) (jsc#SLE-22601). - drm/i915/gem: Don't allow changing the VM on running contexts (v4) (jsc#SLE-22601). - drm/i915/gem: Delay context creation (v3) (jsc#SLE-22601). - drm/i915/gt: Drop i915_address_space::file (v2) (jsc#SLE-22601). - drm/i915/gem: Return an error ptr from context_lookup (jsc#SLE-22601). - drm/i915/gem: Use the proto-context to handle create parameters (v5) (jsc#SLE-22601). - drm/i915/gem: Make an alignment check more sensible (jsc#SLE-22601). - drm/i915: Add an i915_gem_vm_lookup helper (jsc#SLE-22601). - drm/i915/gem: Optionally set SSEU in intel_context_set_gem (jsc#SLE-22601). - drm/i915/gem: Rework error handling in default_engines (jsc#SLE-22601). - drm/i915/gem: Add an intermediate proto_context struct (v5) (jsc#SLE-22601). - drm/i915: Add gem/i915_gem_context.h to the docs (jsc#SLE-22601). - drm/i915/gem: Add a separate validate_priority helper (jsc#SLE-22601). - drm/i915: Stop manually RCU banging in reset_stats_ioctl (v2) (jsc#SLE-22601). - drm/i915/gem: Disallow creating contexts with too many engines (jsc#SLE-22601). - drm/i915/request: Remove the hook from await_execution (jsc#SLE-22601). - drm/i915/gem: Remove engine auto-magic with FENCE_SUBMIT (v2) (jsc#SLE-22601). - drm/i915/gem: Disallow bonding of virtual engines (v3) (jsc#SLE-22601). - drm/i915: Drop getparam support for I915_CONTEXT_PARAM_ENGINES (jsc#SLE-22601). - drm/i915: Implement SINGLE_TIMELINE with a syncobj (v4) (jsc#SLE-22601). - drm/i915: Drop the CONTEXT_CLONE API (v2) (jsc#SLE-22601). - drm/i915/gem: Return void from context_apply_all (jsc#SLE-22601). - drm/i915/gem: Set the watchdog timeout directly in intel_context_set_gem (v2) (jsc#SLE-22601). - drm/i915: Drop I915_CONTEXT_PARAM_NO_ZEROMAP (jsc#SLE-22601). - drm/i915: Stop storing the ring size in the ring pointer (v3) (jsc#SLE-22601). - drm/i915: Drop I915_CONTEXT_PARAM_RINGSIZE (jsc#SLE-22601). - drm/i915/adlp: Add ADL-P GuC/HuC firmware files (jsc#SLE-22601). - drm/i915/huc: Update TGL and friends to HuC 7.9.3 (jsc#SLE-22601). - drm/i915/adl_s: Fix dma_mask_size to 39 bit (jsc#SLE-22601). - drm/i915/gt: finish INTEL_GEN and friends conversion (jsc#SLE-22601). - drm/i915/selftests: fix smatch warning in mock_reserve (jsc#SLE-22601). - drm/i915/selftests: fix smatch warning in igt_check_blocks (jsc#SLE-22601). - drm/i915: Improve debug Kconfig texts a bit (jsc#SLE-22601). - drm/i915/gtt: ignore min_page_size for paging structures (jsc#SLE-22601). - drm/i915: support forcing the page size with lmem (jsc#SLE-22601). - drm/i915/display: Migrate objects to LMEM if possible for display (jsc#SLE-22601). - drm/i915/gem: Introduce a selftest for the gem object migrate functionality (jsc#SLE-22601). - drm/i915/gem: Implement object migration (jsc#SLE-22601). - drm/i915/selftest: Extend ctx_timestamp ICL workaround to GEN11 (jsc#SLE-22601). - drm/i915/ttm: Use TTM for system memory (jsc#SLE-22601). - drm/i915/ttm: Adjust gem flags and caching settings after a move (jsc#SLE-22601). - drm/i915: Update object placement flags to be mutable (jsc#SLE-22601). - drm/i915/ttm: fix static warning (jsc#SLE-22601). - drm/i915/eb: Fix pagefault disabling in the first slowpath (jsc#SLE-22601). - drm/i915: Document the Virtual Engine uAPI (jsc#SLE-22601). - drm/i915/guc: Update firmware to v62.0.0 (jsc#SLE-22601). - drm/i915/guc: Introduce unified HXG messages (jsc#SLE-22601). - drm/i915: Move submission tasklet to i915_sched_engine (jsc#SLE-22601). - drm/i915: Update i915_scheduler to operate on i915_sched_engine (jsc#SLE-22601). - drm/i915: Add kick_backend function to i915_sched_engine (jsc#SLE-22601). - drm/i915: Move engine->schedule to i915_sched_engine (jsc#SLE-22601). - drm/i915: Move active tracking to i915_sched_engine (jsc#SLE-22601). - drm/i915: Reset sched_engine.no_priolist immediately after dequeue (jsc#SLE-22601). - drm/i915: Add i915_sched_engine_is_empty function (jsc#SLE-22601). - drm/i915: Move priolist to new i915_sched_engine object (jsc#SLE-22601). - drm/i915/selftests: add back the selftest() hook for the buddy (jsc#SLE-22601). - drm/i915/ttm: Fix incorrect assumptions about ttm_bo_validate() semantics (jsc#SLE-22601). - drm/i915: Add support for explicit L3BANK steering (jsc#SLE-22601). - drm/i915: Add GT support for multiple types of multicast steering (jsc#SLE-22601). - drm/i915: extract steered reg access to common function (jsc#SLE-22601). - drm/i915: Remove duplicate include of intel_region_lmem.h (jsc#SLE-22601). - drm/i915: Perform execbuffer object locking as a separate step (jsc#SLE-22601). - drm/i915/gem: Zap the i915_gem_object_blt code (jsc#SLE-22601). - drm/i915/gem: Zap the client blt code (jsc#SLE-22601). - drm/i915/ttm: accelerated move implementation (jsc#SLE-22601). - drm/i915/gt: Setup a default migration context on the GT (jsc#SLE-22601). - drm/i915/gt: Pipelined clear (jsc#SLE-22601). - drm/i915/gt: Pipelined page migration (jsc#SLE-22601). - drm/i915/gt: Export the pinned context constructor and destructor (jsc#SLE-22601). - drm/i915/gt: Add a routine to iterate over the pagetables of a GTT (jsc#SLE-22601). - drm/i915/gt: Add an insert_entry for gen8_ppgtt (jsc#SLE-22601). - drm/i915: Introduce a ww transaction helper (jsc#SLE-22601). - drm/i915: Break out dma_resv ww locking utilities to separate files (jsc#SLE-22601). - drm/i915: Reference objects on the ww object list (jsc#SLE-22601). - drm/i915/ttm: remove unused function (jsc#SLE-22601). - drm/i915/gem: Remove duplicated call to ops->pread (jsc#SLE-22601). - drm/i915/ttm: restore min_page_size behaviour (jsc#SLE-22601). - drm/i915/ttm: switch over to ttm_buddy_man (jsc#SLE-22601). - drm/i915/ttm: remove node usage in our naming (jsc#SLE-22601). - drm/i915/ttm: pass along the I915_BO_ALLOC_CONTIGUOUS (jsc#SLE-22601). - drm/i915/ttm: Calculate the object placement at get_pages time (jsc#SLE-22601). - drm/i915/ttm: add i915_sg_from_buddy_resource (jsc#SLE-22601). - drm/i915/ttm: add ttm_buddy_man (jsc#SLE-22601). - drm/i915/ttm: Fix memory leaks (jsc#SLE-22601). - drm/i915/adl_p: Add initial ADL_P Workarounds (jsc#SLE-22601). - drm/i915: Simplify userptr locking (jsc#SLE-22601). Refresh patches.suse/lib-scatterlist-Provide-a-dedicated-function-to-supp.patch. - drm/i915: Fix busy ioctl commentary (jsc#SLE-22601). - drm/aperture: Pass DRM driver structure instead of driver name (jsc#SLE-22601). - drm/i915: Track IRQ state in local device state (jsc#SLE-22601). - dma-buf: add dma_fence_chain_alloc/free v3 (jsc#SLE-22601). - drm/i915: Use ttm mmap handling for ttm bo's (jsc#SLE-22601). - drm/vma: Add a driver_private member to vma_node (jsc#SLE-22601). - drm/i915/lmem: Verify checks for lmem residency (jsc#SLE-22601). - drm/i915/ttm: Introduce a TTM i915 gem object backend (jsc#SLE-22601). Refresh patches.suse/lib-scatterlist-Provide-a-dedicated-function-to-supp.patch. - drm/dp: Extract i915's eDP backlight code into DRM helpers (jsc#SLE-22601). - drm/i915/dpcd_bl: Print return codes for VESA backlight failures (jsc#SLE-22601). - drm/i915/dpcd_bl: Return early in vesa_calc_max_backlight if we can't read PWMGEN_BIT_COUNT (jsc#SLE-22601). - drm/i915/dpcd_bl: Move VESA backlight enabling code closer together (jsc#SLE-22601). - drm/i915/dpcd_bl: Cache some backlight capabilities in intel_panel.backlight (jsc#SLE-22601). - drm/i915/dpcd_bl: Cleanup intel_dp_aux_vesa_enable_backlight() a bit (jsc#SLE-22601). - drm/i915/dpcd_bl: Handle drm_dpcd_read/write() return values correctly (jsc#SLE-22601). - drm/i915/dpcd_bl: Remove redundant AUX backlight frequency calculations (jsc#SLE-22601). - gpu/drm/i915: nuke old GEN macros (jsc#SLE-22601). - drm/i915: finish INTEL_GEN and friends conversion (jsc#SLE-22601). - drm/i915/hdcp: Nuke Platform check for mst hdcp init (jsc#SLE-22601). - drm/i915/display: check if compressed_llb was allocated (jsc#SLE-22601). - drm/i915/display: Fix state mismatch in drm infoframe (jsc#SLE-22601). - drm/i915/ehl: Remove require_force_probe protection (jsc#SLE-22601). - drm/i915/jsl: Remove require_force_probe protection (jsc#SLE-22601). - drm/i915/display: use max_level to control loop (jsc#SLE-22601). - drm/i915/display: fix level 0 adjustement on display ver >= 12 (jsc#SLE-22601). - drm/i915/display/adl_p: Implement Wa_16011303918 (jsc#SLE-22601). - drm/i915/xelpd: Handle PSR2 SDP indication in the prior scanline (jsc#SLE-22601). - drm/i915/display/adl_p: Implement Wa_16011168373 (jsc#SLE-22601). - drm/i915/display/adl_p: Implement Wa_22012278275 (jsc#SLE-22601). - drm/i915/display/psr: Handle SU Y granularity (jsc#SLE-22601). - drm/i915: s/intel_crtc/crtc/ (jsc#SLE-22601). - drm/i915: Clean up intel_fbdev_init_bios() a bit (jsc#SLE-22601). - drm/i915: Clean up pre-skl wm calling convention (jsc#SLE-22601). - drm/i915: Clean up intel_find_initial_plane_obj() a bit (jsc#SLE-22601). - drm/i915: Clean up intel_get_load_detect_pipe() a bit (jsc#SLE-22601). - drm/i915: Stop hand rolling drm_crtc_mask() (jsc#SLE-22601). - drm/i915/fbc: Allocate llb before cfb (jsc#SLE-22601). - drm/i915/fbc: Make the cfb allocation loop a bit more legible (jsc#SLE-22601). - drm/i915/fbc: Extract intel_fbc_stolen_end() (jsc#SLE-22601). - drm/i915/fbc: Introduce g4x_dpfc_ctl_limit() (jsc#SLE-22601). - drm/i915/fbc: Handle 16bpp compression limit better (jsc#SLE-22601). - drm/i915/fbc: Don't pass around the mm node (jsc#SLE-22601). - drm/i915/fbc: Embed the compressed_llb node (jsc#SLE-22601). - drm/i915/fbc: Extract intel_fbc_program_cfb() (jsc#SLE-22601). - drm/i915/fbc: s/threshold/limit/ (jsc#SLE-22601). - drm/i915: Add the missing adls vswing tables (jsc#SLE-22601). - drm/i915: Nuke buf_trans hdmi functions (jsc#SLE-22601). - drm/i915: Clean up jsl/ehl buf trans functions (jsc#SLE-22601). - drm/i915: Fix ehl edp hbr2 vswing table (jsc#SLE-22601). - drm/i915: keep backlight_enable on until turn eDP display off (jsc#SLE-22601). - drm/i915: Deduplicate icl DP HBR2 vs. eDP HBR3 table (jsc#SLE-22601). - drm/i915: Fix dg1 buf trans tables (jsc#SLE-22601). - drm/i915: Introduce rkl_get_combo_buf_trans() (jsc#SLE-22601). - drm/i915: Clean up hsw/bdw/skl/kbl buf trans funcs (jsc#SLE-22601). - drm/i915: Introduce encoder->get_buf_trans() (jsc#SLE-22601). - drm/i915: Store the HDMI default entry in the bug trans struct (jsc#SLE-22601). - drm/i915; Return the whole buf_trans struct from get_buf_trans() (jsc#SLE-22601). - drm/i915: Introduce intel_get_buf_trans() (jsc#SLE-22601). - drm/i915: Wrap the buf trans tables into a struct (jsc#SLE-22601). - drm/i915: Rename dkl phy buf trans tables (jsc#SLE-22601). - drm/i915: Wrap the platform specific buf trans structs into a union (jsc#SLE-22601). - drm/i915: Introduce hsw_get_buf_trans() (jsc#SLE-22601). - drm/i915: s/intel/hsw/ for hsw/bdw/skl buf trans (jsc#SLE-22601). - drm/i915/adl_p: Load DMC (jsc#SLE-22601). - drm/i915/adl_p: Pipe B DMC Support (jsc#SLE-22601). - drm/i915/xelpd: Pipe A DMC plugging (jsc#SLE-22601). - drm/i915/dmc: Introduce DMC_FW_MAIN (jsc#SLE-22601). - drm/i915: Force a TypeC PHY disconnect during suspend/shutdown (jsc#SLE-22601). - drm/i915/xelpd: break feature inheritance (jsc#SLE-22601). - drm/i915: apply WaEnableVGAAccessThroughIOPort as needed (jsc#SLE-22601). - commit a14349b - block: Hold invalidate_lock in BLKZEROOUT ioctl (bsc#1183392). This patch series fixes the block/009 test which can fail with a low failure rate of about 1/1400. I've tested this series with kernel-ci against the baseline and found no regressions. - block: Hold invalidate_lock in BLKDISCARD ioctl (bsc#1183392). - mm: Add functions to lock invalidate_lock for two mappings (bsc#1183392). - mm: Protect operations adding pages to page cache with invalidate_lock (bsc#1183392). - commit 2ea6207 - printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces (bsc#1192988). - commit 21c31a1 - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - commit b339baf - ethernet: chelsio: use eth_hw_addr_set() (jsc#SLE-18992). - net: chelsio: cxgb4vf: Make use of the helper function dev_err_probe() (jsc#SLE-18992). - cxgb4: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18992). - cxgb4: Remove unused vpd_param member ec (jsc#SLE-18992). - cxgb4: Validate VPD checksum with pci_vpd_check_csum() (jsc#SLE-18992). - cxgb4: Properly revert VPD changes (jsc#SLE-18992). - cxgb4: improve printing NIC information (jsc#SLE-18992). - net: chelsio: switch from 'pci_' to 'dma_' API (jsc#SLE-18992). - Revert "cxgb4: Validate VPD checksum with pci_vpd_check_csum()" (jsc#SLE-18992). - Revert "Revert "cxgb4: Search VPD with pci_vpd_find_ro_info_keyword()"" (jsc#SLE-18992). - Revert "cxgb4: Search VPD with pci_vpd_find_ro_info_keyword()" (jsc#SLE-18992). - cxgb4: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18992). - cxgb4: Remove unused vpd_param member ec (jsc#SLE-18992). - cxgb4: Validate VPD checksum with pci_vpd_check_csum() (jsc#SLE-18992). - cxgb4: make the array match_all_mac static, makes object smaller (jsc#SLE-18992). - commit e59b97c - RDMA/nldev: Check stat attribute before accessing it (jsc#SLE-19249). - RDMA/mlx4: Do not fail the registration on port stats (jsc#SLE-19255). - IB/hfi1: Properly allocate rdma counter desc memory (jsc#SLE-19242). - RDMA/core: Set send and receive CQ before forwarding to the driver (jsc#SLE-19249). - i40e: Fix display error code in dmesg (jsc#SLE-18378). - i40e: Fix creation of first queue by omitting it if is not power of two (jsc#SLE-18378). - i40e: Fix warning message and call stack during rmmod i40e driver (jsc#SLE-18378). - i40e: Fix ping is lost after configuring ADq on VF (jsc#SLE-18378). - i40e: Fix changing previously set num_queue_pairs for PFs (jsc#SLE-18378). - i40e: Fix NULL ptr dereference on VSI filter sync (jsc#SLE-18378). - i40e: Fix correct max_pkt_size on VF RX queue (jsc#SLE-18378). - devlink: Don't throw an error if flash notification sent before devlink visible (jsc#SLE-19253). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-19253). - net/mlx5: Lag, update tracker when state change event received (jsc#SLE-19253). - net/mlx5e: CT, Fix multiple allocations and memleak of mod acts (jsc#SLE-19253). - net/mlx5: Fix flow counters SF bulk query len (jsc#SLE-19253). - net/mlx5: E-Switch, rebuild lag only when needed (jsc#SLE-19253). - net/mlx5: Update error handler for UCTX and UMEM (jsc#SLE-19253). - net/mlx5: DR, Fix check for unsupported fields in match param (jsc#SLE-19253). - net/mlx5: DR, Handle eswitch manager and uplink vports separately (jsc#SLE-19253). - net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (jsc#SLE-19253). - net/mlx5: E-Switch, Fix resetting of encap mode when entering switchdev (jsc#SLE-19253). - net/mlx5e: Wait for concurrent flow deletion during neigh/fib events (jsc#SLE-19253). - net/mlx5e: kTLS, Fix crash in RX resync flow (jsc#SLE-19253). - net: sched: act_mirred: drop dst for the direction from egress to ingress (git-fixes). - bnxt_en: Fix compile error regression when CONFIG_BNXT_SRIOV is not set (jsc#SLE-18978). - udp: Validate checksum in udp_read_sock() (git-fixes). - xsk: Fix crash on double free in buffer pool (jsc#SLE-18375). - iavf: Restore VLAN filters after link down (jsc#SLE-18385). - iavf: Fix for setting queues to 0 (jsc#SLE-18385). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (jsc#SLE-18385). - iavf: validate pointers (jsc#SLE-18385). - iavf: prevent accidental free of filter structure (jsc#SLE-18385). - iavf: Fix failure to exit out from last all-multicast mode (jsc#SLE-18385). - iavf: don't clear a lock we don't hold (jsc#SLE-18385). - iavf: free q_vectors before queues in iavf_disable_vf (jsc#SLE-18385). - iavf: check for null in iavf_fix_features (jsc#SLE-18385). - iavf: Fix return of set the new channel count (jsc#SLE-18385). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-18978). - bnxt_en: fix format specifier in live patch error message (jsc#SLE-18978). - bnxt_en: extend RTNL to VF check in devlink driver_reinit (jsc#SLE-18978). - net: bnx2x: fix variable dereferenced before check (jsc#SLE-18274). - ethernet: bnx2x: use eth_hw_addr_set() (jsc#SLE-18274). - bnx2x: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18274). - bnx2x: Read VPD with pci_vpd_alloc() (jsc#SLE-18274). - bnx2x: remove unused variable 'cur_data_offset' (jsc#SLE-18274). - commit 4626034 - kernel-source.spec: install-kernel-tools also required on 15.4 - commit 6cefb55 ++++ mozilla-nss: - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. ++++ osinfo-db: - jsc#SLE-17764 - Dev: Support Oracle Linux as a guest VM. See also bsc#1192238 [Build58.2][KVM] The latest supported OracleLinux as guest versions are not included anywhere add-missing-oracle-linux-versions.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#539 - add kernel modules for MPS3 USB (jsc#SLE-20148) - 16.57.9 - merge gh#openSUSE/installation-images#545 - ensure crypto-policies are added properly (bsc#1183082, bsc#1192957) - 16.57.8 ++++ virt-manager: - jsc#SLE-17735 - Support Oracle Linux as a guest VM. See also bsc#1192238 [Build58.2][KVM] The latest supported OracleLinux as guest versions are not included anywhere virtinst-add-oracle-linux-support.patch ------------------------------------------------------------------ ------------------ 2021-11-22 - Nov 22 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.148.g65e8258f: * fix(dracut.spec): update dependency for suse-module-tools - Update to version 055+suse.146.g71f186fa: * fix(network-legacy): route parsing issues in ifup (bsc#1182688) * fix(systemd-udevd): make collect optional (bsc#1177870) * style(dracut.sh): remove redundant script header * fix(dracut.sh): change misspelled variable name * fix(dracut.sh): remove wrong $ in loop sequence * chore(suse): update spec * fix(90kernel-modules): add isp1760 USB controller * fix(iscsi): add support for the new iscsiadm "no-wait" (-W) command (bsc#1187190) * ci(suse.conf.example): optimal compression parameters for zstd * feat(dracut.sh): check if target kernel has zstd support compiled in * ci(suse.conf.example): change default compression option for SUSE ++++ transactional-update: - Version 4.0.0~rc1 This release is API, but not ABI compatible with previous releases; existing applications will have to be recompiled against this new version. Major features: - Introduces a D-Bus service to access the libtukit API via the org.opensuse.tukit.Transaction interface - Introduces a C binding via libtukit.h. Other changes: - t-u: Rework --quiet handling to make sure no output is shown even in error cases; this is necessary for automation, e.g. with Salt. [gh#openSUSE/transactional-update#73] - tukit: Allow storing command output into variable by introducing a new optional parameter for "execute" and "callExt". - Replace multiple and non-standalone occurenses of {} in "callExt" argument. - Split transactional-update.timer into transactional-update.timer and transactional-update-cleanup.timer; the later will clean up old snapshots even when the system does not do automatic updates. - tukit: Remove legacy alias "setDiscard" for "setDiscardIfUnchanged". - Throw exception if snapshot is not found. - Fix various compiler warnings - Update spec file: - Include tukitd D-Bus daemon - Only install one version of the library (as there are no breaking API changes yet) - Add %pre scriplets for systemd services - Replace %systemd_postun scriptlets with %systemd_postun_with_restart to satisfy rpmlint checks - Add transactional-update log file as %ghost file ++++ kernel-default: - dmanegine: idxd: fix resource free ordering on driver removal (git-fixes). - ALSA: usb-audio: Fix possible race at sync of urb completions (git-fixes). - Bluetooth: call sock_hold earlier in sco_conn_del (git-fixes). - commit c31b8d8 - blacklist.conf: 70a9ac36ffd8 ("f2fs: fix up f2fs_lookup tracepoints") CONFIG_F2FS_FS is not set anywhere. - commit 192a1c3 - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - commit c8df0a0 - blacklist.conf: 172f7ba9772c ("ftrace: Make ftrace_profile_pages_init static") A cosmetic fix. - commit 99f4114 - tracing: use %ps format string to print symbols (git-fixes). - commit 11044ff - Drivers: hv: vmbus: Initialize VMbus ring buffer for Isolation VM (bsc#1183682). - Update config files. - commit a524613 - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf by default") only changes kconfig default, used e.g. for "make oldconfig" when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - commit 4a1e78c - Drivers: hv: vmbus: Add SNP support for VMbus channel initiate message (bsc#1183682). - x86/hyperv: Add ghcb hvcall support for SNP VM (bsc#1183682). - x86/hyperv: Add Write/Read MSR registers via ghcb page (bsc#1183682). - Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM (bsc#1183682). - x86/hyperv: Add new hvcall guest address host visibility support (bsc#1183682). - x86/hyperv: Initialize shared memory boundary in the Isolation VM (bsc#1183682). - x86/hyperv: Initialize GHCB page in Isolation VM (bsc#1183682). - x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV (bsc#1183682). - commit 7b9b378 - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - commit a295ccf - pstore/blk: Use "%lu" to format unsigned long (git-fixes). - commit 4c246a2 - Linux 5.14.21 (stable-5.14.21). - commit ccb8dac - Revert "ACPI: scan: Release PM resources blocked by unused objects" (stable-5.14.21). - KVM: Fix steal time asm constraints (stable-5.14.21). - parisc/entry: fix trace test in syscall exit path (stable-5.14.21). - PCI/MSI: Destroy sysfs before freeing entries (stable-5.14.21). - PCI: Add MSI masking quirk for Nvidia ION AHCI (stable-5.14.21). - PCI/MSI: Deal with devices lying about their MSI mask capability (stable-5.14.21). - perf/core: Avoid put_page() when GUP fails (stable-5.14.21). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (stable-5.14.21). - Bluetooth: btusb: Add support for TP-Link UB500 Adapter (stable-5.14.21). - fortify: Explicitly disable Clang support (stable-5.14.21). - loop: Use blk_validate_block_size() to validate block size (stable-5.14.21). - block: Add a helper to validate the block size (stable-5.14.21). - bootconfig: init: Fix memblock leak in xbc_make_cmdline() (stable-5.14.21). - commit 5099a2b - Update patch references for stable-5.14.21 - commit b78e4e4 ++++ ceph: - Update to 16.2.6-463-g22e7612f9ad: + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links ++++ systemd: - Import commit dcd562c17a5bd8df60aff757c9a4c823b1da9144 (merge of v249.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/a7d5fcde94e2351f6cdd1826726c52e22c9355f9...dcd562c17a5bd8df60aff757c9a4c823b1da9144 - Import commit a7d5fcde94e2351f6cdd1826726c52e22c9355f9 f99aa40c6e TEST-12: make sure 'adm' group exist 6c7194ff99 TEST-08: don't force ext4 for / dd1814b8f9 test: use kbd-mode-map we ship in one more test case 94c5febf2a test: fix TEST-10-ISSUE-2467 - Update the dependencies of the systemd-testsuite sub-package ++++ netcat-openbsd: - Fix download URL. Debian has purged older versions from their servers. ++++ yast2-trans: - Update to version 84.87.20211121.6ee9157350: * Translated using Weblate (Catalan) * New POT for text domain 'autoinst'. * Translated using Weblate (Slovak) * New POT for text domain 'control'. * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Japanese) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * New POT for text domain 'registration'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-11-21 - Nov 21 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "mark pstore-blk as broken" (git-fixes). - Update config files. - supported.conf: adjust for pstore_blk and co - commit 79eccc2 - pinctrl: qcom: sm8350: Correct UFS and SDC offsets (git-fixes). - pinctrl: qcom: sdm845: Enable dual edge errata (git-fixes). - pinctrl: ralink: include 'ralink_regs.h' in 'pinctrl-mt7620.c' (git-fixes). - ACPI: Add stubs for wakeup handler functions (git-fixes). - commit 7d34774 ++++ libcap: - libcap 2.61: * Better error handling of the numerical arguments for capsh and setcap * Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc) * Added an example of a shared library object with its own file capability * Fix the top-level include for Make.Rules in the contrib/sucap example application * Add support for running constructors at libcap.so start up time when running as stand alone binary. - includes changes from 2.60: * Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization * General improvement in thread safety for libcap and cap package * Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns. * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API * New features for capsh: --quiet, -+ and =+ arguments - add upstream signing key and verify source signature ------------------------------------------------------------------ ------------------ 2021-11-20 - Nov 20 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add media patch entry that was already picked up - commit 262559d - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - commit a604fd5 - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - Refresh patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch. - commit 58d673a - Revert "drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping" (git-fixes). - fbdev: Prevent probing generic drivers if a FB is already registered (git-fixes). - drm/cma-helper: Release non-coherent memory with dma_free_noncoherent() (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - thermal: int340x: Limit Kconfig to 64-bit (git-fixes). - platform/x86: think-lmi: Abort probe on analyze failure (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - spi: fix use-after-free of the add_lock mutex (git-fixes). - e100: fix device suspend/resume (git-fixes). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - mac80211: fix monitor_sdata RCU/locking assertions (git-fixes). - mac80211: drop check for DONT_REORDER in __ieee80211_select_queue (git-fixes). - nl80211: fix radio statistics in survey dump (git-fixes). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - docs: accounting: update delay-accounting.rst reference (git-fixes). - commit 195d274 - powerpc/pseries/svm: Add a powerpc version of cc_platform_has() (jsc#SLE-19924). - Update config files. - commit d22f826 ++++ colord: - Change to systemd-sysusers ------------------------------------------------------------------ ------------------ 2021-11-19 - Nov 19 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - SLE bugs that have been fixed in openSUSE up to this point without explicit references: bsc#1183783, bsc#1184400, bsc#1171806, bsc#1161119, bsc#1159840. - Obsoleted SLE patches: * chrony-fix-open.patch * chrony-gettimeofday.patch * chrony-ntp-era-split.patch * chrony-pidfile.patch * chrony-select-timeout.patch * chrony-urandom.patch * chrony.sysconfig * clknetsim-glibc-2.31.patch ++++ cni-plugin-dnsname: - Update to version 1.3.0: * Bump to v1.3.0 * Output version information when called directly * Do not error on del command * Cirrus: Remove unused $DEST_BRANCH definition * Cleanup dangling config files * Update F34beta -> F34 and U2010 -> U2104 * Cirrus: Add modern get_ci_vm support * Cirrus: Update to F34beta VM image * Bump to v1.2.0 * return dnsmasq errors * Update podman readme * Add dns search domain to cni result * Add AppArmor instruction in the Podman readme * fix typo in README_PODMAN * Added missing comma in README_PODMAN.md * Cirrus: Update to F33 and U2010 * Improve documentation of use with Podman * bump go-iptables version - Fix build on SLE and Leap ++++ containerd: - Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814 bsc#1193273 CVE-2021-41190 ++++ transactional-update: - Version 3.6.2 - Bind mount root file system snapshot on itself, this makes the temporary directory in /tmp unnecessary; also fixes [boo#1188110] to return the correct snapshot's working directory via API call. - Use separate mount namespace for transactional-update; this should fix several applications that fail to run if a mount point has the 'unbindable' mount flag set ++++ kernel-default: - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - commit 09c9eb3 - blacklist.conf: Add b94f9ac79a73 cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem - commit b3581c2 - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1192547). - treewide: Replace the use of mem_encrypt_active() with cc_platform_has() (jsc#SLE-19924). - x86/sev: Replace occurrences of sev_es_active() with cc_platform_has() (jsc#SLE-19924). - x86/sev: Replace occurrences of sev_active() with cc_platform_has() (jsc#SLE-19924). - x86/sme: Replace occurrences of sme_active() with cc_platform_has() (jsc#SLE-19924). - x86/ioremap: Selectively build arch override encryption functions (jsc#SLE-19924). - powerpc/svm: Don't issue ultracalls if !mem_encrypt_active() (jsc#SLE-19924). - commit c6b9314 - memcg: replace in_interrupt() by !in_task() in active_memcg() (bsc#1192894). - commit 8c447eb - Update metadata patches.suse/bpf-cgroup-Assign-cgroup-in-cgroup_sk_alloc-when-cal.patch (stable-5.14.19 bsc#1191279). - Update metadata patches.suse/bpf-cgroups-Fix-cgroup-v2-fallback-on-v1-v2-mixed-mo.patch (stable-5.14.19 bsc#1191279). - commit 590ab5b - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - commit 0b78f1b ++++ libvirt: - virt-create-rootfs: Fix repository URLs Updated virt-create-rootfs.patch boo#1192318 ++++ makedumpfile: - Turn on zstd. ++++ rust-keylime: - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) ------------------------------------------------------------------ ------------------ 2021-11-18 - Nov 18 2021 ------------------- ------------------------------------------------------------------ ++++ cryptsetup: - cryptsetup 2.4.2: * Fix possible large memory allocation if LUKS2 header size is invalid. * Fix memory corruption in debug message printing LUKS2 checksum. * veritysetup: remove link to the UUID library for the static build. * Remove link to pwquality library for integritysetup and veritysetup. These tools do not read passphrases. * OpenSSL3 backend: avoid remaining deprecated calls in API. Crypto backend no longer use API deprecated in OpenSSL 3.0 * Check if kernel device-mapper create device failed in an early phase. This happens when a concurrent creation of device-mapper devices meets in the very early state. * Do not set compiler optimization flag for Argon2 KDF if the memory wipe is implemented in libc. * Do not attempt to unload LUKS2 tokens if external tokens are disabled. This allows building a static binary with - -disable-external-tokens. * LUKS convert: also check sysfs for device activity. If udev symlink is missing, code fallbacks to sysfs scan to prevent data corruption for the active device. ++++ dnsmasq: - bsc#1192529, dnsmasq-resolv-conf.patch: Fix a segfault when re-reading an empty resolv.conf - Remove "nogroup" membership from the dnsmasq user. ++++ docker: - Update to Docker 20.10.11-ce. See upstream changelog online at . bsc#1192814 bsc#1193273 CVE-2021-41190 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - Remove upstreamed patches: - 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch ++++ librsvg: - Disable testsuite for now, let upstream figure out the issue with harfbuzz 3.1.1. ++++ kernel-default: - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - Refresh patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch. - Refresh patches.suse/btrfs-provide-super_operations-get_inode_dev. - Refresh patches.suse/intel_idle-Disable-ACPI-_CST-on-Haswell.patch - commit 50b72c3 - pinctrl: tegra: Return const pointer from tegra_pinctrl_get_group() (jsc#SLE-20498). - usb: xhci: tegra: Check padctrl interrupt presence in device tree (git-fixes). - dmaengine: tegra210-adma: Override ADMA FIFO size (jsc#SLE-20498). - dmaengine: tegra210-adma: Add description for 'adma_get_burst_config' (jsc#SLE-20498). - dmaengine: tegra210-adma: Re-order 'has_outstanding_reqs' member (jsc#SLE-20498). - gpio: tegra186: Support multiple interrupts per bank (jsc#SLE-20498). - gpio: tegra186: Force one interrupt per bank (jsc#SLE-20498). - i2c: tegra: Ensure that device is suspended before driver is removed (git-fixes). - pinctrl: tegra: Fix warnings and error (jsc#SLE-20498). - pinctrl: tegra: Use correct offset for pin group (jsc#SLE-20498). - pinctrl: tegra: Add pinmux support for Tegra194 (jsc#SLE-20498). - pinctrl: tegra: include lpdr pin properties (jsc#SLE-20498). - usb: phy: tegra: Support OTG mode programming (git-fixes). - memory: tegra186-emc: Handle errors in BPMP response (jsc#SLE-20498). - soc/tegra: Add Tegra186 ARI driver (jsc#SLE-20498). - cpufreq: tegra186/tegra194: Handle errors in BPMP response (jsc#SLE-20498). - spi: tegra210-quad: Put device into suspend on driver removal (git-fixes). - regulator: Don't error out fixed regulator in regulator_sync_voltage() (git-fixes). - thermal/drivers/tegra-soctherm: Silence message about clamped temperature (git-fixes). - PCI: tegra194: Cleanup unused code (jsc#SLE-20498). - PCI: tegra194: Don't allow suspend when Tegra PCIe is in EP mode (jsc#SLE-20498). - PCI: tegra194: Disable interrupts before entering L2 (jsc#SLE-20498). - gpio: tegra186: Add ACPI support (jsc#SLE-20498). - clk: tegra: Remove CLK_IS_CRITICAL flag from fuse clock (git-fixes). - soc/tegra: fuse: Enable fuse clock on suspend for Tegra124 (git-fixes). - soc/tegra: fuse: Add runtime PM support (git-fixes). - soc/tegra: fuse: Clear fuse->clk on driver probe failure (git-fixes). - soc/tegra: pmc: Prevent racing with cpuilde driver (git-fixes). - ASoC: rt5640: Silence warning message about missing interrupt (git-fixes). - commit 1fc03e4 - Update config files: bump to 5.14.20 - commit c08e20b - Linux 5.14.20 (stable-5.14.20). - commit 1a4044c - Drop x86 patch to follow a stable-5.14.20 revert Other two (sched and x86 fixes) were reverted in 5.14.20 but we keep them Delete patches.suse/x86-Fix-__get_wchan-for-STACKTRACE.patch Update blacklist.conf - commit 6440d2c - x86/setup: Explicitly include acpi.h (bsc#1192825). - commit 915b5b4 ++++ libblockdev: - Fix lack of dependency on libblockdev-lvm needed by libblockdev package. The lvm-cache-stats binary needs the logical volume plugin to work (boo#1183948). ++++ makedumpfile: - Update to 1.7.0 * Zstandard (zstd) compression support * New -L option to limit output file size * Support of kernels up to v5.15 (x86_64) ++++ salt: - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Use dnfnotify instead yumnotify for relevant distros - dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Make "tar" as required for "salt-transactional-update" package - Make "salt-api" package to require python3-cherrypy on RHEL systems - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Added: * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * refactor-and-improvements-for-transactional-updates-.patch * fix-the-regression-for-yumnotify-plugin-456.patch * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch ++++ samba: - Fix dependency problem upgrading from libndr0 to libndr2 and from libsamba-credentials0 to libsamba-credentials1; (bsc#1192684); ++++ shared-mime-info: - Add fix-build-meson-0_60.patch: Fix build with meson 0.60 and newer. - Add drop-itstool-dep.patch: Drop itstool as it is no longer needed, upstream was missing this in the patch. Following this: drop itstool BuildRequires. ------------------------------------------------------------------ ------------------ 2021-11-17 - Nov 17 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - use autopatch - update first two patches from git originals to have the same apply depth as the rest: - git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch - git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch - fix get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563) - git-37-dfc5b8af96bec249e44a83d573af1f95a661a85c.patch - support xz compressed kernel (bsc#1162581) - git-38-4c0060639f6fa854830a708a823976772afe7764.patch - Fixing possible resource leak - git-39-df622b89bc92fd882a6715c5743095528a643546.patch - excluding new kernel string in version search ++++ kernel-default: - iscsi_ibft: fix warning in reserve_ibft_region() (bsc#1191540). - commit 4ad3fae - e1000e: Add support for the next LOM generation (jsc#SLE-18382). - Refresh patches.suse/e1000e-Separate-TGP-board-type-from-SPT.patch. - commit 92196b6 - e1000e: Add support for Lunar Lake (jsc#SLE-18382). - Refresh patches.suse/e1000e-Separate-TGP-board-type-from-SPT.patch. - commit d86918a - e1000e: Remove redundant statement (jsc#SLE-18382). - ionic: no devlink_unregister if not registered (jsc#SLE-19282). - ionic: tame the filter no space message (jsc#SLE-19282). - ionic: allow adminq requests to override default error message (jsc#SLE-19282). - ionic: handle vlan id overflow (jsc#SLE-19282). - ionic: generic filter delete (jsc#SLE-19282). - ionic: generic filter add (jsc#SLE-19282). - ionic: add generic filter search (jsc#SLE-19282). - ionic: remove mac overflow flags (jsc#SLE-19282). - ionic: move lif mac address functions (jsc#SLE-19282). - ionic: add filterlist to debugfs (jsc#SLE-19282). - ionic: add lif param to ionic_qcq_disable (jsc#SLE-19282). - ionic: have ionic_qcq_disable decide on sending to hardware (jsc#SLE-19282). - ionic: add polling to adminq wait (jsc#SLE-19282). - ionic: widen queue_lock use around lif init and deinit (jsc#SLE-19282). - ionic: move lif mutex setup and delete (jsc#SLE-19282). - ionic: check for binary values in FW ver string (jsc#SLE-19282). - ionic: remove debug stats (jsc#SLE-19282). - ionic: Move devlink registration to be last devlink command (jsc#SLE-19282). - net: e1000e: solve insmod 'Unknown symbol mutex_lock' error (jsc#SLE-18382). - net/e1000e: Fix spelling mistake "The" -> "This" (jsc#SLE-18382). - e1000e: Add space to the debug print (jsc#SLE-18382). - e1000e: Additional PHY power saving in S0ix (jsc#SLE-18382). - e1000e: Add polling mechanism to indicate CSME DPG exit (jsc#SLE-18382). - e1000e: Add handshake with the CSME to support S0ix (jsc#SLE-18382). - commit 405902c - PCI: PM: Do not call platform_pci_power_manageable() unnecessarily (jsc#SLE-19359). - commit 18069d0 - PCI: PM: Make pci_choose_state() call pci_target_state() (jsc#SLE-19359). - commit 397bfa6 - PCI: PM: Rearrange pci_target_state() (jsc#SLE-19359). - commit 6bb9c14 - PCI: endpoint: Use sysfs_emit() in "show" functions (jsc#SLE-19359). - commit 9243675 - x86/mm/64: Improve stack overflow warnings (stable-5.14.19). - commit 041e862 - PCI: ACPI: PM: Do not use pci_platform_pm_ops for ACPI (jsc#SLE-19359). - commit 96c7dd9 - PCI: PM: Do not use pci_platform_pm_ops for Intel MID PM (jsc#SLE-19359). - commit 7e981c8 - PCI: Tidy comments (git-fixes). - commit 125067a - blacklist.conf: Add entries for 5.14.19 - commit 0010d42 - Update config files: stable 5.14.19 - commit 8d0019c - Linux 5.14.19 (stable-5.14.19). - commit a808eab - media: videobuf2-dma-sg: Fix buf->vb NULL pointer dereference (stable-5.14.19). - commit 3eaf65a - x86/sev: Make the #VC exception stacks part of the default stacks storage (stable-5.14.19). - media: videobuf2: always set buffer vb2 pointer (stable-5.14.19). - x86/sev: Add an x86 version of cc_platform_has() (stable-5.14.19). - arch/cc: Introduce a function to check for confidential computing features (stable-5.14.19). - IMA: reject unknown hash algorithms in ima_get_hash_algo (stable-5.14.19). - commit b6cc9f9 - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (stable-5.14.19). - drm/amd/display: Look at firmware version to determine using dmub on dcn21 (stable-5.14.19). - SUNRPC: Partial revert of commit 6f9f17287e78 (stable-5.14.19). - selftests/x86/iopl: Adjust to the faked iopl CLI/STI usage (stable-5.14.19). - selftests/bpf: Fix also no-alu32 strobemeta selftest (stable-5.14.19). - ath10k: fix invalid dma_addr_t token assignment (stable-5.14.19). - mmc: moxart: Fix null pointer dereference on pointer host (stable-5.14.19). - media: vidtv: move kfree(dvb) to vidtv_bridge_dev_release() (stable-5.14.19). - pinctrl: amd: Handle wake-up interrupt (stable-5.14.19). - pinctrl: amd: Add irq field data (stable-5.14.19). - commit f6cd2b6 - s390/cio: make ccw_device_dma_* more robust (stable-5.14.19). - s390/ap: Fix hanging ioctl caused by orphaned replies (stable-5.14.19). - powerpc/32e: Ignore ESR in instruction storage interrupt handler (stable-5.14.19). - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload (stable-5.14.19). - powerpc/security: Use a mutex for interrupt exit code patching (stable-5.14.19). - powerpc/bpf: Fix write protecting JIT code (stable-5.14.19). - powerpc/64s/interrupt: Fix check_return_regs_valid() false positive (stable-5.14.19). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (stable-5.14.19). - powerpc/vas: Fix potential NULL pointer dereference (stable-5.14.19). - powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n (stable-5.14.19). - commit c55257b - io-wq: serialize hash clear with wakeup (stable-5.14.19). - s390/cio: check the subchannel validity for dev_busid (stable-5.14.19). - s390/cpumf: cpum_cf PMU displays invalid value after hotplug remove (stable-5.14.19). - s390/tape: fix timer initialization in tape_std_assign() (stable-5.14.19). - PM: sleep: Avoid calling put_device() under dpm_list_mtx (stable-5.14.19). - mfd: dln2: Add cell for initializing DLN2 ADC (stable-5.14.19). - mm, oom: do not trigger out_of_memory from the #PF (stable-5.14.19). - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (stable-5.14.19). - io-wq: fix queue stalling race (stable-5.14.19). - io-wq: ensure that hash wait lock is IRQ disabling (stable-5.14.19). - commit 2a16894 - erofs: fix unsafe pagevec reuse of hooked pclusters (stable-5.14.19). - f2fs: fix UAF in f2fs_available_free_memory (stable-5.14.19). - f2fs: include non-compressed blocks in compr_written_block (stable-5.14.19). - dmaengine: ti: k3-udma: Set r/tchan or rflow to NULL if request fail (stable-5.14.19). - dmaengine: ti: k3-udma: Set bchan to NULL if a channel request fail (stable-5.14.19). - 9p/net: fix missing error check in p9_check_errors (stable-5.14.19). - memcg: prohibit unconditional exceeding the limit of dying tasks (stable-5.14.19). - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE (stable-5.14.19). - bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt (stable-5.14.19). - bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode (stable-5.14.19). - commit 77ed3ef - parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page (stable-5.14.19). - parisc: Fix backtrace to always include init funtion names (stable-5.14.19). - ARM: 9156/1: drop cc-option fallbacks for architecture selection (stable-5.14.19). - posix-cpu-timers: Clear task::posix_cputimers_work in copy_process() (stable-5.14.19). - irqchip/sifive-plic: Fixup EOI failed when masked (stable-5.14.19). - x86/mce: Add errata workaround for Skylake SKX37 (stable-5.14.19). - f2fs: should use GFP_NOFS for directory inodes (stable-5.14.19). - KVM: x86: move guest_pv_has out of user_access section (stable-5.14.19). - MIPS: fix duplicated slashes for Platform file path (stable-5.14.19). - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL (stable-5.14.19). - commit 3c7edaf - ARM: 9155/1: fix early early_iounmap() (stable-5.14.19). - smb3: do not error on fsync when readonly (stable-5.14.19). - selftests/net: udpgso_bench_rx: fix port argument (stable-5.14.19). - cxgb4: fix eeprom len when diagnostics not implemented (stable-5.14.19). - net/smc: fix sk_refcnt underflow on linkdown and fallback (stable-5.14.19). - vsock: prevent unnecessary refcnt inc for nonblocking connect (stable-5.14.19). - net: marvell: mvpp2: Fix wrong SerDes reconfiguration order (stable-5.14.19). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (stable-5.14.19). - net: stmmac: allow a tc-taprio base-time of zero (stable-5.14.19). - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any (stable-5.14.19). - commit 8c81fc3 - drm/i915/fb: Fix rounding error in subsampled plane size calculation (stable-5.14.19). - net: dsa: mv88e6xxx: Don't support >1G speeds on 6191X on ports other than 10 (stable-5.14.19). - bpf, sockmap: sk_skb data_end access incorrect when src_reg = dst_reg (stable-5.14.19). - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding (stable-5.14.19). - bpf, sockmap: Fix race in ingress receive verdict with redirect to self (stable-5.14.19). - bpf, sockmap: Remove unhash handler for BPF sockmap usage (stable-5.14.19). - dmaengine: stm32-dma: fix burst in case of unaligned memory address (stable-5.14.19). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (stable-5.14.19). - arm64: arm64_ftr_reg->name may not be a human-readable string (stable-5.14.19). - seq_file: fix passing wrong private data (stable-5.14.19). - commit 32c9b55 - llc: fix out-of-bound array index in llc_sk_dev_hash() (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Limit the tests in netns (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Give tcpdump a chance to terminate cleanly (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Use arping to accurate the arp number (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Put the logs to tmp folder (stable-5.14.19). - libbpf: Fix lookup_and_delete_elem_flags error reporting (stable-5.14.19). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (stable-5.14.19). - perf bpf: Add missing free to bpf_event__print_bpf_prog_info() (stable-5.14.19). - zram: off by one in read_block_state() (stable-5.14.19). - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (stable-5.14.19). - commit f072f92 - net: phy: fix duplex out of sync problem while changing settings (stable-5.14.19). - net: dsa: felix: fix broken VLAN-tagged PTP under VLAN-aware bridge (stable-5.14.19). - net: vlan: fix a UAF in vlan_dev_real_dev() (stable-5.14.19). - cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown and offline (stable-5.14.19). - ataflop: remove ataflop_probe_lock mutex (stable-5.14.19). - nvdimm/btt: do not call del_gendisk() if not needed (stable-5.14.19). - block/ataflop: provide a helper for cleanup up an atari disk (stable-5.14.19). - block/ataflop: add registration bool before calling del_gendisk() (stable-5.14.19). - block/ataflop: use the blk_cleanup_disk() helper (stable-5.14.19). - net: dsa: tag_ocelot: break circular dependency with ocelot switch lib driver (stable-5.14.19). - commit e9a91d1 - scsi: target: core: Remove from tmr_list during LUN unlink (stable-5.14.19). - ethtool: fix ethtool msg len calculation for pause stats (stable-5.14.19). - kselftests/net: add missed icmp.sh test to Makefile (stable-5.14.19). - net: davinci_emac: Fix interrupt pacing disable (stable-5.14.19). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (stable-5.14.19). - ar7: fix kernel builds for compiler test (stable-5.14.19). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (stable-5.14.19). - nbd: fix max value for 'first_minor' (stable-5.14.19). - gpio: realtek-otto: fix GPIO line IRQ offset (stable-5.14.19). - openrisc: fix SMP tlb flush NULL pointer dereference (stable-5.14.19). - commit 26c19bd - m68k: set a default value for MEMORY_RESERVE (stable-5.14.19). - netfilter: nfnetlink_queue: fix OOB when mac header was cleared (stable-5.14.19). - Fix user namespace leak (stable-5.14.19). - NFS: Fix an Oops in pnfs_mark_request_commit() (stable-5.14.19). - NFS: Fix up commit deadlocks (stable-5.14.19). - NFS: Fix deadlocks in nfs_scan_commit_list() (stable-5.14.19). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (stable-5.14.19). - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) (stable-5.14.19). - opp: Fix return in _opp_add_static_v2() (stable-5.14.19). - fs: orangefs: fix error return code of orangefs_revalidate_lookup() (stable-5.14.19). - commit a5e9684 - nfsd: don't alloc under spinlock in rpc_parse_scope_id (stable-5.14.19). - NFS: Fix dentry verifier races (stable-5.14.19). - NFS: Ignore the directory size when marking for revalidation (stable-5.14.19). - NFS: Don't set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (stable-5.14.19). - NFS: Default change_attr_type to NFS4_CHANGE_TYPE_IS_UNDEFINED (stable-5.14.19). - powerpc: Don't provide __kernel_map_pages() without ARCH_SUPPORTS_DEBUG_PAGEALLOC (stable-5.14.19). - powerpc/xmon: fix task state output (stable-5.14.19). - powerpc/44x/fsp2: add missing of_node_put (stable-5.14.19). - powerpc/book3e: Fix set_memory_x() and set_memory_nx() (stable-5.14.19). - mips: cm: Convert to bitfield API to fix out-of-bounds access (stable-5.14.19). - commit efb3815 - powerpc/nohash: Fix __ptep_set_access_flags() and ptep_set_wrprotect() (stable-5.14.19). - powerpc/booke: Disable STRICT_KERNEL_RWX, DEBUG_PAGEALLOC and KFENCE (stable-5.14.19). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (stable-5.14.19). - arm64: dts: qcom: sdm845: Fix Qualcomm crypto engine bus clock (stable-5.14.19). - arm64: dts: qcom: pmi8994: Fix "eternal"->"external" typo in WLED node (stable-5.14.19). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (stable-5.14.19). - ARM: dts: stm32: fix SAI sub nodes register range (stable-5.14.19). - ARM: dts: stm32: fix STUSB1600 Type-C irq level on stm32mp15xx-dkx (stable-5.14.19). - ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz (stable-5.14.19). - arm64: dts: qcom: sdm845: Use RPMH_CE_CLK macro directly (stable-5.14.19). - commit 84dab26 - powerpc: fix unbalanced node refcount in check_kvm_guest() (stable-5.14.19). - powerpc/mem: Fix arch/powerpc/mm/mem.c:53:12: error: no previous prototype for 'create_section_mapping' (stable-5.14.19). - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (stable-5.14.19). - iommu/dma: Fix arch_sync_dma for map (stable-5.14.19). - iommu/mediatek: Fix out-of-range warning with clang (stable-5.14.19). - arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000 (stable-5.14.19). - arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock (stable-5.14.19). - arm: dts: omap3-gta04a4: accelerometer irq fix (stable-5.14.19). - arm64: dts: renesas: beacon: Fix Ethernet PHY mode (stable-5.14.19). - JFS: fix memleak in jfs_mount (stable-5.14.19). - commit 99b404e - arm64: dts: qcom: sc7180: Base dynamic CPU power coefficients in reality (stable-5.14.19). - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (stable-5.14.19). - arm64: dts: ti: j7200-main: Fix "bus-range" upto 256 bus number for PCIe (stable-5.14.19). - arm64: dts: ti: j7200-main: Fix "vendor-id"/"device-id" properties of pcie node (stable-5.14.19). - arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe (stable-5.14.19). - arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes (stable-5.14.19). - ARM: dts: at91: tse850: the emac<->phy interface is rmii (stable-5.14.19). - arm64: dts: meson-sm1: Fix the pwm regulator supply properties (stable-5.14.19). - arm64: dts: meson-g12b: Fix the pwm regulator supply properties (stable-5.14.19). - arm64: dts: meson-g12a: Fix the pwm regulator supply properties (stable-5.14.19). - commit b60ffc0 - arm64: dts: broadcom: bcm4908: Fix UART clock name (stable-5.14.19). - ARM: dts: BCM5301X: Fix memory nodes names (stable-5.14.19). - arm64: dts: meson: sm1: add Ethernet PHY reset line for ODROID-C4/HC4 (stable-5.14.19). - arm64: dts: rockchip: Fix GPU register width for RK3328 (stable-5.14.19). - arm64: dts: rockchip: fix rk3568 mbi-alias (stable-5.14.19). - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (stable-5.14.19). - cgroup: Fix rootcg cpu.stat guest double counting (stable-5.14.19). - bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit (stable-5.14.19). - bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off (stable-5.14.19). - skmsg: Lose offset info in sk_psock_skb_ingress (stable-5.14.19). - commit be707b7 - udp6: allow SO_MARK ctrl msg to affect routing (stable-5.14.19). - selftests: net: bridge: update IGMP/MLD membership interval value (stable-5.14.19). - net: bridge: fix uninitialized variables when BRIDGE_CFM is disabled (stable-5.14.19). - net: phylink: avoid mvneta warning when setting pause parameters (stable-5.14.19). - net: amd-xgbe: Toggle PLL settings during rate change (stable-5.14.19). - sctp: return true only for pathmtu update in sctp_transport_pl_toobig (stable-5.14.19). - sctp: subtract sctphdr len in sctp_transport_pl_hlen (stable-5.14.19). - sctp: reset probe_timer in sctp_transport_pl_update (stable-5.14.19). - sctp: allow IP fragmentation when PLPMTUD enters Error state (stable-5.14.19). - selftests/bpf: Fix fclose/pclose mismatch in test_progs (stable-5.14.19). - commit 97ce5c0 - cpufreq: intel_pstate: Fix cpu->pstate.turbo_freq initialization (stable-5.14.19). - KVM: s390: Fix handle_sske page fault handling (stable-5.14.19). - selftests/bpf: Fix memory leak in test_ima (stable-5.14.19). - selftests/bpf: Fix fd cleanup in sk_lookup test (stable-5.14.19). - bpf: Fixes possible race in update_prog_stats() for 32bit arches (stable-5.14.19). - libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED() (stable-5.14.19). - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() (stable-5.14.19). - samples/kretprobes: Fix return value if register_kretprobe() failed (stable-5.14.19). - x86: Fix __get_wchan() for !STACKTRACE (stable-5.14.19). - blk-cgroup: synchronize blkg creation against policy deactivation (stable-5.14.19). - commit dd773f7 - blacklist.conf: remove 32bit bpf fix to be backported via stable-5.14.x - commit 94a93eb - ARM: 9142/1: kasan: work around LPAE build warning (stable-5.14.19). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (stable-5.14.19). - KVM: s390: pv: avoid double free of sida page (stable-5.14.19). - s390/uv: fully validate the VMA before calling follow_page() (stable-5.14.19). - s390/mm: fix VMA and page table handling code in storage key handling functions (stable-5.14.19). - s390/mm: validate VMA in PGSTE manipulation functions (stable-5.14.19). - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() (stable-5.14.19). - net: dsa: avoid refcount warnings when ->port_{fdb,mdb}_del returns error (stable-5.14.19). - irq: mips: avoid nested irq_enter() (stable-5.14.19). - block: ataflop: more blk-mq refactoring fixes (stable-5.14.19). - commit eea1624 - s390/gmap: validate VMA in __gmap_zap() (stable-5.14.19). - KVM: selftests: Fix nested SVM tests when built with clang (stable-5.14.19). - libbpf: Fix BTF header parsing checks (stable-5.14.19). - libbpf: Fix overflow in BTF sanity checks (stable-5.14.19). - bpftool: Avoid leaking the JSON writer prepared for program metadata (stable-5.14.19). - libbpf: Fix memory leak in btf__dedup() (stable-5.14.19). - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (stable-5.14.19). - x86/sev: Fix stack type check in vc_switch_off_ist() (stable-5.14.19). - clocksource/drivers/timer-ti-dm: Select TIMER_OF (stable-5.14.19). - nvme-rdma: fix error code in nvme_rdma_setup_ctrl (stable-5.14.19). - commit 69474bd - drm/msm: fix potential NULL dereference in cleanup (stable-5.14.19). - mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2 (stable-5.14.19). - iwlwifi: pnvm: read EFI data only if long enough (stable-5.14.19). - iwlwifi: pnvm: don't kmemdup() more than we have (stable-5.14.19). - net: enetc: unmap DMA in enetc_send_cmd() (stable-5.14.19). - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() (stable-5.14.19). - tcp: switch orphan_count to bare per-cpu counters (stable-5.14.19). - net: tulip: winbond-840: fix build for UML (stable-5.14.19). - nbd: Fix use-after-free in pid_show (stable-5.14.19). - block: ataflop: fix breakage introduced at blk-mq refactoring (stable-5.14.19). - commit 1dcb6ba - cpuidle: Fix kobject memory leaks in error paths (stable-5.14.19). - netfilter: nft_dynset: relax superfluous check on set updates (stable-5.14.19). - net: fealnx: fix build for UML (stable-5.14.19). - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE (stable-5.14.19). - libbpf: Fix skel_internal.h to set errno on loader retval < 0 (stable-5.14.19). - rcu: Always inline rcu_dynticks_task*_{enter,exit}() (stable-5.14.19). - scs: Release kasan vmalloc poison in scs_free process (stable-5.14.19). - x86/insn: Use get_unaligned() instead of memcpy() (stable-5.14.19). - EDAC/amd64: Handle three rank interleaving mode (stable-5.14.19). - IMA: block writes of the security.ima xattr with unsupported algorithms (stable-5.14.19). - commit 9a66afb - cgroup: Make rebind_subsystems() disable v2 controllers all at once (stable-5.14.19). - net: dsa: rtl8366: Fix a bug in deleting VLANs (stable-5.14.19). - net: dsa: rtl8366rb: Fix off-by-one bug (stable-5.14.19). - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() (stable-5.14.19). - net: phylink: don't call netif_carrier_off() with NULL netdev (stable-5.14.19). - net: net_namespace: Fix undefined member in key_remove_domain() (stable-5.14.19). - MIPS: lantiq: dma: fix burst length for DEU (stable-5.14.19). - arm64: mm: update max_pfn after memory hotplug (stable-5.14.19). - objtool: Handle __sanitize_cov*() tail calls (stable-5.14.19). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (stable-5.14.19). - commit cd1e662 - selftests/bpf: Fix strobemeta selftest regression (stable-5.14.19). - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state (stable-5.14.19). - libbpf: Don't crash on object files with no symbol tables (stable-5.14.19). - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (stable-5.14.19). - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (stable-5.14.19). - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled (stable-5.14.19). - task_stack: Fix end_of_stack() for architectures with upwards-growing stack (stable-5.14.19). - parisc: fix warning in flush_tlb_all (stable-5.14.19). - perf/x86/intel: Fix ICL/SPR INST_RETIRED.PREC_DIST encodings (stable-5.14.19). - erofs: don't trigger WARN() when decompression fails (stable-5.14.19). - commit 4c6d157 - selftests/core: fix conflicting types compile error for close_range() (stable-5.14.19). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (stable-5.14.19). - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted (stable-5.14.19). - Revert "wcn36xx: Enable firmware link monitoring" (stable-5.14.19). - wcn36xx: Fix packet drop on resume (stable-5.14.19). - wcn36xx: Correct band/freq reporting on RX (stable-5.14.19). - ftrace: do CPU checking after preemption disabled (stable-5.14.19). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (stable-5.14.19). - btrfs: do not take the uuid_mutex in btrfs_rm_device (stable-5.14.19). - btrfs: reflink: initialize return value to 0 in btrfs_extent_same() (stable-5.14.19). - commit 2eabf0b - ACPI: AC: Quirk GK45 to skip reading _PSR (stable-5.14.19). - ACPI: resources: Add one more Medion model in IRQ override quirk (stable-5.14.19). - gfs2: Fix glock_hash_walk bugs (stable-5.14.19). - gfs2: Cancel remote delete work asynchronously (stable-5.14.19). - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (stable-5.14.19). - net: annotate data-race in neigh_output() (stable-5.14.19). - vrf: run conntrack only in context of lower/physdev for locally generated packets (stable-5.14.19). - can: bittiming: can_fixup_bittiming(): change type of tseg1 and alltseg to unsigned int (stable-5.14.19). - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (stable-5.14.19). - tools/latency-collector: Use correct size when writing queue_full_warning (stable-5.14.19). - commit fa88a36 - selftests: kvm: fix mismatched fclose() after popen() (stable-5.14.19). - selftests/bpf: Fix perf_buffer test on system with offline cpus (stable-5.14.19). - iwlwifi: mvm: disable RX-diversity in powersave (stable-5.14.19). - ARM: clang: Do not rely on lr register for stacktrace (stable-5.14.19). - smackfs: use __GFP_NOFAIL for smk_cipso_doi() (stable-5.14.19). - arm64: vdso32: suppress error message for 'make mrproper' (stable-5.14.19). - nvme: drop scan_lock and always kick requeue list when removing namespaces (stable-5.14.19). - nvmet-tcp: fix use-after-free when a port is removed (stable-5.14.19). - nvmet-rdma: fix use-after-free when a port is removed (stable-5.14.19). - nvmet: fix use-after-free when a port is removed (stable-5.14.19). - commit 67aba3b - drm/amdgpu/pm: properly handle sclk for profiling modes on vangogh (stable-5.14.19). - workqueue: make sysfs of unbound kworker cpumask more clever (stable-5.14.19). - mt76: mt7915: fix an off-by-one bound check (stable-5.14.19). - iwlwifi: change all JnP to NO-160 configuration (stable-5.14.19). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (stable-5.14.19). - tracing/cfi: Fix cmp_entries_* functions signature mismatch (stable-5.14.19). - media: allegro: ignore interrupt if mailbox is not initialized (stable-5.14.19). - lib/xz: Validate the value before assigning it to an enum variable (stable-5.14.19). - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (stable-5.14.19). - block: remove inaccurate requeue check (stable-5.14.19). - commit c9c6f49 - thermal/core: Fix null pointer dereference in thermal_release() (stable-5.14.19). - Refresh patches.suse/thermal-core-fix-a-UAF-bug-in-__thermal_cooling_devi.patch. - commit 0f45953 - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (stable-5.14.19). - drm/amdkfd: fix resume error when iommu disabled in Picasso (stable-5.14.19). - drm/amd/display: fix null pointer deref when plugging in display (stable-5.14.19). - thermal/drivers/tsens: Add timeout to get_temp_tsens_valid (stable-5.14.19). - net: phy: micrel: make *-skew-ps check more lenient (stable-5.14.19). - memstick: r592: Fix a UAF bug when removing the driver (stable-5.14.19). - md: update superblock after changing rdev flags in state_store (stable-5.14.19). - floppy: fix calling platform_device_unregister() on invalid drives (stable-5.14.19). - block: bump max plugged deferred size from 16 to 32 (stable-5.14.19). - commit b6ec3a2 - drm/amdkfd: rm BO resv on validation to avoid deadlock (stable-5.14.19). - ACPI: battery: Accept charges over the design capacity as full (stable-5.14.19). - ACPI: scan: Release PM resources blocked by unused objects (stable-5.14.19). - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (stable-5.14.19). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (stable-5.14.19). - net-sysfs: try not to restart the syscall if it will fail eventually (stable-5.14.19). - tracing: Disable "other" permission bits in the tracefs files (stable-5.14.19). - tracefs: Have tracefs directories not set OTH permission bits by default (stable-5.14.19). - mmc: moxart: Fix reference count leaks in moxart_probe (stable-5.14.19). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (stable-5.14.19). - commit c6cab2b - cpufreq: Make policy min/max hard requirements (stable-5.14.19). - ACPICA: Avoid evaluating methods too early during system resume (stable-5.14.19). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (stable-5.14.19). - rtw88: fix RX clock gate setting while fifo dump (stable-5.14.19). - ipmi: Disable some operations during a panic (stable-5.14.19). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (stable-5.14.19). - media: ipu3-imgu: imgu_fmt: Handle properly try (stable-5.14.19). - media: imx-jpeg: Fix possible null pointer dereference (stable-5.14.19). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (stable-5.14.19). - kselftests/sched: cleanup the child processes (stable-5.14.19). - commit 2879ff0 - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (stable-5.14.19). - media: mceusb: return without resubmitting URB in case of - EPROTO error (stable-5.14.19). - media: rcar-vin: Use user provided buffers when starting (stable-5.14.19). - media: imx: set a media_device bus_info string (stable-5.14.19). - media: videobuf2: rework vb2_mem_ops API (stable-5.14.19). - media: s5p-mfc: Add checking to s5p_mfc_probe() (stable-5.14.19). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (stable-5.14.19). - media: vidtv: Fix memory leak in remove (stable-5.14.19). - media: uvcvideo: Set unique vdev name based in type (stable-5.14.19). - media: uvcvideo: Return -EIO for control errors (stable-5.14.19). - commit 36aa6fb - ath10k: high latency fixes for beacon buffer (stable-5.14.19). - ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets (stable-5.14.19). - ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (stable-5.14.19). - ath11k: Avoid reg rules update during firmware recovery (stable-5.14.19). - octeontx2-pf: Enable promisc/allmulti match MCAM entries (stable-5.14.19). - media: uvcvideo: Set capability in s_param (stable-5.14.19). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (stable-5.14.19). - media: atomisp: Fix error handling in probe (stable-5.14.19). - media: netup_unidvb: handle interrupt properly according to the firmware (stable-5.14.19). - media: mt9p031: Fix corrupted frame after restarting stream (stable-5.14.19). - commit 23c0bf6 - drm/amd/display: Fix null pointer dereference for encoders (stable-5.14.19). - drm/amdgpu: Fix MMIO access page fault (stable-5.14.19). - x86: Increase exception stack sizes (stable-5.14.19). - mwifiex: Properly initialize private structure on interface type changes (stable-5.14.19). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (stable-5.14.19). - selftests: net: fib_nexthops: Wait before checking reported idle time (stable-5.14.19). - crypto: aesni - check walk.nbytes instead of err (stable-5.14.19). - spi: Check we have a spi_device_id for each DT compatible (stable-5.14.19). - fscrypt: allow 256-bit master keys with AES-256-XTS (stable-5.14.19). - commit da16a21 - platform/x86: wmi: do not fail if disabling fails (stable-5.14.19). - ACPI: resources: Add DMI-based legacy IRQ override quirk (stable-5.14.19). - ath11k: Align bss_chan_info structure with firmware (stable-5.14.19). - net: sched: update default qdisc visibility after Tx queue cnt changes (stable-5.14.19). - MIPS: lantiq: dma: reset correct number of channel (stable-5.14.19). - MIPS: lantiq: dma: add small delay after reset (stable-5.14.19). - rcutorture: Avoid problematic critical section nesting on PREEMPT_RT (stable-5.14.19). - rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop (stable-5.14.19). - smackfs: Fix use-after-free in netlbl_catmap_walk() (stable-5.14.19). - locking/lockdep: Avoid RCU-induced noinstr fail (stable-5.14.19). - commit 2c9b87d - cifs: set a minimum of 120s for next dns resolution (stable-5.14.19). - coresight: trbe: Defer the probe on offline CPUs (stable-5.14.19). - coresight: trbe: Fix incorrect access of the sink specific data (stable-5.14.19). - coresight: cti: Correct the parameter for pm_runtime_put (stable-5.14.19). - drm/panel-orientation-quirks: add Valve Steam Deck (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (stable-5.14.19). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (stable-5.14.19). - dma-buf: WARN on dmabuf release with pending attachments (stable-5.14.19). - Bluetooth: fix use-after-free error in lock_sock_nested() (stable-5.14.19). - commit bd4d6ec - KVM: nVMX: Handle dynamic MSR intercept toggling (stable-5.14.19). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (stable-5.14.19). - ring-buffer: Protect ring_buffer_reset() from reentrancy (stable-5.14.19). - xen/balloon: add late_initcall_sync() for initial ballooning done (stable-5.14.19). - ovl: fix use after free in struct ovl_aio_req (stable-5.14.19). - cifs: To match file servers, make sure the server hostname matches (stable-5.14.19). - quota: correct error number in free_dqentry() (stable-5.14.19). - quota: check block number when reading the block in quota file (stable-5.14.19). - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (stable-5.14.19). - ifb: fix building without CONFIG_NET_CLS_ACT (stable-5.14.19). - commit f46c787 - KVM: arm64: Extract ESR_ELx.EC only (stable-5.14.19). - KVM: x86: Add helper to consolidate core logic of SET_CPUID{2} flows (stable-5.14.19). - KVM: x86: Fix recording of guest steal time / preempted status (stable-5.14.19). - signal/mips: Update (_save|_restore)_fp_context to fail with - EFAULT (stable-5.14.19). - signal: Remove the bogus sigkill_pending in ptrace_stop (stable-5.14.19). - libata: fix checking of DMA state (stable-5.14.19). - wcn36xx: handle connection loss indication (stable-5.14.19). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (stable-5.14.19). - perf/x86/intel/uncore: Fix invalid unit check (stable-5.14.19). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (stable-5.14.19). - commit 3bc363d - HID: surface-hid: Allow driver matching for target ID 1 devices (stable-5.14.19). - HID: surface-hid: Use correct event registry for managing HID events (stable-5.14.19). - platform/surface: aggregator_registry: Add support for Surface Laptop Studio (stable-5.14.19). - evm: mark evm_fixmode as __ro_after_init (stable-5.14.19). - ifb: Depend on netfilter alternatively to tc (stable-5.14.19). - mt76: mt7615: fix skb use-after-free on mac reset (stable-5.14.19). - mwifiex: Try waking the firmware until we get an interrupt (stable-5.14.19). - mwifiex: Read a PCI register after writing the TX ring write pointer (stable-5.14.19). - selinux: fix race condition when computing ocontext SIDs (stable-5.14.19). - md/raid1: only allocate write behind bio for WriteMostly device (stable-5.14.19). - commit f47bd03 - KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling (stable-5.14.19). - KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup (stable-5.14.19). - ia64: kprobes: Fix to pass correct trampoline address to the handler (stable-5.14.19). - btrfs: clear MISSING device status bit in btrfs_close_one_device (stable-5.14.19). - btrfs: call btrfs_check_rw_degradable only if there is a missing device (stable-5.14.19). - btrfs: fix lost error handling when replaying directory deletes (stable-5.14.19). - tools/testing/selftests/vm/split_huge_page_test.c: fix application of sizeof to pointer (stable-5.14.19). - net/smc: Correct spelling mistake to TCPF_SYN_RECV (stable-5.14.19). - net/smc: Fix smc_link->llc_testlink_time overflow (stable-5.14.19). - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset (stable-5.14.19). - commit 602c6fc - nvmet-tcp: fix header digest verification (stable-5.14.19). - nvmet-tcp: fix a memory leak when releasing a queue (stable-5.14.19). - block: schedule queue restart after BLK_STS_ZONE_RESOURCE (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (stable-5.14.19). - vmxnet3: do not stop tx queues after netif_device_detach() (stable-5.14.19). - r8169: Add device 10ec:8162 to driver r8169 (stable-5.14.19). - net: multicast: calculate csum of looped-back and forwarded packets (stable-5.14.19). - xen/netfront: stop tx queues during live migration (stable-5.14.19). - spi: spl022: fix Microwire full duplex mode (stable-5.14.19). - watchdog: Fix OMAP watchdog early handling (stable-5.14.19). - commit 5cebf2b - mmc: winbond: don't build on M68K (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (stable-5.14.19). - bpf: Prevent increasing bpf_jit_limit above max (stable-5.14.19). - bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT (stable-5.14.19). - bpf: Define bpf_jit_alloc_exec_limit for riscv JIT (stable-5.14.19). - fcnal-test: kill hanging ping/nettest binaries on cleanup (stable-5.14.19). - spi: altera: Change to dynamic allocation of spi id (stable-5.14.19). - reset: socfpga: add empty driver allowing consumers to probe (stable-5.14.19). - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode (stable-5.14.19). - sfc: Don't use netif_info before net_device setup (stable-5.14.19). - commit 1834fb0 - scsi: qla2xxx: Fix unmap of already freed sgl (stable-5.14.19). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (stable-5.14.19). - sfc: Export fibre-specific supported link modes (stable-5.14.19). - cavium: Fix return values of the probe function (stable-5.14.19). - mISDN: Fix return values of the probe function (stable-5.14.19). - cavium: Return negative value when pci_alloc_irq_vectors() fails (stable-5.14.19). - net: mscc: ocelot: Add of_node_put() before goto (stable-5.14.19). - net: sparx5: Add of_node_put() before goto (stable-5.14.19). - ptp: fix error print of ptp_kvm on X86_64 platform (stable-5.14.19). - ASoC: cs42l42: Ensure 0dB full scale volume is used for headsets (stable-5.14.19). - commit b649fea - ext4: refresh the ext4_ext_path struct after dropping i_data_sem (stable-5.14.19). - ext4: ensure enough credits in ext4_ext_shift_path_extents (stable-5.14.19). - ext4: fix lazy initialization next schedule time computation in more granular unit (stable-5.14.19). - x86/irq: Ensure PI wakeup handler is unregistered before module unload (stable-5.14.19). - x86/iopl: Fake iopl(3) CLI/STI usage (stable-5.14.19). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (stable-5.14.19). - parisc: Fix ptrace check on syscall return (stable-5.14.19). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (stable-5.14.19). - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (stable-5.14.19). - KVM: arm64: Report corrupted refcount at EL2 (stable-5.14.19). - commit e87c1d0 - ce/gf100: fix incorrect CE0 address calculation on some GPUs (stable-5.14.19). - Input: elantench - fix misreporting trackpoint coordinates (stable-5.14.19). - libata: fix read log timeout value (stable-5.14.19). - ocfs2: fix data corruption on truncate (stable-5.14.19). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (stable-5.14.19). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (stable-5.14.19). - mmc: mtk-sd: Add wait dma stop done flow (stable-5.14.19). - parisc: Fix set_fixmap() on PA1.x CPUs (stable-5.14.19). - exfat: fix incorrect loading of i_blocks for large files (stable-5.14.19). - commit d3aead9 - Update patch references for stable-5.14.19 - commit 0013369 - bpf: Disallow unprivileged bpf by default (jsc#SLE-22575). - commit 1dfa117 - Move upstreamed input patch into sorted section - commit 6ef8342 - Input: i8042 - Add deferred probe support (bsc#1190256). - commit 0a16328 - iscsi_ibft: Fix isa_bus_to_virt not working under ARM (bsc#1191540). - iscsi_ibft: fix crash due to KASLR physical memory remapping (bsc#1191540). - commit 64cab0a ++++ util-linux: - Update to version 2.37.2: * No longer uses Groff to maintain man-pages. * New implementation of hardlink. * lscpu reimplemented. * uclampset: new util to manipulate the utilization clamping attributes of the system or a process. * hexdump automatically uses -C when called as "hd". * dmesg supports new command-line options --since and --until. * findmnt supports new command-line options --shadowed to print only filesystems over-mounted by another filesystem. * mount supports --read-only command-line option for non-root users too. * umount(8) can umount also all over-mounted filesystems (more filesystems on the the same mount point) when executed with - -recursive. * libfdisk (and fdisk, sfdisk, cfdisk) supports partition type names on input, ignoring the case of the characters and all non-alphanumeric and non-digit characters in the name (e.g. type="Linux /usr x86" is the same as type="linux usr-x86" for sfdisk). * libmount no longer contains a workaround to detect inconsistent /proc/self/mountinfo reads. * libblkid supports "probing hints" now. The hints are the optional way how to force probing functions to check for example another location -- for example specific session on multi-session UDF. The command blkid(8) supports this functionality with a new --hint option. The library has been also extended to support others ISO9660 and UDF identifiers. * blkzone provides a new "capacity" command. * cfdisk is possible to start in read-only mode by a new command-line option --read-only * lsblk provides new columns FSROOTS, and MOUNTPOINTS. The column MOUNTPOINTS is used in the default output now and this new column prints all mount points where the device is used (btrfs subvolumes, bind mounts, etc). * losetup uses LOOP_CONFIG ioctl now. * column supports a new command-line option --table-columns-limit to specify a maximal number of the input columns. The last column will contain all remaining line data if the limit is smaller than the number of the columns in the input data. * Obsoletes util-linux-ipcs-shmall-overflow-1.patch, util-linux-ipcs-shmall-overflow-2.patch, util-linux-ipcs-shmall-overflow-ts.patch, util-linux-ipcutils-overflow-CVE-2021-37600.patch. * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.1-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ReleaseNotes - Update util-linux-login_defs-check.sh and login_defs-support-for-util-linux to version 2.37 (new variable LOGIN_KEEP_USERNAME). - INCOMPATIBLE CHANGE: Remove the raw utility altogether, as it is not even built any more with the latest kernel. ++++ libglvnd: - Disable asm on aarch64 Tumbleweed due to issue with BTI - boo#1188928 ++++ systemd: - Enable systemd-experimental sub-package again, rpmlint should have been updated. ++++ libvirt: - spec: Weaken apparmor-abstractions dependency to Recommends bsc#1192119 ++++ shadow: - shadow-util-linux.patch: * Add support for LOGIN_KEEP_USERNAME from util-linux >= 2.37. - Refresh shadow-login_defs-suse.patch. ++++ supportutils: - Merged Include udev rules in /lib/udev/rules.d/ #113 - Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87 ++++ systemd-rpm-macros: - Bump version to 9 - Introduce %_systemd_util_dir It's a backport of upstream commit 3bc66bfa0136e370a8f7b06c3b69a52f5636ef82. ++++ timezone: - timezone update 2021e (bsc#1177460): * Palestine will fall back 10-29 (not 10-30) at 01:00 - timezone update 2021d: * Fiji suspends DST for the 2021/2022 season * 'zic -r' marks unspecified timestamps with "-00" - timezone update 2021c: * Revert almost all of 2021b's changes to the 'backward' file * Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - timezone update 2021b: * Jordan now starts DST on February's last Thursday. * Samoa no longer observes DST. * Move some backward-compatibility links to 'backward'. * Rename Pacific/Enderbury to Pacific/Kanton. * Correct many pre-1993 transitions in Malawi, Portugal, etc. * zic now creates each output file or link atomically. * zic -L no longer omits the POSIX TZ string in its output. * zic fixes for truncation and leap second table expiration. * zic now follows POSIX for TZ strings using all-year DST. * Fix some localtime crashes and bugs in obscure cases. * zdump -v now outputs more-useful boundary cases. * tzfile.5 better matches a draft successor to RFC 8536. - Refresh tzdata-china.patch ++++ util-linux-systemd: - Update to version 2.37.2: * No longer uses Groff to maintain man-pages. * New implementation of hardlink. * lscpu reimplemented. * uclampset: new util to manipulate the utilization clamping attributes of the system or a process. * hexdump automatically uses -C when called as "hd". * dmesg supports new command-line options --since and --until. * findmnt supports new command-line options --shadowed to print only filesystems over-mounted by another filesystem. * mount supports --read-only command-line option for non-root users too. * umount(8) can umount also all over-mounted filesystems (more filesystems on the the same mount point) when executed with - -recursive. * libfdisk (and fdisk, sfdisk, cfdisk) supports partition type names on input, ignoring the case of the characters and all non-alphanumeric and non-digit characters in the name (e.g. type="Linux /usr x86" is the same as type="linux usr-x86" for sfdisk). * libmount no longer contains a workaround to detect inconsistent /proc/self/mountinfo reads. * libblkid supports "probing hints" now. The hints are the optional way how to force probing functions to check for example another location -- for example specific session on multi-session UDF. The command blkid(8) supports this functionality with a new --hint option. The library has been also extended to support others ISO9660 and UDF identifiers. * blkzone provides a new "capacity" command. * cfdisk is possible to start in read-only mode by a new command-line option --read-only * lsblk provides new columns FSROOTS, and MOUNTPOINTS. The column MOUNTPOINTS is used in the default output now and this new column prints all mount points where the device is used (btrfs subvolumes, bind mounts, etc). * losetup uses LOOP_CONFIG ioctl now. * column supports a new command-line option --table-columns-limit to specify a maximal number of the input columns. The last column will contain all remaining line data if the limit is smaller than the number of the columns in the input data. * Obsoletes util-linux-ipcs-shmall-overflow-1.patch, util-linux-ipcs-shmall-overflow-2.patch, util-linux-ipcs-shmall-overflow-ts.patch, util-linux-ipcutils-overflow-CVE-2021-37600.patch. * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.1-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ReleaseNotes - Update util-linux-login_defs-check.sh and login_defs-support-for-util-linux to version 2.37 (new variable LOGIN_KEEP_USERNAME). - INCOMPATIBLE CHANGE: Remove the raw utility altogether, as it is not even built any more with the latest kernel. ------------------------------------------------------------------ ------------------ 2021-11-16 - Nov 16 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - No reason to exclude armv7, since it builds properly ++++ kernel-default: - Updated git-fix to remove uncalled function, fixing merge. This fixes: > Changed build warnings: > ***** 1 warnings ***** > * unused-function (ufshcd_send_request_sense) in ../drivers/scsi/ufs/ufshcd.c > ../drivers/scsi/ufs/ufshcd.c:8449:1: warning: 'ufshcd_send_request_sense' defined but not used [-Wunused-function] - commit 7e447e5 - powerps/pseries/dma: Add support for 2M IOMMU page size (jsc#SLE-19556). - commit 23aad36 - net: ethernet: ti: Move devlink registration to be last devlink command (jsc#SLE-19253). - commit 2ddcb3f - workqueue: fix state-dump console deadlock (bsc#1192750). - commit 25dc8d6 - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - commit 778cf29 - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - commit d0015c2 - PCI: Coalesce host bridge contiguous apertures (jsc#SLE-19359). - commit ef3ff2c - PCI/sysfs: Return -EINVAL consistently from "store" functions (git-fixes). - commit e4fd4ba - PCI/sysfs: Check CAP_SYS_ADMIN before parsing user input (git-fixes). - commit 0da7e42 - PCI: ACPI: Drop acpi_pci_bus (git-fixes). - commit 2ffd6b1 - PCI: Rename pcibios_add_device() to pcibios_device_add() (git-fixes). - commit 8247513 - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - commit 23e2a05 - PCI/P2PDMA: Apply bus offset correctly in DMA address calculation (git-fixes). - commit fb136b8 - ice: support basic E-Switch mode control (jsc#SLE-18375). - Update config files. - commit d25f447 - devlink: Set device as early as possible (jsc#SLE-19253). - Refresh patches.suse/net-hns3-remove-always-exist-devlink-pointer-check.patch. - commit 332e4ab - net/mlx5: Lag, fix a potential Oops with mlx5_lag_create_definer() (jsc#SLE-19253). - net: hns3: allow configure ETS bandwidth of all TCs (bsc#1190336). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1190336). - net: hns3: fix some mac statistics is always 0 in device version V2 (bsc#1190336). - net: hns3: fix kernel crash when unload VF while it is being reset (bsc#1190336). - net: hns3: sync rx ring head in echo common pull (bsc#1190336). - net: hns3: fix pfc packet number incorrect after querying pfc parameters (bsc#1190336). - net: hns3: fix ROCE base interrupt vector initialization bug (bsc#1190336). - net: hns3: fix failed to add reuse multicast mac addr to hardware when mc mac table is full (bsc#1190336). - net: hisilicon: fix hsn3_ethtool kernel-doc warnings (bsc#1190336). - ice: Fix race conditions between virtchnl handling and VF ndo ops (jsc#SLE-18375). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-18375). - ice: Fix replacing VF hardware MAC to existing MAC filter (jsc#SLE-18375). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-18375). - ice: Fix VF true promiscuous mode (jsc#SLE-18375). - bnxt_en: avoid newline at end of message in NL_SET_ERR_MSG_MOD (jsc#SLE-18978). - net: hns3: use dev_driver_string() instead of pci_dev->driver->name (bsc#1190336). - RDMA/core: Require the driver to set the IOVA correctly during rereg_mr (jsc#SLE-19249). - RDMA/bnxt_re: Remove unsupported bnxt_re_modify_ah callback (jsc#SLE-18977). - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (jsc#SLE-18998). - RDMA/hns: Modify the value of MAX_LP_MSG_LEN to meet hardware compatibility (bsc#1190336). - RDMA/hns: Fix initial arm_st of CQ (bsc#1190336). - RDMA/irdma: optimize rx path by removing unnecessary copy (jsc#SLE-18383). - RDMA/hns: Use the core code to manage the fixed mmap entries (bsc#1190336). - IB/opa_vnic: Rebranding of OPA VNIC driver to Cornelis Networks (jsc#SLE-19242). - IB/qib: Rebranding of qib driver to Cornelis Networks (jsc#SLE-19242). - IB/hfi1: Rebranding of hfi1 driver to Cornelis Networks (jsc#SLE-19242). - RDMA/bnxt_re: Use helper function to set GUIDs (jsc#SLE-18977). - RDMA/bnxt_re: Fix kernel panic when trying to access bnxt_re_stat_descs (jsc#SLE-18977). - RDMA/rxe: Make rxe_type_info static const (jsc#SLE-19249). - RDMA/rxe: Use 'bitmap_zalloc()' when applicable (jsc#SLE-19249). - RDMA/rxe: Save a few bytes from struct rxe_pool (jsc#SLE-19249). - RDMA/irdma: Remove the unused variable local_qp (jsc#SLE-18383). - RDMA/core: Fix missed initialization of rdma_hw_stats::lock (jsc#SLE-19249). - RDMA/efa: Add support for dmabuf memory regions (jsc#SLE-19249). - RDMA/umem: Allow pinned dmabuf umem usage (jsc#SLE-19249). - RDMA/qedr: Remove unsupported qedr_resize_cq callback (jsc#SLE-18998). - RDMA/irdma: Remove the unused spin lock in struct irdma_qp_uk (jsc#SLE-18383). - RDMA/mlx5: Use dev_addr_mod() (jsc#SLE-19250). - RDMA/ipoib: Use dev_addr_mod() (jsc#SLE-19249). - RDMA/mlx5: fix build error with INFINIBAND_USER_ACCESS=n (jsc#SLE-19249). - RDMA/core: Use kvzalloc when allocating the struct ib_port (jsc#SLE-19249). - RDMA/irdma: Make irdma_uk_cq_init() return a void (jsc#SLE-18383). - RDMA/rxe: Convert kernel UD post send to use ah_num (jsc#SLE-19249). - RDMA/rxe: Lookup kernel AH from ah index in UD WQEs (jsc#SLE-19249). - RDMA/rxe: Replace ah->pd by ah->ibah.pd (jsc#SLE-19249). - RDMA/rxe: Create AH index and return to user space (jsc#SLE-19249). - RDMA/rxe: Change AH objects to indexed (jsc#SLE-19249). - RDMA/rxe: Move AV from rxe_send_wqe to rxe_send_wr (jsc#SLE-19249). - RDMA/mlx4: Return missed an error if device doesn't support steering (jsc#SLE-19249). - RDMA/irdma: Remove irdma_cqp_up_map_cmd() (jsc#SLE-18383). - RDMA/irdma: Remove irdma_get_hw_addr() (jsc#SLE-18383). - RDMA/irdma: Remove irdma_sc_send_lsmm_nostag() (jsc#SLE-18383). - RDMA/irdma: Remove irdma_uk_mw_bind() (jsc#SLE-18383). - RDMA: Remove redundant 'flush_workqueue()' calls (jsc#SLE-19249). - RDMA/iwpm: Remove redundant initialization of pointer err_str (jsc#SLE-19249). - RDMA/hns: Use dma_alloc_coherent() instead of kmalloc/dma_map_single() (bsc#1190336). - RDMA/mlx5: Add optional counter support in get_hw_stats callback (jsc#SLE-19249). - RDMA/mlx5: Add modify_op_stat() support (jsc#SLE-19249). - RDMA/mlx5: Add steering support in optional flow counters (jsc#SLE-19249). - RDMA/mlx5: Support optional counters in hw_stats initialization (jsc#SLE-19249). - RDMA/nldev: Allow optional-counter status configuration through RDMA netlink (jsc#SLE-19249). - RDMA/nldev: Split nldev_stat_set_mode_doit out of nldev_stat_set_doit (jsc#SLE-19249). - RDMA/nldev: Add support to get status of all counters (jsc#SLE-19249). - RDMA/counter: Add optional counter support (jsc#SLE-19249). - RDMA/counter: Add an is_disabled field in struct rdma_hw_stats (jsc#SLE-19249). - RDMA/core: Add a helper API rdma_free_hw_stats_struct (jsc#SLE-19249). - RDMA/counter: Add a descriptor in struct rdma_hw_stats (jsc#SLE-19249). - RDMA/efa: CQ notifications (jsc#SLE-19249). - RDMA/rxe: Remove duplicate settings (jsc#SLE-19249). - RDMA/rxe: Set partial attributes when completion status != IBV_WC_SUCCESS (jsc#SLE-19249). - RDMA/rxe: Change the is_user member of struct rxe_cq to bool (jsc#SLE-19249). - RDMA/rxe: Remove the is_user members of struct rxe_sq/rxe_rq/rxe_srq (jsc#SLE-19249). - RDMA/irdma: Delete unused struct irdma_bth (jsc#SLE-18383). - IB/hf1: Use string_upper() instead of an open coded variant (jsc#SLE-19242). - RDMA/rw: switch to dma_map_sgtable() (jsc#SLE-19249). - RDMA/mlx5: Avoid taking MRs from larger MR cache pools when a pool is empty (jsc#SLE-19250). - RDMA/rtrs-clt: Follow "one entry one value" rule for IO migration stats (jsc#SLE-19249). - RDMA/rtrs: Do not allow sessname to contain special symbols / and (jsc#SLE-19249). - RDMA/rtrs: Introduce destroy_cq helper (jsc#SLE-19249). - RDMA/rtrs: Replace duplicate check with is_pollqueue helper (jsc#SLE-19249). - RDMA/rtrs: Fix warning when use poll mode on client side (jsc#SLE-19249). - RDMA/rtrs: Remove len parameter from helper print functions of sysfs (jsc#SLE-19249). - RDMA/rtrs: Use sysfs_emit instead of s*printf function for sysfs show (jsc#SLE-19249). - RDMA/cma: Split apart the multiple uses of the same list heads (jsc#SLE-19249). - RDMA/rxe: Bump up default maximum values used via uverbs (jsc#SLE-19249). - IB/mlx5: Flow through a more detailed return code from get_prefetchable_mr() (jsc#SLE-19250). - RDMA/rxe: Remove unused WR_READ_WRITE_OR_SEND_MASK (jsc#SLE-19249). - RDMA/rxe: Add MASK suffix for RXE_READ_OR_ATOMIC and RXE_WRITE_OR_SEND (jsc#SLE-19249). - RDMA/rxe: Add new RXE_READ_OR_WRITE_MASK (jsc#SLE-19249). - RDMA/hfi1: Use struct_size() and flex_array_size() helpers (jsc#SLE-19242). - IB/hfi1: Add ring consumer and producers traces (jsc#SLE-19242). - IB/hfi1: Remove atomic completion count (jsc#SLE-19242). - IB/hfi1: Tune netdev xmit cachelines (jsc#SLE-19242). - IB/hfi1: Get rid of tx priv backpointer (jsc#SLE-19242). - IB/hfi1: Get rid of hot path divide (jsc#SLE-19242). - IB/hfi1: Remove cache and embed txreq in ring (jsc#SLE-19242). - RDMA/rxe: Only allow invalidate for appropriate MRs (jsc#SLE-19249). - RDMA/rxe: Create duplicate mapping tables for FMRs (jsc#SLE-19249). - RDMA/rxe: Separate HW and SW l/rkeys (jsc#SLE-19249). - RDMA/rxe: Cleanup MR status and type enums (jsc#SLE-19249). - RDMA/rxe: Add memory barriers to kernel queues (jsc#SLE-19249). - RDMA/bnxt_re: Check if the vlan is valid before reporting (jsc#SLE-18977). - RDMA/bnxt_re: Correct FRMR size calculation (jsc#SLE-18977). - RDMA/bnxt_re: Use GFP_KERNEL in non atomic context (jsc#SLE-18977). - RDMA/bnxt_re: Fix FRMR issue with single page MR allocation (jsc#SLE-18977). - RDMA/bnxt_re: Fix query SRQ failure (jsc#SLE-18977). - RDMA/bnxt_re: Suppress unwanted error messages (jsc#SLE-18977). - RDMA/bnxt_re: Support multiple page sizes (jsc#SLE-18977). - RDMA/bnxt_re: Reduce the delay in polling for hwrm command completion (jsc#SLE-18977). - RDMA/bnxt_re: Use separate response buffer for stat_ctx_free (jsc#SLE-18977). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-18977). - RDMA/bnxt_re: Add extended statistics counters (jsc#SLE-18977). - RDMA/rxe: remove the unnecessary variable (jsc#SLE-19249). - RDMA/rxe: remove the redundant variable (jsc#SLE-19249). - RDMA/rxe: Fix wrong port_cap_flags (jsc#SLE-19249). - iavf: Fix kernel BUG in free_msi_irqs (jsc#SLE-18385). - iavf: Add helper function to go from pci_dev to adapter (jsc#SLE-18385). - ice: Hide bus-info in ethtool for PRs in switchdev mode (jsc#SLE-18375). - ice: Clear synchronized addrs when adding VFs in switchdev mode (jsc#SLE-18375). - ice: Remove boolean vlan_promisc flag from function (jsc#SLE-18375). - net/mlx5: Support internal port as decap route device (jsc#SLE-19253). - net/mlx5e: Term table handling of internal port rules (jsc#SLE-19253). - net/mlx5e: Add indirect tc offload of ovs internal port (jsc#SLE-19253). - net/mlx5e: Offload internal port as encap route device (jsc#SLE-19253). - net/mlx5e: Offload tc rules that redirect to ovs internal port (jsc#SLE-19253). - net/mlx5e: Accept action skbedit in the tc actions list (jsc#SLE-19253). - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support (jsc#SLE-19253). - net/mlx5e: Use generic name for the forwarding dev pointer (jsc#SLE-19253). - net/mlx5e: Refactor rx handler of represetor device (jsc#SLE-19253). - net/mlx5: DR, Add check for unsupported fields in match param (jsc#SLE-19253). - net/mlx5: Allow skipping counter refresh on creation (jsc#SLE-19253). - net/mlx5e: IPsec: Refactor checksum code in tx data path (jsc#SLE-19253). - net/mlx5: CT: Remove warning of ignore_flow_level support for VFs (jsc#SLE-19253). - net/mlx5: Add esw assignment back in mlx5e_tc_sample_unoffload() (jsc#SLE-19253). - igc: Change Device Reset to Port Reset (jsc#SLE-18377). - igc: Add new device ID (jsc#SLE-18377). - igc: Remove media type checking on the PHY initialization (jsc#SLE-18377). - bnxt_en: Remove not used other ULP define (jsc#SLE-18978). - net: ixgbevf: Remove redundant initialization of variable ret_val (jsc#SLE-18384). - intel: Simplify bool conversion (jsc#SLE-18378). - ice: fix error return code in ice_get_recp_frm_fw() (jsc#SLE-18375). - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (jsc#SLE-18375). - ice: Add support to print error on PHY FW load failure (jsc#SLE-18375). - ice: Add support for changing MTU on PR in switchdev mode (jsc#SLE-18375). - ice: send correct vc status in switchdev (jsc#SLE-18375). - ice: support for GRE in eswitch (jsc#SLE-18375). - ice: low level support for tunnels (jsc#SLE-18375). - ice: VXLAN and Geneve TC support (jsc#SLE-18375). - ice: support for indirect notification (jsc#SLE-18375). - bnxt_en: Provide stored devlink "fw" version on older firmware (jsc#SLE-18978). - bnxt_en: implement firmware live patching (jsc#SLE-18978). - bnxt_en: Update firmware interface to 1.10.2.63 (jsc#SLE-18978). - bnxt_en: implement dump callback for fw health reporter (jsc#SLE-18978). - bnxt_en: extract coredump command line from current task (jsc#SLE-18978). - bnxt_en: Retrieve coredump and crashdump size via FW command (jsc#SLE-18978). - bnxt_en: Add compression flags information in coredump segment header (jsc#SLE-18978). - bnxt_en: move coredump functions into dedicated file (jsc#SLE-18978). - bnxt_en: Refactor coredump functions (jsc#SLE-18978). - bnxt_en: improve fw diagnose devlink health messages (jsc#SLE-18978). - bnxt_en: consolidate fw devlink health reporters (jsc#SLE-18978). - bnxt_en: remove fw_reset devlink health reporter (jsc#SLE-18978). - bnxt_en: improve error recovery information messages (jsc#SLE-18978). - bnxt_en: add enable_remote_dev_reset devlink parameter (jsc#SLE-18978). - bnxt_en: implement devlink dev reload fw_activate (jsc#SLE-18978). - bnxt_en: implement devlink dev reload driver_reinit (jsc#SLE-18978). - bnxt_en: refactor cancellation of resource reservations (jsc#SLE-18978). - bnxt_en: refactor printing of device info (jsc#SLE-18978). - RDMA/mlx5: Attach ndescs to mlx5_ib_mkey (jsc#SLE-19250). - RDMA/mlx5: Move struct mlx5_core_mkey to mlx5_ib (jsc#SLE-19250). - RDMA/mlx5: Replace struct mlx5_core_mkey by u32 key (jsc#SLE-19250). - RDMA/mlx5: Remove pd from struct mlx5_core_mkey (jsc#SLE-19250). - RDMA/mlx5: Remove size from struct mlx5_core_mkey (jsc#SLE-19250). - RDMA/mlx5: Remove iova from struct mlx5_core_mkey (jsc#SLE-19250). - net/mlx5: Add priorities for counters in RDMA namespaces (jsc#SLE-19250). - net/mlx5: Add ifc bits to support optional counters (jsc#SLE-19250). - IB/mlx5: Enable UAR to have DevX UID (jsc#SLE-19250). - net/mlx5: Add uid field to UAR allocation structures (jsc#SLE-19253). - net/mlx5: Lag, Make mlx5_lag_is_multipath() be static inline (jsc#SLE-19253). - net/mlx5e: Prevent HW-GRO and CQE-COMPRESS features operate together (jsc#SLE-19253). - net/mlx5e: Add HW-GRO offload (jsc#SLE-19253). - net/mlx5e: Add HW_GRO statistics (jsc#SLE-19253). - net/mlx5e: HW_GRO cqe handler implementation (jsc#SLE-19253). - net/mlx5e: Add data path for SHAMPO feature (jsc#SLE-19253). - net/mlx5e: Add handle SHAMPO cqe support (jsc#SLE-19253). - net/mlx5e: Add control path for SHAMPO feature (jsc#SLE-19253). - net/mlx5e: Add support to klm_umr_wqe (jsc#SLE-19253). - net/mlx5e: Rename TIR lro functions to TIR packet merge functions (jsc#SLE-19253). - net/mlx5: Add SHAMPO caps, HW bits and enumerations (jsc#SLE-19253). - net/mlx5e: Rename lro_timeout to packet_merge_timeout (jsc#SLE-19253). - lib: bitmap: Introduce node-aware alloc API (jsc#SLE-19253). - net/mlx5: remove the recent devlink params (jsc#SLE-19253). - net/mlx5: SF_DEV Add SF device trace points (jsc#SLE-19253). - net/mlx5: SF, Add SF trace points (jsc#SLE-19253). - net/mlx5: Let user configure max_macs param (jsc#SLE-19253). - net/mlx5: Let user configure event_eq_size param (jsc#SLE-19253). - net/mlx5: Let user configure io_eq_size param (jsc#SLE-19253). - net/mlx5: Bridge, support replacing existing FDB entry (jsc#SLE-19253). - net/mlx5: Bridge, extract code to lookup and del/notify entry (jsc#SLE-19253). - net/mlx5: Add periodic update of host time to firmware (jsc#SLE-19253). - net/mlx5: Print health buffer by log level (jsc#SLE-19253). - net/mlx5: Extend health buffer dump (jsc#SLE-19253). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (jsc#SLE-19253). - net/mlx5: Fix unused function warning of mlx5i_flow_type_mask (jsc#SLE-19253). - net/mlx5: Remove unnecessary checks for slow path flag (jsc#SLE-19253). - net: qed_dev: fix check of true !rc expression (jsc#SLE-19001). - net: qed_ptp: fix check of true !rc expression (jsc#SLE-19001). - net: hns3: add error recovery module and type for himac (bsc#1190336). - net: hns3: add new ras error type for roce (bsc#1190336). - net: hns3: add update ethtool advertised link modes for FIBRE port when autoneg off (bsc#1190336). - net: hns3: modify functions of converting speed ability to ethtool link mode (bsc#1190336). - net: hns3: add support pause/pfc durations for mac statistics (bsc#1190336). - net: hns3: device specifications add number of mac statistics (bsc#1190336). - net: hns3: modify mac statistics update process for compatibility (bsc#1190336). - net: hns3: add debugfs support for interrupt coalesce (bsc#1190336). - devlink: Delete obsolete parameters publish API (jsc#SLE-19253). - mlx5: fix build after merge (jsc#SLE-19253). - ice: Nuild fix (jsc#SLE-18375). - ice: Add tc-flower filter support for channel (jsc#SLE-18375). - ice: enable ndo_setup_tc support for mqprio_qdisc (jsc#SLE-18375). - ice: Add infrastructure for mqprio support via ndo_setup_tc (jsc#SLE-18375). - ice: fix an error code in ice_ena_vfs() (jsc#SLE-18375). - ice: use devm_kcalloc() instead of devm_kzalloc() (jsc#SLE-18375). - ice: Make use of the helper function devm_add_action_or_reset() (jsc#SLE-18375). - ice: Refactor PR ethtool ops (jsc#SLE-18375). - ice: Manage act flags for switchdev offloads (jsc#SLE-18375). - ice: Forbid trusted VFs in switchdev mode (jsc#SLE-18375). - ice: fix software generating extra interrupts (jsc#SLE-18375). - ice: fix rate limit update after coalesce change (jsc#SLE-18375). - ice: update dim usage and moderation (jsc#SLE-18375). - ice: Add support for VF rate limiting (jsc#SLE-18375). - devlink: Remove extra device_lock assert checks (jsc#SLE-19253). - net/mlx5: E-Switch, Increase supported number of forward destinations to 32 (jsc#SLE-19253). - net/mlx5: E-Switch, Use dynamic alloc for dest array (jsc#SLE-19253). - net/mlx5: Lag, use steering to select the affinity port in LAG (jsc#SLE-19253). - net/mlx5: Lag, add support to create/destroy/modify port selection (jsc#SLE-19253). - net/mlx5: Lag, add support to create TTC tables for LAG port selection (jsc#SLE-19253). - net/mlx5: Lag, add support to create definers for LAG (jsc#SLE-19253). - net/mlx5: Lag, set match mask according to the traffic type bitmap (jsc#SLE-19253). - net/mlx5: Lag, set LAG traffic type mapping (jsc#SLE-19253). - net/mlx5: Lag, move lag files into directory (jsc#SLE-19253). - net/mlx5: Introduce new uplink destination type (jsc#SLE-19253). - net/mlx5: Add support to create match definer (jsc#SLE-19253). - net/mlx5: Introduce port selection namespace (jsc#SLE-19253). - net/mlx5: Support partial TTC rules (jsc#SLE-19253). - iavf: Combine init and watchdog state machines (jsc#SLE-18385). - iavf: Add __IAVF_INIT_FAILED state (jsc#SLE-18385). - iavf: Refactor iavf state machine tracking (jsc#SLE-18385). - qed: Change the TCP common variable - "iscsi_ooo" (jsc#SLE-19001). - qed: Optimize the ll2 ooo flow (jsc#SLE-19001). - mlx5: prevent 64bit divide (jsc#SLE-19253). - net/mlx5: Use system_image_guid to determine bonding (jsc#SLE-19253). - net/mlx5: Use native_port_num as 1st option of device index (jsc#SLE-19253). - net/mlx5: Introduce new device index wrapper (jsc#SLE-19253). - net/mlx5: Check return status first when querying system_image_guid (jsc#SLE-19253). - net/mlx5: DR, Prefer kcalloc over open coded arithmetic (jsc#SLE-19253). - net/mlx5e: Add extack msgs related to TC for better debug (jsc#SLE-19253). - net/mlx5: CT: Fix missing cleanup of ct nat table on init failure (jsc#SLE-19253). - net/mlx5: Disable roce at HCA level (jsc#SLE-19253). - net/mlx5i: Enable Rx steering for IPoIB via ethtool (jsc#SLE-19253). - net/mlx5: Bridge, provide flow source hints (jsc#SLE-19253). - net/mlx5: Read timeout values from DTOR (jsc#SLE-19253). - net/mlx5: Read timeout values from init segment (jsc#SLE-19253). - net/mlx5: Add layout to support default timeouts register (jsc#SLE-19253). - ice: make use of ice_for_each_* macros (jsc#SLE-18375). - ice: introduce XDP_TX fallback path (jsc#SLE-18375). - ice: optimize XDP_TX workloads (jsc#SLE-18375). - ice: propagate xdp_ring onto rx_ring (jsc#SLE-18375). - ice: do not create xdp_frame on XDP_TX (jsc#SLE-18375). - ice: unify xdp_rings accesses (jsc#SLE-18375). - ice: split ice_ring onto Tx/Rx separate structs (jsc#SLE-18375). - ice: move ice_container_type onto ice_ring_container (jsc#SLE-18375). - ice: remove ring_active from ice_ring (jsc#SLE-18375). - net: intel: igc_ptp: fix build for UML (jsc#SLE-18377). - ice: Implement support for SMA and U.FL on E810-T (jsc#SLE-18375). - ice: Add support for SMA control multiplexer (jsc#SLE-18375). - ice: Implement functions for reading and setting GPIO pins (jsc#SLE-18375). - ice: Refactor ice_aqc_link_topo_addr (jsc#SLE-18375). - net: qed_debug: fix check of false (grc_param < 0) expression (jsc#SLE-19001). - devlink: Delete reload enable/disable interface (jsc#SLE-19253). - net/mlx5: Set devlink reload feature bit for supported devices only (jsc#SLE-19253). - devlink: Allow control devlink ops behavior through feature mask (jsc#SLE-19253). - devlink: Annotate devlink API calls (jsc#SLE-19253). - devlink: Move netdev_to_devlink helpers to devlink.c (jsc#SLE-19253). - devlink: Reduce struct devlink exposure (jsc#SLE-19253). - net: hns3: debugfs add support dumping page pool info (bsc#1190336). - ice: ndo_setup_tc implementation for PR (jsc#SLE-18375). - ice: ndo_setup_tc implementation for PF (jsc#SLE-18375). - ice: Allow changing lan_en and lb_en on all kinds of filters (jsc#SLE-18375). - ice: cleanup rules info (jsc#SLE-18375). - ice: allow deleting advanced rules (jsc#SLE-18375). - ice: allow adding advanced rules (jsc#SLE-18375). - ice: create advanced switch recipe (jsc#SLE-18375). - ice: manage profiles and field vectors (jsc#SLE-18375). - ice: implement low level recipes functions (jsc#SLE-18375). - ethernet: Remove redundant 'flush_workqueue()' calls (jsc#SLE-19253). - bnxt: use netif_is_rxfh_configured instead of open code (jsc#SLE-18978). - qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (jsc#SLE-19001). - qed: Initialize debug string array (jsc#SLE-19001). - ice: add port representor ethtool ops and stats (jsc#SLE-18375). - ice: switchdev slow path (jsc#SLE-18375). - ice: rebuild switchdev when resetting all VFs (jsc#SLE-18375). - ice: enable/disable switchdev when managing VFs (jsc#SLE-18375). - ice: introduce new type of VSI for switchdev (jsc#SLE-18375). - ice: set and release switchdev environment (jsc#SLE-18375). - ice: allow changing lan_en and lb_en on dflt rules (jsc#SLE-18375). - ice: manage VSI antispoof and destination override (jsc#SLE-18375). - ice: allow process VF opcodes in different ways (jsc#SLE-18375). - ice: introduce VF port representor (jsc#SLE-18375). - ice: Move devlink port to PF/VF struct (jsc#SLE-18375). - qed: Fix spelling mistake "ctx_bsaed" -> "ctx_based" (jsc#SLE-19001). - ethernet: use eth_hw_addr_set() for dev->addr_len cases (jsc#SLE-18377). - mlx4: constify args for const dev_addr (jsc#SLE-19256). - mlx4: remove custom dev_addr clearing (jsc#SLE-19256). - mlx4: replace mlx4_u64_to_mac() with u64_to_ether_addr() (jsc#SLE-19256). - mlx4: replace mlx4_mac_to_u64() with ether_addr_to_u64() (jsc#SLE-19256). - net/mlx5: Enable single IRQ for PCI Function (jsc#SLE-19253). - net/mlx5: Shift control IRQ to the last index (jsc#SLE-19253). - net/mlx5: Bridge, pop VLAN on egress table miss (jsc#SLE-19253). - net/mlx5: Bridge, mark reg_c1 when pushing VLAN (jsc#SLE-19253). - net/mlx5: Bridge, extract VLAN pop code to dedicated functions (jsc#SLE-19253). - net/mlx5: Bridge, refactor eswitch instance usage (jsc#SLE-19253). - net/mlx5e: Support accept action (jsc#SLE-19253). - net/mlx5e: Specify out ifindex when looking up encap route (jsc#SLE-19253). - net/mlx5e: Reserve a value from TC tunnel options mapping (jsc#SLE-19253). - net/mlx5e: Move parse fdb check into actions_match_supported_fdb() (jsc#SLE-19253). - net/mlx5e: Split actions_match_supported() into a sub function (jsc#SLE-19253). - net/mlx5e: Move mod hdr allocation to a single place (jsc#SLE-19253). - net/mlx5e: TC, Refactor sample offload error flow (jsc#SLE-19253). - net/mlx5e: Add TX max rate support for MQPRIO channel mode (jsc#SLE-19253). - net/mlx5e: Specify SQ stats struct for mlx5e_open_txqsq() (jsc#SLE-19253). - qed: fix ll2 establishment during load of RDMA driver (jsc#SLE-19001). - qed: Update the TCP active termination 2 MSL timer ("TIME_WAIT") (jsc#SLE-19001). - qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (jsc#SLE-19001). - qed: Update debug related changes (jsc#SLE-19001). - qed: Add '_GTT' suffix to the IRO RAM macros (jsc#SLE-19001). - qed: Update FW init functions to support FW 8.59.1.0 (jsc#SLE-19001). - qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (jsc#SLE-19001). - qed: Update qed_hsi.h for fw 8.59.1.0 (jsc#SLE-19001). - qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (jsc#SLE-19001). - qed: Update common_hsi for FW ver 8.59.1.0 (jsc#SLE-19001). - qed: Split huge qed_hsi.h header file (jsc#SLE-19001). - qed: Remove e4_ and _e4 from FW HSI (jsc#SLE-19001). - qed: Fix kernel-doc warnings (jsc#SLE-19001). - net/mlx4_en: avoid one cache line miss to ring doorbell (jsc#SLE-19256). - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (jsc#SLE-19253). - ethernet: use eth_hw_addr_set() (jsc#SLE-19256). - i40e: Use the xsk batched rx allocation interface (jsc#SLE-18378). - ice: Use the xsk batched rx allocation interface (jsc#SLE-18375). - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (jsc#SLE-18375). - xsk: Batched buffer allocation for the pool (jsc#SLE-18375). - net/mlx5e: Use array_size() helper (jsc#SLE-19253). - net/mlx5: Use struct_size() helper in kvzalloc() (jsc#SLE-19253). - net/mlx5: Use kvcalloc() instead of kvzalloc() (jsc#SLE-19253). - net/mlx5: Tolerate failures in debug features while driver load (jsc#SLE-19253). - net/mlx5: Warn for devlink reload when there are VFs alive (jsc#SLE-19253). - net/mlx5: DR, Add missing string for action type SAMPLER (jsc#SLE-19253). - net/mlx5: DR, init_next_match only if needed (jsc#SLE-19253). - net/mlx5: DR, Fix typo 'offeset' to 'offset' (jsc#SLE-19253). - net/mlx5: DR, Increase supported num of actions to 32 (jsc#SLE-19253). - net/mlx5: DR, Add support for SF vports (jsc#SLE-19253). - net/mlx5: DR, Support csum recalculation flow table on SFs (jsc#SLE-19253). - net/mlx5: DR, Align error messages for failure to obtain vport caps (jsc#SLE-19253). - net/mlx5: DR, Add missing query for vport 0 (jsc#SLE-19253). - net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK (jsc#SLE-19253). - net/mlx5: DR, Fix vport number data type to u16 (jsc#SLE-19253). - devlink: report maximum number of snapshots with regions (jsc#SLE-19253). - net/mlx4_en: Add XDP_REDIRECT statistics (jsc#SLE-19256). - ixgbe: let the xdpdrv work with more than 64 cpus (jsc#SLE-18384). - devlink: Add missed notifications iterators (jsc#SLE-19253). - net/mlx4: Use array_size() helper in copy_to_user() (jsc#SLE-19256). - ice: Prefer kcalloc over open coded arithmetic (jsc#SLE-18375). - ice: Fix macro name for IPv4 fragment flag (jsc#SLE-18375). - ice: refactor devlink getter/fallback functions to void (jsc#SLE-18375). - ice: Fix link mode handling (jsc#SLE-18375). - ice: Add feature bitmap, helpers and a check for DSCP (jsc#SLE-18375). - ice: Add DSCP support (jsc#SLE-18375). - net/mlx5e: check return value of rhashtable_init (jsc#SLE-19253). - net: dsa: Move devlink registration to be last devlink command (jsc#SLE-19253). - netdevsim: Move devlink registration to be last devlink command (jsc#SLE-19253). - qed: Move devlink registration to be last devlink command (jsc#SLE-19001). - nfp: Move delink_register to be last command (jsc#SLE-19253). - mlxsw: core: Register devlink instance last (jsc#SLE-19253). - net/mlx5: Accept devlink user input after driver initialization complete (jsc#SLE-19253). - net/mlx4: Move devlink_register to be the last initialization command (jsc#SLE-19256). - ice: Open devlink when device is ready (jsc#SLE-18375). - bnxt_en: Register devlink instance at the end devlink configuration (jsc#SLE-18978). - devlink: Notify users when objects are accessible (jsc#SLE-19253). - net/mlx5e: Enable TC offload for ingress MACVLAN (jsc#SLE-19253). - net/mlx5e: Enable TC offload for egress MACVLAN (jsc#SLE-19253). - net/mlx5e: loopback test is not supported in switchdev mode (jsc#SLE-19253). - net/mlx5e: Use NL_SET_ERR_MSG_MOD() for errors parsing tunnel attributes (jsc#SLE-19253). - net/mlx5e: Use tc sample stubs instead of ifdefs in source file (jsc#SLE-19253). - net/mlx5e: Remove redundant priv arg from parse_pedit_to_reformat() (jsc#SLE-19253). - net/mlx5e: Check action fwd/drop flag exists also for nic flows (jsc#SLE-19253). - net/mlx5e: Set action fwd flag when parsing tc action goto (jsc#SLE-19253). - net/mlx5e: Remove incorrect addition of action fwd flag (jsc#SLE-19253). - net/mlx5e: Use correct return type (jsc#SLE-19253). - net/mlx5e: Add error flow for ethtool -X command (jsc#SLE-19253). - net/mlx5: DR, Fix code indentation in dr_ste_v1 (jsc#SLE-19253). - qed: Don't ignore devlink allocation failures (jsc#SLE-19001). - ice: Delete always true check of PF pointer (jsc#SLE-18375). - devlink: Remove single line function obfuscations (jsc#SLE-19253). - devlink: Delete not used port parameters APIs (jsc#SLE-19253). - bnxt_en: Properly remove port parameter support (jsc#SLE-18978). - bnxt_en: Check devlink allocation and registration status (jsc#SLE-18978). - net: mlx4: Add support for XDP_REDIRECT (jsc#SLE-19256). - devlink: Make devlink_register to be void (jsc#SLE-19253). - devlink: Delete not-used devlink APIs (jsc#SLE-19253). - mlxsw: core: Remove mlxsw_core_is_initialized() (jsc#SLE-19253). - mlxsw: core: Initialize switch driver last (jsc#SLE-19253). - devlink: Delete not-used single parameter notification APIs (jsc#SLE-19253). - net/mlx5: Publish and unpublish all devlink parameters at once (jsc#SLE-19253). - net: hns3: PF support get multicast MAC address space assigned by firmware (bsc#1190336). - net: hns3: PF support get unicast MAC address space assigned by firmware (bsc#1190336). - mlxsw: spectrum: Use PMTDB register to obtain split info (jsc#SLE-19253). - mlxsw: reg: Add Port Module To local DataBase Register (jsc#SLE-19253). - qed: Improve the stack space of filter_config() (jsc#SLE-19001). - bnxt_en: Use struct_group_attr() for memcpy() region (jsc#SLE-18978). - stddef: Introduce struct_group() helper macro (jsc#SLE-18978). - net: hns3: adjust string spaces of some parameters of tx bd info in debugfs (bsc#1190336). - net: hns3: ignore reset event before initialization process is done (bsc#1190336). - net: hns3: change hclge/hclgevf workqueue to WQ_UNBOUND mode (bsc#1190336). - rdma/qedr: Fix crash due to redundant release of device's qp memory (jsc#SLE-18998). - RDMA/rdmavt: Fix error code in rvt_create_qp() (jsc#SLE-19249). - net/mlx5e: Fix vlan data lost during suspend flow (jsc#SLE-19253). - net/mlx5: E-switch, Return correct error code on group creation failure (jsc#SLE-19253). - IB/qib: Fix clang confusion of NULL pointer comparison (jsc#SLE-19249). - bnxt: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18978). - bnxt: Read VPD with pci_vpd_alloc() (jsc#SLE-18978). - net: create netdev->dev_addr assignment helpers (jsc#SLE-19253). - dma-mapping: allow map_sg() ops to return negative error codes (jsc#SLE-19249). - ptp: ocp: Fix error path for pci_ocp_device_init() (jsc#SLE-19253). - ptp: ocp: Fix uninitialized variable warning spotted by clang (jsc#SLE-19253). - devlink: Use xarray to store devlink instances (jsc#SLE-19253). - devlink: Count struct devlink consumers (jsc#SLE-19253). - devlink: Remove check of always valid devlink pointer (jsc#SLE-19253). - devlink: Simplify devlink_pernet_pre_exit call (jsc#SLE-19253). - ptp: ocp: Remove pending_image indicator from devlink (jsc#SLE-19253). - ptp: ocp: Rename version string shown by devlink (jsc#SLE-19253). - ptp: ocp: Use 'gnss' naming instead of 'gps' (jsc#SLE-19253). - ptp: ocp: Remove devlink health and unused parameters (jsc#SLE-19253). - ptp: ocp: Add the mapping for the external PPS registers (jsc#SLE-19253). - ptp: ocp: Fix the error handling path for the class device (jsc#SLE-19253). - netdevsim: Protect both reload_down and reload_up paths (jsc#SLE-19253). - netdevsim: Forbid devlink reload when adding or deleting ports (jsc#SLE-19253). - ptp: ocp: Expose various resources on the timecard (jsc#SLE-19253). - devlink: Allocate devlink directly in requested net namespace (jsc#SLE-19253). - devlink: Remove duplicated registration check (jsc#SLE-19253). - commit 8724dc6 - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - commit a6f9546 - Refresh patches.suse/sched-Temporarily-restore-deprecated-scheduler-sysctls-with-a-warning.patch (bsc#1192700) Fix build for CONFIG_SCHED_DEBUG=n. - commit b18b64a - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - commit a133bf4 - rtw89: update partition size of firmware header on skb->data (bsc#1188303). - commit 107cd5f - Drop downstream rtw89 fix patch, to be replaced with the upstream fix - commit 1e369dc - init: Revert accidental changes to print irqs_disabled() (git-fixes). - commit 62177ed - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - commit ab0eb1b - PM: hibernate: swap: Use vzalloc() and kzalloc() (git-fixes). - commit eb3f380 - PM: hibernate: fix sparse warnings (git-fixes). - commit 348b162 - PM: hibernate: Remove blk_status_to_errno in hib_wait_io (git-fixes). - commit def0ee8 - init: Revert accidental changes to print irqs_disabled() (git-fixes). - commit 35c394e - scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd() (git-fixes). - scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp() (git-fixes). - scsi: ufs: core: Stop clearing UNIT ATTENTIONS (git-fixes). - scsi: ufs: core: Retry START_STOP on UNIT_ATTENTION (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: pm80xx: Fix lockup in outbound queue management (git-fixes). - scsi: elx: efct: Delete stray unlock statement (git-fixes). - um: virt-pci: fix uapi documentation (git-fixes). - scsi: ufs: Optimize serialization of setup_xfer_req() calls (git-fixes). - commit 8d221dc ++++ kernel-firmware: - Update to version 20211115 (git commit f5d519563ac9): * linux-firmware: Update AMD cpu microcode * amdgpu: update raven2 firmware from 21.40 * amdgpu: update navi14 firmware from 21.40 * amdgpu: update raven firmware from 21.40 * amdgpu: update navi12 firmware from 21.40 * amdgpu: update navi10 firmware from 21.40 * amdgpu: update vega20 firmware from 21.40 * amdgpu: update vega12 firmware from 21.40 * amdgpu: update vega10 firmware from 21.40 * amdgpu: update picasso firmware from 21.40 * amdgpu: update vangogh firmware from 21.40 * amdgpu: update beige goby firmware from 21.40 * amdgpu: add cyan skillfish firmware from 21.40 * amdgpu: update dimgrey cavefish firmware from 21.40 * amdgpu: update green sardine firmware from 21.40 * amdgpu: update navy flounder firmware from 21.40 * amdgpu: update renoir firmware from 21.40 * amdgpu: update arcturus firmware from 21.40 * amdgpu: update sienna cichlid firmware from 21.40 * rtl_bt: Update RTL8852A BT USB firmware to 0xDBA9_6937 * iwlwifi: add new FWs from core64-96 release * iwlwifi: update 9000-family firmwares to core64-96 * amdgpu: update VCN firmware for green sardine * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) - Update aliases ++++ gmp: - Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] ------------------------------------------------------------------ ------------------ 2021-11-15 - Nov 15 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - clocksource: Forgive repeated long-latency watchdog clocksource reads (bsc#1192724). - scripts/git_sort/git_sort.py: add a dev branch of the -rcu tree - commit 0845241 - patches.suse/zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269). - commit 5c8aa0e - patches.suse/zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269). - commit 5e92544 - patches.suse/zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269). - commit 534b940 - patches.suse/zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269). - commit 78167fd - x86/fpu: Optimize out sigframe xfeatures when in init state (bsc#1190497). - commit 00db683 - fuse: fix page stealing (bsc#1192718). - virtiofs: use strscpy for copying the queue name (bsc#1192720). - commit c8072b7 - cpumask: Omit terminating null byte in cpumap_print_{list,bitmask}_to_buf (bsc#1192611). - commit 6727db6 - ABI: sysfs-devices-power: add some debug sysfs files (git-fixes). - commit 166ca61 - ABI: sysfs-devices-power: document some RPM statistics (git-fixes). - commit d90cdd7 - kprobes: Do not use local variable when creating debugfs file (git-fixes). - commit 31c6a3a - ptp: Document the PTP_CLK_MAGIC ioctl number (git-fixes). - commit 4fba2e2 - Update patches.suse/thunderbolt-Enable-retry-logic-for-intra-domain-cont.patch (jsc#SLE-19356 jsc#SLE-19359). Corrected Jira numbers to Epics - commit 3be9934 - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling (jsc#SLE-19248). - gpio: mlxbf2: Introduce IRQ support (jsc#SLE-19248). - gpio: mlxbf2.c: Add check for bgpio_init failure (jsc#SLE-19248). - commit d883dc9 - README.BRANCH: Add Vlastimil Babka as SLE15-SP4 maintainer. - commit 31b8a3a - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - commit 907bc9c - xen: Fix implicit type conversion (git-fixes). - commit c808811 - x86/smp: Factor out parts of native_smp_prepare_cpus() (bsc#1192258). - commit a1b08b7 - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (git-fixes). - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (git-fixes). - commit 82e03a0 - PCI/MSI: Move non-mask check back into low level accessors (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes). - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - dyndbg: make dyndbg a known cli param (git-fixes). - commit 6e4688e - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (git-fixes). - commit 45d77db ++++ systemd: - Import commit 77ad76ed6e5c8170e3825d57abf8690b2a95bc06 (merge of v249.6) bcdeee7b4c virt: Support detection for ARM64 Hyper-V guests (bsc#1186071) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/ad045db5d34afeb4ece43f349783eda931e49a04...77ad76ed6e5c8170e3825d57abf8690b2a95bc06 ++++ rpm-config-SUSE: - Add bsc1192160-rpm-config-SUSE-support-compressed-firmware-files.patch: Backported from e4c04ac, the upcoming kernel will support the compressed firmware files, and this patch corresponds to that kernel change, fixing firmware.prov to deal with the xz-compressed firmware files as well (bsc#1192160). ++++ yast2: - Force creating the UI before checking -pkg etc. UI plug-ins (bsc#1192650) - 4.4.22 ++++ yast2-trans: - Update to version 84.87.20211114.f6c5a7e501: * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'users'. * New POT for text domain 'bootloader'. * Translated using Weblate (Malay) * Translated using Weblate (Malay) * Translated using Weblate (Malay) * Translated using Weblate (Malay) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * New POT for text domain 'registration'. * New POT for text domain 'network'. ------------------------------------------------------------------ ------------------ 2021-11-14 - Nov 14 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1190497). - commit a856ef9 - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk/ast2600: Fix soc revision for AHB (git-fixes). - Revert "clk: rockchip: use module_platform_driver_probe" (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - commit 6b7f27c ++++ libblockdev: - Update to version 2.26: + Fixes: - Deprecated glib function call; - Build with LLVM/clang; - Many memory leaks; - Many tests. - Fix dbus.h being wrongly packaged in libbd_lvm-dbus-devl instead of libbd_utils-devel (boo#1189787). ------------------------------------------------------------------ ------------------ 2021-11-13 - Nov 13 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.52.4: + New features: - Support the isolation property from the Compositing and Blending Level 1 specification. - Support Visual Studio 2022. + Bug fixes: - The opacity and mix-blend-mode properties were not being applied when an element has a mask. - Fix panic when an empty group has a pattern fill and filters. - Fix the tests on Windows; the still only work when Fontconfig is present. - Work around a bug in the cairo-rs bindings in the test suite, that only manifests itself in s/390x due to its calling convention. See https://github.com/gtk-rs/gtk-rs-core/issues/335 ++++ kernel-default: - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1190497). - commit ff42fca - Update config files: bump version to 5.14.18 - commit eee3ca4 - drm: fb_helper: improve CONFIG_FB dependency (git-fixes). - Update config files. - commit 12bd574 - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - commit 00ac1e4 - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: PCM: Fix NULL dereference at mmap checks (git-fixes). - ALSA: memalloc: Catch call with NULL snd_dma_buffer pointer (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (git-fixes). - Revert "drm/imx: Annotate dma-fence critical section in commit path" (git-fixes). - drm/udl: fix control-message timeout (git-fixes). - drm/ttm: remove ttm_bo_vm_insert_huge() (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/bridge/lontium-lt9611uxc: fix provided connector suport (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - Input: max8925_onkey - don't mark comment as kernel-doc (git-fixes). - Input: st1232 - increase "wait ready" timeout (git-fixes). - Input: ariel-pwrbutton - add SPI device ID table (git-fixes). - rtc: rv3032: fix error handling in rv3032_clkout_set_rate() (git-fixes). - rtc: mcp795: Add SPI ID table (git-fixes). - rtc: pcf2123: Add SPI ID table (git-fixes). - rtc: ds1390: Add SPI ID table (git-fixes). - rtc: ds1302: Add SPI ID table (git-fixes). - thermal: int340x: fix build on 32-bit targets (git-fixes). - commit 63439e7 ++++ podman: - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). ------------------------------------------------------------------ ------------------ 2021-11-12 - Nov 12 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 9.3.0 (jsc#PCT-130) + Support AHB-v3 + Support registration of BYOS instances against the update infrastructure + Properly extract the region for local zones in AWS to ensure instances get connected to the proper update servers + Azure addon service and executable rename + Support non SLE repos + Fix handling of regionservers configured with DNS names ++++ container-selinux: - Update to version 2.171.0 * Define kubernetes_file_t as a config_type * Allow containers to be socket activated by user domains and by systemd. * Allow iptables to use fifo files of a container runtime * Allow container_runtime create all tmpfs content as container_runtime_tmpfs_t * Allow containers to create lnk_file on tmpfs_t directories. ++++ cpuset: - Add cpuset-1.6-Fix_invalid_parentheses.patch to fix a semantic error. (bsc#1191418) - %check: really test the package [bsc#1191736] ++++ kernel-default: - Linux 5.14.18 (stable-5.14.18). - commit 739ae10 - isofs: Fix out of bound access for corrupted isofs image (stable-5.14.18). - binder: don't detect sender/target during buffer cleanup (stable-5.14.18). - usb: gadget: Mark USB_FSL_QE broken on 64-bit (stable-5.14.18). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (stable-5.14.18). - usb: ehci: handshake CMD_RUN instead of STS_HALT (stable-5.14.18). - KVM: x86: avoid warning with -Wbitwise-instead-of-logical (stable-5.14.18). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (stable-5.14.18). - binder: use cred instead of task for getsecid (stable-5.14.18). - binder: use cred instead of task for selinux checks (stable-5.14.18). - binder: use euid from cred instead of using task (stable-5.14.18). - ALSA: pci: cs46xx: Fix set up buffer type properly (stable-5.14.18). - ALSA: pcm: Check mmap capability of runtime dma buffer at first (stable-5.14.18). - commit ac03c67 - pwm: rockchip: Unprepare clocks only after the PWM was unregistered (jsc#SLE-22616). - commit 12bd5ce - Update patch references for stable-5.14.18 - commit 40343d9 - Fix and move the upstreamed patches into sorted section - commit 8dc4b32 - supported.conf: add pwm-rockchip References: jsc#SLE-22616 - commit c6166b8 - btrfs: remove unused function btrfs_bio_fits_in_stripe() (jsc#SLE-17674). - btrfs: determine stripe boundary at bio allocation time in btrfs_submit_compressed_write (jsc#SLE-17674). - btrfs: determine stripe boundary at bio allocation time in btrfs_submit_compressed_read (jsc#SLE-17674). - btrfs: introduce alloc_compressed_bio() for compression (jsc#SLE-17674). - btrfs: introduce submit_compressed_bio() for compression (jsc#SLE-17674). - btrfs: handle errors properly inside btrfs_submit_compressed_write() (jsc#SLE-17674). - btrfs: handle errors properly inside btrfs_submit_compressed_read() (jsc#SLE-17674). - commit f0da449 - btrfs: subpage: add bitmap for PageChecked flag (jsc#SLE-17674). - commit 50c42db - btrfs: subpage: pack all subpage bitmaps into a larger bitmap (jsc#SLE-17674). - btrfs: subpage: introduce btrfs_subpage_bitmap_info (jsc#SLE-17674). - commit 087ca75 - btrfs: subpage: make btrfs_alloc_subpage() return btrfs_subpage directly (jsc#SLE-17674). - commit 46a7040 - btrfs: subpage: only call btrfs_alloc_subpage() when sectorsize is smaller than PAGE_SIZE (jsc#SLE-17674). - commit a26cf9b - btrfs: introduce compressed_bio::pending_sectors to trace compressed bio (jsc#SLE-17674). - commit f3b6498 - btrfs: rename struct btrfs_io_bio to btrfs_bio (jsc#SLE-17674). - commit 96b1426 - btrfs: remove btrfs_bio_alloc() helper (jsc#SLE-17674). - commit 83c8397 - btrfs: rename btrfs_bio to btrfs_io_context (jsc#SLE-17674). - commit 6b2229b - blacklist.conf: d979617aa84d ("bpf: Fixes possible race in update_prog_stats() for 32bit arches") 32-bit only - commit 0d1ab9a - apparmor: fix error check (git-fixes). - gve: Fix off by one in gve_tx_timeout() (git-fixes). - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for mcp251xfd_chip_rx_int_enable() (git-fixes). - can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path (git-fixes). - can: j1939: j1939_can_recv(): ignore messages with invalid source address (git-fixes). - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - commit a02425d ++++ regionServiceClientConfigEC2: - Update to version 3.1.0 (bsc#1029162) + Add IPv6 addresses to config + Include IPv6 certificates + Requires cloud-regionsrv-client >= v9.3.0 ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#538 - handle zstd compressed modules - handle new .ko.zst kernel module suffix - handle zstd compression (jsc#SLE-18768, jsc#SLE-20248, jsc#SLE-21256) - 16.57.7 ++++ yast2: - Adapt the code to the new product specification API (bsc#1192626). - yast2-packager is now responsible for finding the list of available base products during installation. - Drop ProductControlProduct class. - 4.4.21 ------------------------------------------------------------------ ------------------ 2021-11-11 - Nov 11 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522) * 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch * 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch ++++ hwdata: - Update to version 0.353 (bsc#1192587): + Updated pci, usb and vendor ids. ++++ hwinfo: - merge gh#openSUSE/hwinfo#106 - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - 21.78 ++++ open-iscsi: - Merged latest upstream. Mostly cleanup, but includes a fix for iscsi-init.service when trying to write to the root volume too early (bsc#1192568), as well as an upstream fix for possible deadlock when dealing with sysfs. ++++ kernel-default: - blacklist.conf: 868c250bb463 ("x86/fpu: Include vmalloc.h for vzalloc()") - commit fcf1347 - Documentation/x86: Add documentation for using dynamic XSTATE features (jsc#SLE-18931). - commit cc5cb1c - selftests/x86/amx: Add context switch test (jsc#SLE-18931). - commit 9946b7f - selftests/x86/amx: Add test cases for AMX state management (jsc#SLE-18931). - commit 4e5182e - x86/fpu/amx: Enable the AMX feature in 64-bit mode (jsc#SLE-18931). - commit 2ac2782 - x86/fpu: Add XFD handling for dynamic states (jsc#SLE-18931). - commit 49619a9 - x86/fpu: Calculate the default sizes independently (jsc#SLE-18931). - commit afcd73c - x86/fpu/amx: Define AMX state components and have it used for boot-time checks (jsc#SLE-18931). - commit ddf9464 - x86/fpu/xstate: Prepare XSAVE feature table for gaps in state component numbers (jsc#SLE-18931). - commit fb12c6f - x86/fpu/xstate: Add fpstate_realloc()/free() (jsc#SLE-18931). - commit 52e8e05 - x86/fpu/xstate: Add XFD #NM handler (jsc#SLE-18931). - commit 1918fca - x86/fpu: Update XFD state where required (jsc#SLE-18931). - commit ae721d6 - x86/fpu: Add sanity checks for XFD (jsc#SLE-18931). - commit e7eb3fb - x86/fpu: Add XFD state to fpstate (jsc#SLE-18931). - commit ccad282 - x86/msr-index: Add MSRs for XFD (jsc#SLE-18931). - commit 7ede736 - x86/cpufeatures: Add eXtended Feature Disabling (XFD) feature bit (jsc#SLE-18931). - commit d77baa8 - x86/fpu: Reset permission and fpstate on exec() (jsc#SLE-18931). - commit 1b6783e - dmaengine: stm32-dma: avoid 64-bit division in stm32_dma_get_max_width (git-fixes). - sysv: use BUILD_BUG_ON instead of runtime check (git-fixes). - commit fa67de7 - soc: ti: fix wkup_m3_rproc_boot_thread return type (git-fixes). - thermal/drivers/int340x: processor_thermal: Suppot 64 bit RFIM responses (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()' (git-fixes). - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (git-fixes). - commit 4b979a4 - dmaengine: idxd: fix resource leak on dmaengine driver disable (git-fixes). - dmaengine: idxd: reconfig device after device reset command (git-fixes). - dmaengine: remove debugfs #ifdef (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - dmaengine: stm32-dma: fix stm32_dma_get_max_width (git-fixes). - remoteproc: imx_rproc: Fix rsc-table name (git-fixes). - remoteproc: imx_rproc: Fix ignoring mapping vdev regions (git-fixes). - remoteproc: imx_rproc: Fix TCM io memory type (git-fixes). - remoteproc: Fix the wrong default value of is_iomem (git-fixes). - remoteproc: elf_loader: Fix loading segment when is_iomem true (git-fixes). - commit 88fbf4c - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPI: PM: Fix device wakeup power reference counting error (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: at_xdmac: call at_xdmac_axi_config() on resume path (git-fixes). - dmaengine: idxd: move out percpu_ref_exit() to ensure it's outside submission (git-fixes). - crypto: tcrypt - fix skcipher multi-buffer tests for 1420B blocks (git-fixes). - crypto: ccree - avoid out-of-range warnings from clang (git-fixes). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - commit 415ba15 - init: make unknown command line param message clearer (bsc#1192590). - commit 5097b41 - x86/fpu: Prepare fpu_clone() for dynamically enabled features (jsc#SLE-18931). - commit 3b5888e - x86/fpu/signal: Prepare for variable sigframe length (jsc#SLE-18931). - commit 7107574 - x86/signal: Use fpu::__state_user_size for sigalt stack validation (jsc#SLE-18931). - commit 96c1b01 - x86/fpu: Add basic helpers for dynamically enabled features (jsc#SLE-18931). - commit bf58746 - x86/arch_prctl: Add controls for dynamic XSTATE components (jsc#SLE-18931). - commit 6553ecb - nvme: Add sibling to list after full initialization (bsc#1191793 bsc#1192507). - commit 5fedc09 - x86/fpu: Add fpu_state_config::legacy_features (jsc#SLE-18931). - commit 938ac07 - x86/fpu: Add members to struct fpu to cache permission information (jsc#SLE-18931). - commit 96e08c8 - x86/fpu/xstate: Provide xstate_calculate_size() (jsc#SLE-18931). - commit 0eebbe6 - x86/signal: Implement sigaltstack size validation (jsc#SLE-18931). - Update config files. - commit 40edc00 - signal: Add an optional check for altstack size (jsc#SLE-18931). - commit c2d9b5c - x86/fpu: Remove old KVM FPU interface (jsc#SLE-18931). - commit b289ef7 - mm/vmscan: delay waking of tasks throttled on NOPROGRESS (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: increase the timeout if page reclaim is not making progress (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: centralise timeout values for reclaim_throttle (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: remove the throttling logic from the page allocator (bsc#1190208 (MM functional and performance backports)). - mm/writeback: throttle based on page writeback instead of congestion (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: throttle reclaim when no progress is being made (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: throttle reclaim and compaction when too may pages are isolated (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: throttle reclaim until some writeback completes if congested (bsc#1190208 (MM functional and performance backports)). - mm: hwpoison: handle non-anonymous THP correctly (bsc#1190208 (MM functional and performance backports)). - mm: shmem: don't truncate page if memory failure happens (bsc#1190208 (MM functional and performance backports)). - mm: hwpoison: refactor refcount check handling (bsc#1190208 (MM functional and performance backports)). - mm: filemap: coding style cleanup for filemap_map_pmd() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: use clamp() to simplify code (bsc#1190208 (MM functional and performance backports)). - mm: page_alloc: use migrate_disable() in drain_local_pages_wq() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm/page_alloc.c: show watermark_boost of zone in zoneinfo (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: detect allocation forbidden by cpuset and bail out early (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: do not acquire zone lock in is_free_buddy_page() (bsc#1190208 (MM functional and performance backports)). - mm: move fold_vm_numa_events() to fix NUMA without SMP (bsc#1190208 (MM functional and performance backports)). - mm: move node_reclaim_distance to fix NUMA without SMP (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: avoid allocating highmem pages via alloc_pages_exact[_nid] (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: use helper function zone_spans_pfn() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: fix obsolete comment in free_pcppages_bulk() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: simplify the code by using macro K() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: remove meaningless VM_BUG_ON() in pindex_to_order() (bsc#1190208 (MM functional and performance backports)). - mm: remove redundant smp_wmb() (bsc#1190208 (MM functional and performance backports)). - mm: introduce pmd_install() helper (bsc#1190208 (MM functional and performance backports)). - mm: add zap_skip_check_mapping() helper (bsc#1190208 (MM functional and performance backports)). - mm: drop first_index/last_index in zap_details (bsc#1190208 (MM functional and performance backports)). - mm: clear vmf->pte after pte_unmap_same() returns (bsc#1190208 (MM functional and performance backports)). - mm/memory.c: avoid unnecessary kernel/user pointer conversion (bsc#1190208 (MM functional and performance backports)). - mm: move more expensive part of XA setup out of mapping check (bsc#1190208 (MM functional and performance backports)). - mm/filemap.c: remove bogus VM_BUG_ON (bsc#1190208 (MM functional and performance backports)). - mm: don't read i_size of inode unless we need it (bsc#1190208 (MM functional and performance backports)). - mm: stop filemap_read() from grabbing a superfluous page (bsc#1190208 (MM functional and performance backports)). - mm: Fix comments mentioning i_mutex (bsc#1190208 (MM functional and performance backports)). - commit 1829ec0 - x86/kvm: Convert FPU handling to a single swap buffer (jsc#SLE-18931). - commit 1b316b0 - x86/fpu: Provide infrastructure for KVM FPU cleanup (jsc#SLE-18931). - commit 09d3f06 - x86/fpu: Prepare for sanitizing KVM FPU code (jsc#SLE-18931). - commit e472864 - x86/fpu/xstate: Move remaining xfeature helpers to core (jsc#SLE-18931). - commit 7892ec7 - x86/fpu: Rework restore_regs_from_fpstate() (jsc#SLE-18931). - commit 87bde61 - x86/fpu: Mop up xfeatures_mask_uabi() (jsc#SLE-18931). - commit d6d75f4 - Fix problem with missing installkernel on Tumbleweed. - commit 2ed6686 - x86/fpu: Move xstate feature masks to fpu_*_cfg (jsc#SLE-18931). - commit 04a01f4 - x86/fpu: Move xstate size to fpu_*_cfg (jsc#SLE-18931). - commit cf4b506 - x86/fpu/xstate: Cleanup size calculations (jsc#SLE-18931). - commit d16b889 - x86/fpu: Cleanup fpu__init_system_xstate_size_legacy() (jsc#SLE-18931). - commit 6817654 - x86/fpu: Provide struct fpu_config (jsc#SLE-18931). - commit e9e9154 - Refresh patches.suse/mm-page_alloc-Print-node-fallback-order.patch. - Refresh patches.suse/mm-page_alloc-Use-accumulated-load-when-building-node-fallback-list.patch. Move to sorted section. - commit df23484 - x86/fpu/signal: Use fpstate for size and features (jsc#SLE-18931). - commit 00eca20 - x86/fpu/xstate: Use fpstate for copy_uabi_to_xstate() (jsc#SLE-18931). - commit 36ed39f - x86/fpu: Use fpstate in __copy_xstate_to_uabi_buf() (jsc#SLE-18931). - commit 292d93f - x86/fpu: Use fpstate in fpu_copy_kvm_uabi_to_fpstate() (jsc#SLE-18931). - commit f1d4fea - x86/fpu/xstate: Use fpstate for xsave_to_user_sigframe() (jsc#SLE-18931). - commit 3bd5114 - x86/fpu/xstate: Use fpstate for os_xsave() (jsc#SLE-18931). - commit 310c2fa - s390/qeth: Register switchdev event handler (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - Refresh patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline.patch. - commit d424df5 - s390/qeth: Update MACs of LEARNING_SYNC device (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - s390/qeth: Switchdev event handler (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - s390/qdio: propagate error when cancelling a ccw fails (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - s390/qdio: improve roll-back after error on ESTABLISH ccw (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - commit 9cdc2d7 - kcov: replace local_irq_save() with a local_lock_t (bsc#1189998). - kcov: avoid enable+disable interrupts if !in_task() (bsc#1189998). - kcov: allocate per-CPU memory on the relevant node (bsc#1189998). - Documentation/kcov: define `ip' in the example (bsc#1189998). - Documentation/kcov: include types.h in the example (bsc#1189998). - commit ce3a059 ++++ libeconf: - Update to version libeconf-0.4.2+git20211111.c7a2c52: * CMake fixes regarding document installation. * Fixed different issues while writing string values to file. * Writing comments to file too. * Fixed memory leaks. * Fixed crash while merging values. ++++ pcre2: - added patches fix revert https://github.com/PhilipHazel/pcre2/commit/080d7789eba00b570181dfe28809b01aa88c01f8 + pcre2-readd-wrappers-POSIX.patch ++++ sg3_utils: - Update to version 1.47: * sg_rep_zones: add support for REPORT ZONE DOMAINS and REPORT REALMS in this utility * sg_raw: fix prints of NVMe NVM command names * sg_logs: additions to Volume statistics lpage [ssc5r05c] - additions to Command duration limits statistics log page [spc6r06] * sg_vpd: fix do_hex type on some recent pages - zoned block dev char vpd: add zone alignment mode and zone starting LBA granularity [zbc2r11] * sg_read_buffer: fix --length= problem * sg_dd, sgm_dd, sgp_dd: don't close negative file descriptors * sg_dd: srand48_r() and mrand48_r() are GNU libc specific, put conditional in so non-reentrant version used otherwise - 'iflag=00,ff' places the 32 bit block address (big endian) into each block * sgp_dd: major rework, fix issue with error being ignored - new: --chkaddr which checks for block address in each block - add check for stdatomic.h presence in configure.ac * sg_xcopy: tweak CSCD identification descriptor * sg_get_elem_status: fix issue with '--maxlen=' option - add 2 depopulation revocation health attributes [sbc5r01] * transport error handling improved. To fix report of a BAD_TARGET transport error but the utility still continued. - introduce SG_LIB_TRANSPORT_ERROR [35] exit status * several utilities: override '--maxlen=LEN' when LEN is < 16 (or 4), take default (or 4) instead * scripts: 55-scsi-sg3_id.rules remove outdated rule (bsc#1189297) * sg_lib: add sg_scsi_status_is_good(), sg_scsi_status_is_bad() and sg_get_zone_type_str() * pt_linux: fix verify(BytChk=0) which Linux SNTL translated to write, other SNTL cleanups * pt_linux_nvme: fix fua setting * pt: check_pt_file_handle() add return value of 5 for - _service updates: * re-enable service, hadn't been used for 1.46 release * use upstream author's git repository, simplify versioning scheme * use obscpio format ++++ libzypp: - Disable logger in the child after fork (bsc#1192436) - version 17.28.8 (22) ++++ lshw: - Update to version B.02.19.2+git.20211102: * merge Github PR#77 * use max (9) Gzip compression * Add Catalan translation * Update POT file * Add more network speeds ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#536 - enable Xorg on s390x (jsc#SLE-18632, jsc#SLE-22176) - 16.57.6 ------------------------------------------------------------------ ------------------ 2021-11-10 - Nov 10 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.6.1 - Fix rsyncing /etc into the running system with - -drop-if-no-change [bsc#1192242] ++++ glib2: - Stop passing fam=true to meson and drop gamin-devel BuildRequires, following upstream default. Following this, drop libgio-fam sub-package. ++++ kernel-default: - scsi: smartpqi: Update version to 2.1.12-055 (jsc#SLE-19277). - scsi: smartpqi: Add 3252-8i PCI id (jsc#SLE-19277). - scsi: smartpqi: Fix duplicate device nodes for tape changers (jsc#SLE-19277). - scsi: smartpqi: Fix boot failure during LUN rebuild (jsc#SLE-19277). - scsi: smartpqi: Add extended report physical LUNs (jsc#SLE-19277). - scsi: smartpqi: Avoid failing I/Os for offline devices (jsc#SLE-19277). - scsi: smartpqi: Add TEST UNIT READY check for SANITIZE operation (jsc#SLE-19277). - scsi: smartpqi: Update LUN reset handler (jsc#SLE-19277). - scsi: smartpqi: Capture controller reason codes (jsc#SLE-19277). - scsi: smartpqi: Add controller handshake during kdump (jsc#SLE-19277). - scsi: smartpqi: Update device removal management (jsc#SLE-19277). - scsi: smartpqi: Replace one-element array with flexible-array member (jsc#SLE-19277). - scsi: smartpqi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19277). - scsi: smartpqi: Update version to 2.1.10-020 (jsc#SLE-19277). - scsi: smartpqi: Fix ISR accessing uninitialized data (jsc#SLE-19277). - scsi: smartpqi: Add PCI IDs for new ZTE controllers (jsc#SLE-19277). - scsi: smartpqi: Add PCI ID for new ntcom controller (jsc#SLE-19277). - scsi: smartpqi: Add SCSI cmd info for resets (jsc#SLE-19277). - scsi: smartpqi: Change Kconfig menu entry to Microchip (jsc#SLE-19277). - scsi: smartpqi: Change driver module macros to Microchip (jsc#SLE-19277). - scsi: smartpqi: Update copyright notices (jsc#SLE-19277). - scsi: smartpqi: Add PCI IDs for H3C P4408 controllers (jsc#SLE-19277). - commit bcef281 - x86/fpu: Use fpstate::size (jsc#SLE-18931). - commit f9fab51 - x86/fpu: Add size and mask information to fpstate (jsc#SLE-18931). - commit 4e0ac7e - x86/process: Move arch_thread_struct_whitelist() out of line (jsc#SLE-18931). - commit f8a7a93 - x86/fpu: Do not leak fpstate pointer on fork (jsc#SLE-18931). - commit 54a4c96 - x86/fpu: Remove fpu::state (jsc#SLE-18931). - commit 1aeab0c - x86/math-emu: Convert to fpstate (jsc#SLE-18931). - commit 3a0d6a3 - x86/fpu/core: Convert to fpstate (jsc#SLE-18931). - commit f154e4c - x86/fpu/signal: Convert to fpstate (jsc#SLE-18931). - commit c811273 - x86/fpu/regset: Convert to fpstate (jsc#SLE-18931). - commit ddc34e9 - x86/fpu: Convert tracing to fpstate (jsc#SLE-18931). - commit 6494d77 - x86/KVM: Convert to fpstate (jsc#SLE-18931). - commit a14d0c2 - x86/fpu: Replace KVMs xstate component clearing (jsc#SLE-18931). - commit dbdf07f - x86/fpu: Convert restore_fpregs_from_fpstate() to struct fpstate (jsc#SLE-18931). - commit 5d24bac - x86/fpu: Convert fpstate_init() to struct fpstate (jsc#SLE-18931). - commit a8d6069 - x86/fpu: Provide struct fpstate (jsc#SLE-18931). - commit 93cdff1 - x86/fpu: Replace KVMs home brewed FPU copy to user (jsc#SLE-18931). - commit 7d64666 - x86/fpu: Provide a proper function for ex_handler_fprestore() (jsc#SLE-18931). - commit 8d40edd - x86/fpu: Replace the includes of fpu/internal.h (jsc#SLE-18931). - commit 64c9a3a - x86/fpu: Mop up the internal.h leftovers (jsc#SLE-18931). - commit 3802fa4 - x86/sev: Include fpu/xcr.h (jsc#SLE-18931). - commit 893d382 - x86/fpu: Remove internal.h dependency from fpu/signal.h (jsc#SLE-18931). - commit 36ba3e4 - x86/fpu: Move fpstate functions to api.h (jsc#SLE-18931). - commit 8b9d235 - x86/fpu: Move mxcsr related code to core (jsc#SLE-18931). - commit 009e4b2 - x86/fpu: Move fpregs_restore_userregs() to core (jsc#SLE-18931). - commit c095776 - net: sched: gred: dynamically allocate tc_gred_qopt_offload (bsc#1189998). - net: sched: remove one pair of atomic operations (bsc#1189998). - net: sched: fix logic error in qdisc_run_begin() (bsc#1189998). - net: sched: Allow statistics reads from softirq (bsc#1189998). - net: sched: Remove Qdisc::running sequence counter (bsc#1189998). - net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types (bsc#1189998). - net: sched: Use _bstats_update/set() instead of raw writes (bsc#1189998). - net: sched: Protect Qdisc::bstats with u64_stats (bsc#1189998). - u64_stats: Introduce u64_stats_set() (bsc#1189998). - gen_stats: Move remaining users to gnet_stats_add_queue() (bsc#1189998). - mq, mqprio: Use gnet_stats_add_queue() (bsc#1189998). - gen_stats: Add gnet_stats_add_queue() (bsc#1189998). - gen_stats: Add instead Set the value in __gnet_stats_copy_basic() (bsc#1189998). - net/sched: sch_ets: properly init all active DRR list handles (bsc#1189998). - net_sched: refactor TC action init API (bsc#1189998). - net/sched: act_skbmod: Add SKBMOD_F_ECN option support (bsc#1189998). - commit 1f00ef0 - x86/fpu: Make WARN_ON_FPU() private (jsc#SLE-18931). - commit a770cfc - x86/fpu: Move legacy ASM wrappers to core (jsc#SLE-18931). - commit 550c5bb - scsi: mpt3sas: Fix reference tag handling for WRITE_INSERT (jsc#SLE-18967). - scsi: mpt3sas: Clean up some inconsistent indenting (jsc#SLE-18967). - scsi: mpt3sas: Call cpu_relax() before calling udelay() (jsc#SLE-18967). - scsi: mpt3sas: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18967). - scsi: mpt3sas: Introduce sas_ncq_prio_supported sysfs sttribute (jsc#SLE-18967). - scsi: mpt3sas: Update driver version to 39.100.00.00 (jsc#SLE-18967). - scsi: mpt3sas: Use firmware recommended queue depth (jsc#SLE-18967). - scsi: mpt3sas: Bump driver version to 38.100.00.00 (jsc#SLE-18967). - scsi: mpt3sas: Add io_uring iopoll support (jsc#SLE-18967). - commit 769c603 - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - ibmvnic: don't stop queue in xmit (bsc#1192273 ltc#194629). - commit 0c1f769 - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - commit 3cece0c - x86/fpu: Move os_xsave() and os_xrstor() to core (jsc#SLE-18931). - commit 0e76265 - x86/fpu: Make os_xrstor_booting() private (jsc#SLE-18931). - commit 5d32b8f - x86/fpu: Clean up CPU feature tests (jsc#SLE-18931). - commit 446c71a - x86/fpu: Move context switch and exit to user inlines into sched.h (jsc#SLE-18931). - commit 93f59dc - scsi: megaraid_sas: Driver version update to 07.719.03.00-rc1 (jsc#SLE-18968). - scsi: megaraid_sas: Add helper functions for irq_context (jsc#SLE-18968). - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (jsc#SLE-18968). - scsi: megaraid: Clean up some inconsistent indenting (jsc#SLE-18968). - scsi: megaraid: Fix Coccinelle warning (jsc#SLE-18968). - scsi: megaraid: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18968). - commit 15f1bb5 - x86/fpu: Mark fpu__init_prepare_fx_sw_frame() as __init (jsc#SLE-18931). - commit d3c4053 - x86/fpu: Rework copy_xstate_to_uabi_buf() (jsc#SLE-18931). - commit 2a28e7e - x86/fpu: Replace KVMs home brewed FPU copy from user (jsc#SLE-18931). - commit d2f0bca - x86/fpu: Move KVMs FPU swapping to FPU core (jsc#SLE-18931). - commit 640c80f - x86/fpu/xstate: Mark all init only functions __init (jsc#SLE-18931). - commit b7fb34b - x86/fpu/xstate: Provide and use for_each_xfeature() (jsc#SLE-18931). - commit 1c5014e - x86/fpu: Cleanup xstate xcomp_bv initialization (jsc#SLE-18931). - commit 135211d - x86/fpu: Do not inherit FPU context for kernel and IO worker threads (jsc#SLE-18931). - commit becc295 - x86/process: Clone FPU in copy_thread() (jsc#SLE-18931). - commit 2d0ab18 - x86/fpu: Remove pointless memset in fpu_clone() (jsc#SLE-18931). - commit 43563a6 - x86/fpu: Cleanup the on_boot_cpu clutter (jsc#SLE-18931). - commit fba46f1 - char/random: reinstantiate DRBGs once optimized sha512 becomes available (jsc#SLE-21132,bsc#1191259). - commit f4f5829 - char/random: wire up userspace interface to SP800-90B compliant drbg (jsc#SLE-21132,bsc#1191259). - commit 08f937f - x86/fpu: Restrict xsaves()/xrstors() to independent states (jsc#SLE-18931). - commit 2680d35 - x86/pkru: Remove useless include (jsc#SLE-18931). - commit 0a37ab9 - x86/fpu: Update stale comments (jsc#SLE-18931). - commit ccb8547 - x86/fpu: Remove pointless argument from switch_fpu_finish() (jsc#SLE-18931). - commit 2a98e69 - Delete patches.suse/sched-fair-Couple-wakee-flips-with-heavy-wakers.patch. Upstream thought the heuristic was too specific. - commit f48e685 - sched: Temporarily restore deprecated scheduler sysctls with a warning (bsc#1192327, bsc#1191396). - commit b45e01a - Update patches.suse/x86-fpu-mask-out-the-invalid-mxcsr-bits-properly.patch (jsc#SLE-18931). - commit 1bb370e - x86/fpu/signal: Fix missed conversion to correct boolean retval in save_xstate_epilog() (jsc#SLE-18931). - commit 88b693c - x86/fpu/signal: Change return code of restore_fpregs_from_user() to boolean (jsc#SLE-18931). - commit bff2e93 - x86/fpu/signal: Change return code of check_xstate_in_sigframe() to boolean (jsc#SLE-18931). - commit 0925586 - x86/fpu/signal: Change return type of __fpu_restore_sig() to boolean (jsc#SLE-18931). - commit 8707aff - trap: cleanup trap_init() (git-fixes). - commit 84c723c - xsurf100: drop include of lib8390.c (git-fixes). - commit b8f067c - x86/fpu/signal: Change return type of fpu__restore_sig() to boolean (jsc#SLE-18931). - commit a9ed3f4 - x86/signal: Change return type of restore_sigcontext() to boolean (jsc#SLE-18931). - commit eacd67e - x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean (jsc#SLE-18931). - commit f83d895 - x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean (jsc#SLE-18931). - commit a72c41f - x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe() (jsc#SLE-18931). - commit 2f939c3 - Removed c0891ac1 patch backporting because it touched many files in different subsystems and it's not necessary for ACPI (jsc#SLE-18523) The c0891ac1 patch causes many "warning: "va_start" redefined" messages when building kernel. The patch touched many files in different subsystem and it's not neceaary for ACPI backporting. So I removed this patch and also respin related patches. (jsc#SLE-18523) - Refresh patches.suse/ACPI-tools-fix-compilation-error.patch. - Delete patches.suse/isystem-ship-and-use-stdarg.h-c0891ac1.patch. - commit b3998a8 - x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe() (jsc#SLE-18931). - commit 05da93a - x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user() (jsc#SLE-18931). - commit d359dfe ++++ ldb: - Update to version 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); + Corrected python docstrings ++++ ceph: - Preservation of Bugzilla, Jira and CVE citations from earlier incarnations of this changes file after double-checking that none of these fixes got lost in the pacific rebase: + bsc#1163764 (--container-init feature cherry-picked to octopus) + bsc#1170200 (mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically) + bsc#1172926 (mgr/orchestrator: Sort 'ceph orch device ls' by host) + bsc#1173079 (mgr/devicehealth: device_health_metrics pool gets created even without any OSDs in the cluster) + bsc#1174466 (mon: have 'mon stat' output json as well) + bsc#1174526 (mgr/dashboard: allow getting fresh inventory data from the orchestrator) + bsc#1174529 (rpm: on SUSE, podman is required for cephadm to work) + bsc#1174644 (cephadm: log to file) + bsc#1175120 (downstream branding) + bsc#1175161 (downstream branding) + bsc#1175169 (downstream branding) + bsc#1176390 (mgr/dashboard: enable different URL for users of browser to Grafana) + bsc#1176451 (Drop patch "rpm: on SUSE, podman is required for cephadm to work") + bsc#1176489 (mgr/cephadm: lock multithreaded access to OSDRemovalQueue) + bsc#1176499 (mgr/cephadm: fix RemoveUtil.load_from_store()) + bsc#1176638 (ceph-volume: batch: call the right prepare method) + bsc#1176679 (mgr/dashboard: enable different URL for users of browser to Grafana) + bsc#1176828 (cephadm: command_unit: call systemctl with verbose=True) + bsc#1177078 (mgr/dashboard: Fix bugs in a unit test and i18n translation) + bsc#1177151 (python-common: do not skip unavailable devices) + bsc#1177319 (--container-init feature cherry-picked to octopus) + bsc#1177344 (mgr/dashboard: support Orchestrator and user-defined Ganesha cluster) + bsc#1177360 (cephadm: silence "Failed to evict container" log msg) + bsc#1177450 (ceph-volume: don't exit before empty report can be printed) + bsc#1177643 (Revert "spec: Podman (temporarily) requires apparmor-abstractions on suse") + bsc#1177676 (cephadm: allow uid/gid == 0 in copy_tree, copy_files, move_files) + bsc#1177843 (CVE-2020-25660) + bsc#1177857 (mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails) + bsc#1177933 (cephadm: configure journald as the logdriver) + bsc#1178531 (cephadm: set default container_image to registry.suse.com/ses/7/ceph/ceph) + bsc#1178837 (rgw: cls/user: set from_index for reset stats calls) + bsc#1178860 (mgr/dashboard: Disable TLS 1.0 and 1.1) + bsc#1178905 (CVE-2020-25678) + bsc#1178932 (cephadm: reference the last local image by digest) + bsc#1179016 (rpm: require smartmontools on SUSE) + bsc#1179452 (mgr/insights: Test environment requires 'six') + bsc#1179526 (rgw: during GC defer, prevent new GC enqueue) + bsc#1179569 (cephadm: reference the last local image by digest) + bsc#1179802 (CVE-2020-27781) + bsc#1179997 (CVE-2020-27839) + bsc#1180107 (ceph-volume: pass --filter-for-batch from drive-group subcommand) + bsc#1180155 (CVE-2020-27781) + bsc#1181291 (mgr/cephadm: alias rgw-nfs -> nfs) + bsc#1182766 (cephadm: fix 'inspect' and 'pull') + bsc#1183074 (CVE-2021-20288) + bsc#1183561 (mgr/cephadm: on ssh connection error, advice chmod 0600) + bsc#1183899 (bluestore: fix huge reads/writes at BlueFS) + bsc#1184231 (cephadm: Allow to use paths in all <_devices> drivegroup sections) + bsc#1184517 (cls/rgw: look for plane entries in non-ascii plain namespace too) + bsc#1185246 (rgw: check object locks in multi-object delete) + bsc#1185619 (CVE-2021-3524) + bsc#1185619 (CVE-2021-3524) + bsc#1186020 (CVE-2021-3531) + bsc#1186021 (CVE-2021-3509) + bsc#1186348 (mgr/zabbix: adapt zabbix_sender default path) + bsc#1188979 ("mgr/cephadm: pass --container-init to "cephadm deploy" if specified" and "Revert "cephadm: default container_init to False") + bsc#1189173 (downstream branding) + jsc#SES-1071 (ceph-volume: major batch refactor - upstream PR#34740) + jsc#SES-185 (SES support with cache software) + jsc#SES-704 (mgr/snap_schedule) ++++ samba: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); - Update to 4.15.2 * CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication; (bso#12444); (bsc#1014440); * CVE-2020-25717: A user on the domain can become root on domain members; (bso#14556); (bsc#1192284); * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC; (bso#14558); (bsc#1192246); * CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets; (bso#14561); (bsc#1192247); * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid); (bso#14557); (bsc#1192505); * CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored; (bso#14564); (bsc#1192283); * CVE-2021-3738: Use after free in Samba AD DC RPC server; (bso#14468); (bsc#1192215); * CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability; (bso#14875); (bsc#1192214); - Update to 4.15.1 * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682); * Log clutter from filename_convert_internal; (bso#14685); * MacOSX compilation fixes; (bso#14862); * rodc_rwdc test flaps; (bso#14868); * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal; (bso#14642); * Python ldb.msg_diff() memory handling failure; (bso#14836); * "in" operator on ldb.Message is case sensitive; (bso#14845); * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848); * samldb_krbtgtnumber_available() looks for incorrect string; (bso#14854); * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871); * Allow special chars like "@" in samAccountName when generating the salt; (bso#14874); * Correctly ignore comments in CTDB public addresses file; (bso#14826); * Fix transit path validation; (bso#12998); * Fix that child winbindd logs to log.winbindd instead of log.wb-; (bso#14852); * SMB3 cancel requests should only include the MID together with AsyncID when AES-128-GMAC is used; (bso#14855); * Prepare to operate with MIT krb5 >= 1.20; (bso#14870); * Heimdal prefers RC4 over AES for machine accounts; (bso#14864); ++++ tk: - New version 8.6.12: * (bug)[7beaed] ttk::bindMouseWheel syntax error * (new) support 4 new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate * (new) Portable keycodes: OE, oe, Ydiaeresis * (bug)[9e1312] to parent after child destroyed * (bug)[d3cd4c] more robust notebook processing * (bug)[234ee4] crash in [clipboard get] invalid encoding * (bug)[be9cad] Poor trace housekeeping -> tkwait segfault * (bug)[9b6065] restore Tcl [update], see window-2.12 * (bug)[34db75,ea876b] cursor motion in peer text * (bug)[c97464] memleak in TkpDrawAngledChars * (bug)[171ba7] crash when grab and focus are not coordinated * crash due to failed transient record housekeeping * (bug)[099109] segfault reusing a container toplevel * (bug)[4efbfe] static package init order in wish * (bug)[033886] Win: hang in font loading * (bug)[8ebed3] multi-thread safety in Xft use * (new)[TIP 608] New virtual event <> ------------------------------------------------------------------ ------------------ 2021-11-9 - Nov 9 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155) ++++ kernel-default: - x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups (jsc#SLE-18931). - commit f1063b0 - x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE for exception fixups (jsc#SLE-18931). - commit cfb074b - x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups (jsc#SLE-18931). - commit c72dfcc - x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE (jsc#SLE-18931). - commit 0827eac - x86/extable: Rework the exception table mechanics (jsc#SLE-18931). - commit 91c2fad - x86/mce: Get rid of stray semicolons (jsc#SLE-18931). - commit 03638cb - x86/mce: Deduplicate exception handling (jsc#SLE-18931). - commit 01e0919 - x86/extable: Get rid of redundant macros (jsc#SLE-18931). - commit 9770234 - x86/extable: Tidy up redundant handler functions (jsc#SLE-18931). - commit ef9303c - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - commit 29916de - crypto: octeontx2 - set assoclen in aead_do_fallback() (git-fixes). - commit dac895e - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - commit 6643391 - crypto: qat - detect PFVF collision after ACK (git-fixes). - commit e7481e9 - crypto: qat - store vf.compatible flag (git-fixes). - commit e25bd9f - crypto: caam - disable pkc for non-E SoCs (git-fixes). - commit 74d1a4c - crypto: qat - power up 4xxx device (git-fixes). - commit 3d9a37e - crypto: qat - fix naming of PF/VF enable functions (git-fixes). - commit 8111874 - crypto: qat - complete all the init steps before service notification (git-fixes). - commit 4e4b1e2 - crypto: qat - enable interrupts only after ISR allocation (git-fixes). - commit f21fda1 - crypto: qat - protect interrupt mask CSRs with a spinlock (git-fixes). - commit 3990e0f - crypto: qat - remove intermediate tasklet for vf2pf (git-fixes). - Refresh patches.suse/crypto-qat-fix-naming-for-init-shutdown-VF-to-PF-not.patch. - commit 5b8bbae - Revert "rpm/config.sh: Compress modules with zstd (jsc#SLE-21256)." This reverts commit 648b5c7cb84366056aed609528029ae9c75c3d37. Reported to cause build problems in IBS. - commit 082e0f1 - crypto: qat - prevent spurious MSI interrupt in PF (git-fixes). - commit 0efbad5 - crypto: qat - move IO virtualization functions (git-fixes). - commit 68d4675 - crypto: qat - move pf2vf interrupt [en|dis]able to adf_vf_isr.c (git-fixes). - commit 756b47d - crypto: qat - rename compatibility version definition (git-fixes). - Refresh patches.suse/crypto-qat-fix-reuse-of-completion-variable.patch. - commit 0a119bc - Delete check.sh that was mistakenly taken into the tree - commit 0bf8e1d - mfd: altera-a10sr: Include linux/module.h (git-fixes). - commit 71795a7 - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mtd: rawnand: arasan: Prevent an unsupported configuration (git-fixes). - mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines (git-fixes). - commit e849ae5 - mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines (git-fixes). - Revert "mtd: rawnand: cs553x: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: lpc32xx_slc: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: ndfc: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: sharpsl: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: tmio: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: txx9ndfmc: Fix external use of SW Hamming ECC helper" (git-fixes). - mtd: rawnand: fsmc: Fix use of SM ORDER (git-fixes). - mtd: rawnand: intel: Fix potential buffer overflow in probe (git-fixes). - commit 7347e0b - mfd: altera-sysmgr: Fix a mistake caused by resource_size conversion (git-fixes). - mfd: sprd: Add SPI device ID table (git-fixes). - mfd: cpcap: Add SPI device ID table (git-fixes). - mfd: altr_a10sr: Add SPI device ID table (git-fixes). - mfd: core: Add missing of_node_put for loop iteration (git-fixes). - cxl/pci: Fix NULL vs ERR_PTR confusion (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i2c: mediatek: fixing the incorrect register offset (git-fixes). - mtd: core: don't remove debugfs directory if device is in use (git-fixes). - commit deece6f - x86/softirq: Disable softirq stacks on PREEMPT_RT (bsc#1189998). - commit acf1ee7 - mm: disable NUMA_BALANCING_DEFAULT_ENABLED and TRANSPARENT_HUGEPAGE on PREEMPT_RT (bsc#1189998). - net/core: disable NET_RX_BUSY_POLL on PREEMPT_RT (bsc#1189998). - crypto: testmgr - Only disable migration in crypto_disable_simd_for_test() (bsc#1189998). - leds: trigger: Disable CPU trigger on PREEMPT_RT (bsc#1189998). - smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block (bsc#1189998). - efi: Allow efi=runtime (bsc#1189998). - efi: Disable runtime services on RT (bsc#1189998). - sched/rt: Annotate the RT balancing logic irqwork as IRQ_WORK_HARD_IRQ (bsc#1189998). - genirq: Disable irqfixup/poll on PREEMPT_RT (bsc#1189998). - genirq: Move prio assignment into the newly created thread (bsc#1189998). - genirq: Update irq_set_irqchip_state documentation (bsc#1189998). - smack: mark 'smack_enabled' global variable as __initdata (bsc#1189998). - genirq: Fix kernel doc indentation (bsc#1189998). - genirq: Change force_irqthreads to a static key (bsc#1189998). - genirq: Clarify documentation for request_threaded_irq() (bsc#1189998). - commit fbda427 ++++ libapparmor: - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155) ++++ harfbuzz: - Update to version 3.1.1: + Work around GCC cast-align error/warning on some platforms. + Documentation improvements. - Drop patch fixed upstream: + harfbuzz-3.1.0-work-around-GCC-cast-align-error-warning.patch ++++ suse-module-tools: - Update to version 15.4.8: * Same as Factory version 16.0.14 * add udev rules from udev-extra-rules (formerly system-tuning-common-SUSE). Both packages are now both obsoleted by suse-module-tools. (jsc#SLE-21032) * 60-io-scheduler.rules: don't use BFQ for real multiqueue devices (jsc#SLE-21032, bsc#1192161) * 60-io-scheduler.rules: use "none" for multipath components (bsc#1192161) ++++ tcl: - New version 8.6.12: * (bug)[d43f96] [string trim*] broken for Emoji * (bug)[22324b] [string reverse] broken for Emoji * (bug)[1dab71,7c64aa] BRE broken by uninitialized value use * (bug)[8419c5] Unix tty channels tolerate EINTR * ** POTENTIAL INCOMPATIBILITY *** * (bug)[4c591f] [string compare] EIAS violation * (bug)[266494] [concat foo [list #]] EIAS violation * (bug)[24b918] Save IO buffers from modern optimizers * (new) support for POSIX error EILSEQ * (bug)[688fcc] segfault during traced delete of alias * (bug)[ccc448] segfault in ensemble rewrite machinery * (new) Update to Unicode-14 * (bug)[a8579d] failed proc argument spec processing * Obsoletes tcl-aa4a13c15516da45.patch - Bump %itclver and ensure it stays in sync. ------------------------------------------------------------------ ------------------ 2021-11-8 - Nov 8 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - PCI: Set dma-can-stall for HiSilicon chips (jsc#SLE-17310). - commit 062d197 - crypto: pcrypt - Delay write to padata->info (git-fixes). - commit 4723c6a - thunderbolt: Fix -Wrestrict warning (jsc#SLE-19438). - commit d228f70 - thunderbolt: Enable retry logic for intra-domain control packets (jsc#SLE-19430 jsc#SLE-19436). - commit 984baff - Update config files (bsc#1192456). CONFIG_IMA_ARCH_POLICY=y CONFIG_IMA_READ_POLICY=y CONFIG_IMA_TRUSTED_KEYRING=y CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y - commit 14c1dff - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - commit e6b961a - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - PCI: j721e: Fix j721e_pcie_probe() error path (git-fixes). - PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge (git-fixes). - PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge (git-fixes). - PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Fix configuring Reference clock (git-fixes). - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge (git-fixes). - PCI: aardvark: Don't spam about PIO Response Status (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - commit bed291e - Drop two USB patches that have been reverted by stable-5.14.17 Deleted: patches.suse/usb-core-hcd-Add-support-for-deferring-roothub-regis.patch patches.suse/xhci-Set-HCD-flag-to-defer-primary-roothub-registrat.patch blacklist.conf: updated - commit c2712fa ++++ libgcrypt: - FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138] * Add libgcrypt-FIPS-disable-3DES.patch ++++ pcsc-tools: - Update to version 1.5.8 * 360 new ATRs * ATR_analysis: + fix TB2 parsing error + misc spelling fixes * pcsc_scan: + add maxtime option -t + add the option -c to list cards only once + no spinner in quiet mode (-q) + turn off colour if redirected output + Exit if no reader is found and -c or -r is used - Run spec-cleaner ++++ ovmf: - Update rpmlintrc (fixes aarch64 build) ++++ toolbox: - Don't install config file in /etc in favor of a built-in default. Avoids empty /etc pulling wrong image. - Handle Leap Micro (boo#1192474) ++++ yast2-trans: - Update to version 84.87.20211108.3133c3ccde: * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * New POT for text domain 'packager'. * New POT for text domain 'installation'. ------------------------------------------------------------------ ------------------ 2021-11-7 - Nov 7 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Update to version 3.0.6: * fixes a segfault on some SELINUX_ERR records * makes IPX packet interpretation dependent on the ipx header file existing * adds b32/b64 support to ausyscall * adds support for armv8l * fixes auditctl list of syscalls on PPC * auditd.service now restarts auditd under some conditions ++++ kernel-default: - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - commit 45659d5 ++++ audit: - Update to version 3.0.6: * fixes a segfault on some SELINUX_ERR records * makes IPX packet interpretation dependent on the ipx header file existing * adds b32/b64 support to ausyscall * adds support for armv8l * fixes auditctl list of syscalls on PPC * auditd.service now restarts auditd under some conditions ++++ libseccomp: - Update to release 2.5.3 * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES ------------------------------------------------------------------ ------------------ 2021-11-6 - Nov 6 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Add librsvg-s390x-cairo-has-current-point.patch for https://github.com/gtk-rs/gtk-rs-core/issues/335 - otherwise the test suite fails on s390x due to a bug in the cairo-rs bindings. ++++ gobject-introspection: - Add explicit libgirepository-1_0-1 Requires to devel subpackage, it was already pulled in via the main package, so no real change. - Use ldconfig_scriptlets macro for post(un) handling. ++++ kernel-default: - Update config files: version bump to 5.14.17 - commit d9ad97b - Linux 5.14.17 (stable-5.14.17). - commit b38f62e - Revert "soc: imx: gpcv2: move reset assert after requesting domain power up" (stable-5.14.17). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (stable-5.14.17). - drm/amdkfd: fix boot failure when iommu is disabled in Picasso (stable-5.14.17). - Revert "drm/i915/gt: Propagate change in error status to children on unhold" (stable-5.14.17). - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" (stable-5.14.17). - sfc: Fix reading non-legacy supported link modes (stable-5.14.17). - drm/i915: Remove memory frequency calculation (stable-5.14.17). - scsi: core: Put LLD module refcnt after SCSI device is released (stable-5.14.17). - vrf: Revert "Reset skb conntrack connection..." (stable-5.14.17). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (stable-5.14.17). - commit f0969c0 - Update patch references for stable-5.14.17 - commit f5fa096 - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - HID: u2fzero: clarify error check and length calculations (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: equilibrium: Fix function addition in multiple groups (git-fixes). - pinctrl: renesas: checker: Fix off-by-one bug in drive register check (git-fixes). - pinctrl: mediatek: mt8195: Add pm_ops (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - commit 3eb7025 - blacklist.conf: Add perf git-fixes checked into userspace package - commit 1d6e569 ++++ harfbuzz: - harfbuzz 3.1.0: * Better offset-overflow handling in the subsetter library * Improved Unicode 14 properties in the USE shaper, and various other USE shaper fixes * MATH and COLR v1 tables subsetting support, and various other subsetter fixes * Support for Pwo Karen / Ason Chin medial la. (Simon Cozens) * Apply GPOS positioning when substituting with morx table, if kerx is missing * Apply calt and clig features across syllable boundaries in Indic shaper * Meson option for enabling Graphite 2 has been renamed to graphite2 * Build and documentation fixes - add harfbuzz-3.1.0-work-around-GCC-cast-align-error-warning.patch ------------------------------------------------------------------ ------------------ 2021-11-5 - Nov 5 2021 ------------------- ------------------------------------------------------------------ ++++ ethtool: - upgrade to upstream version 5.14 (jsc#SLE-17360, jsc#SLE-19267) * upstream 5.9 -> 5.10 - Feature: infrastructure for JSON output - Feature: separate FLAGS in -h output - Feature: use policy dumps to check flags support - Feature: show pause stats (-a) - Feature: pretty printing of policy dumps - Feature: improve error message when SFP module is missing - Fix: use after free in netlink_run_handler() - Fix: leaked instances of struct nl_socket - Fix: improve compatibility between netlink and ioctl (-s) * upstream 5.10 -> 5.12 - Feature: support lanes count (no option and -s) - Fix: fix help message for master-slave parameter (-s) - Fix: better error message for master-slave in ioctl code path - Fix: get rid of compiler warnings in "make check" * upstream 5.12 -> 5.13 - Feature: netlink handler for FEC (--show-fec and --set-fec) - Feature: FEC stats support (--show-fec) - Feature: standard based stats support (-S) - Feature: netlink handler for module EEPROM dump (-m) - Feature: page, bank and i2c selection in module dump (-m) * upstream 5.13 -> 5.14 - Feature: do not silently ignore --json if unsupported - Feature: support new message types in pretty print * drop mainline backports contained in v5.14 ethtool-Improve-compatibility-between-netlink-and-io.patch netlink-do-not-send-messages-and-process-replies-in-.patch netlink-fix-leaked-instances-of-struct-nl_socket.patch netlink-fix-use-after-free-in-netlink_run_handler.patch ++++ kernel-default: - Drop patches.suse/Revert-platform-x86-i2c-multi-instantiate-Don-t-crea.patch again (git-fxies) This needs the fix in tipd driver at first (likey commit 9990f2f6264c). - commit 3c36722 - Update patch reference for ISDN fix (CVE-2021-43389 bsc#1191958) - commit 69afb02 - rtw89: Fix crash by loading compressed firmware file (bsc#1188303). - commit fce817c - soundwire: bus: stop dereferencing invalid slave pointer (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: dwc2: drd: reset current session before setting the new one (git-fixes). - usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled (git-fixes). - usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init (git-fixes). - usb: typec: STUSB160X should select REGMAP_I2C (git-fixes). - usb: musb: select GENERIC_PHY instead of depending on it (git-fixes). - usb: gadget: hid: fix error code in do_config() (git-fixes). - commit e5a5f46 - serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - serial: 8250: fix racy uartclk update (git-fixes). - serial: imx: fix detach/attach of serial console (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: core: Fix initializing and restoring termios speed (git-fixes). - soundwire: debugfs: use controller id and link_id for debugfs (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - staging: rtl8712: fix use-after-free in rtl8712_dl_fw (git-fixes). - commit 9e7d7b6 - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - power: supply: max17040: fix null-ptr-deref in max17040_probe() (git-fixes). - =?UTF-8?q?power:=20supply:=20rt5033=5Fbattery:=20Change?= =?UTF-8?q?=20voltage=20values=20to=20=C2=B5V?= (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: reset: at91-reset: check properly the return value of devm_of_iomap (git-fixes). - phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe() (git-fixes). - phy: qcom-snps: Correct the FSEL_MASK (git-fixes). - Revert "platform/x86: i2c-multi-instantiate: Don't create platform device for INT3515 ACPI nodes" (git-fixes). - commit 0b67117 - phy: ti: gmii-sel: check of_get_address() for failure (git-fixes). - phy: qcom-qusb2: Fix a memory leak on probe (git-fixes). - most: fix control-message timeouts (git-fixes). - iio: buffer: Fix memory leak in iio_buffers_alloc_sysfs_and_mask() (git-fixes). - iio: adc: tsc2046: fix scan interval warning (git-fixes). - iio: core: fix double free in iio_device_unregister_sysfs() (git-fixes). - iio: core: check return value when calling dev_set_name() (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: most: dim2: do not double-register the same device (git-fixes). - phy: micrel: ksz8041nl: do not use power down mode (git-fixes). - commit f2194b0 - iio: buffer: Fix memory leak in iio_buffer_register_legacy_sysfs_groups() (git-fixes). - iio: buffer: Fix double-free in iio_buffers_alloc_sysfs_and_mask() (git-fixes). - iio: buffer: Fix memory leak in __iio_buffer_alloc_sysfs_and_mask() (git-fixes). - iio: buffer: check return value of kstrdup_const() (git-fixes). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - drivers: iio: dac: ad5766: Fix dt property name (git-fixes). - iio: st_pressure_spi: Add missing entries SPI to device ID table (git-fixes). - commit 614338b - component: do not leave master devres group open after bind (git-fixes). - device property: Add missed header in fwnode.h (git-fixes). - driver core: Fix possible memory leak in device_link_add() (git-fixes). - comedi: dt9812: fix DMA buffers on stack (git-fixes). - comedi: ni_usb6501: fix NULL-deref in command paths (git-fixes). - Documentation:devicetree:bindings:iio:dac: Fix val (git-fixes). - iio: adis: do not disabe IRQs in 'adis_init()' (git-fixes). - dt-bindings: iio: magnetometer: asahi-kasei,ak8975 add vid reg (git-fixes). - iio: ad5770r: make devicetree property reading consistent (git-fixes). - iio: st_sensors: disable regulators after device unregistration (git-fixes). - commit 7a34673 - ABI: obsolete/sysfs-bus-iio: add some missing blank lines (git-fixes). - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ABI: sysfs-devices-removable: make a table valid as ReST markup (git-fixes). - ABI: configfs-usb-gadget-uac2: fix a broken table (git-fixes). - ABI: sysfs-platform-dptf: Add tables markup to a table (git-fixes). - comedi: vmk80xx: fix bulk and interrupt message timeouts (git-fixes). - comedi: vmk80xx: fix bulk-buffer overflow (git-fixes). - comedi: vmk80xx: fix transfer-buffer overflows (git-fixes). - char: xillybus: fix msg_ep UAF in xillyusb_probe() (git-fixes). - commit 7b9627f ++++ ceph: - Update to 16.2.6-462-g5fefbbf8888: + rebased on top of upstream commit SHA1 dd7139c66c1d36da50475ec97d8d6b54b07d1dea * (bsc#1191751) rgw/tracing: unify SO version numbers within librgw2 package * spec: make selinux scriptlets respect CEPH_AUTO_RESTART_ON_UPGRADE ++++ systemd-presets-common-SUSE: - Replace the pipewire-media-session preset with a wireplumber user service preset to enable it by default. ------------------------------------------------------------------ ------------------ 2021-11-4 - Nov 4 2021 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Stop passing no longer used nor recognized options jasper=false and x11=false to meson, fails the build when using meson 0.60.x. ++++ glibc: - 0001-s390x-Align-child-stack-while-clone.-BZ-27968.patch, 0002-S390-Optimize-__memcpy_z196.patch, 0003-S390-Optimize-__memset_z196.patch, 0004-S390-Sync-HWCAP-names-with-kernel-by-adding-aliases-.patch, 0005-S390-Add-new-hwcap-values.patch, 0006-S390-Add-PCI_MIO-and-SIE-HWCAPs.patch: [15sp4 FEAT] GNU2007 - GLIBC: Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ++++ kernel-default: - Update patch reference for a net fix (CVE-2021-43267 bsc#1192341) - commit f6e8d1c - ALSA: usb-audio: Input source control - digidesign mbox (git-fixes). - commit 5b93860 - ALSA: usb-audio: Add support for the Pioneer DJM 750MK2 Mixer/Soundcard (git-fixes). - commit 587cd4a - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - commit df7bc2c - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (git-fixes). - ALSA: mixer: oss: Fix racy access to slots (git-fixes). - commit dee578e - clk: qcom: gcc-sc7280: Drop unused array (git-fixes). - commit dbfffa3 - soc: qcom: apr: Add of_node_put() before return (git-fixes). - soc: qcom: rpmhpd: fix sm8350_mxc's peer domain (git-fixes). - soc: qcom: socinfo: add two missing PMIC IDs (git-fixes). - soc: qcom: rpmhpd: Make power_on actually enable the domain (git-fixes). - soc: samsung: pm_domains: drop unused is_off field (git-fixes). - soc: samsung: exynos-pmu: Fix compilation when nothing selects CONFIG_MFD_CORE (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: qcom: llcc: Disable MMUHWT retention (git-fixes). - virtio_ring: check desc == NULL when using indirect with packed (git-fixes). - commit 46f0c26 - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash (git-fixes). - memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - of: unittest: fix EXPECT text for gpio hog errors (git-fixes). - of: remove duplicate declarations of __of_*_sysfs() functions (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - commit eb8bc37 - clk: at91: clk-master: fix prescaler logic (git-fixes). - clk: at91: clk-master: check if div or pres is zero (git-fixes). - clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL (git-fixes). - clk: at91: check pmc node status before registering syscore ops (git-fixes). - clk: rockchip: use module_platform_driver_probe (git-fixes). - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths (git-fixes). - clk: qcom: gcc: Remove CPUSS clocks control for SC7280 (git-fixes). - bus: ti-sysc: Fix timekeeping_suspended warning on resume (git-fixes). - docs: f2fs: fix text alignment (git-fixes). - docs: UML: user_mode_linux_howto_v2 edits (git-fixes). - commit e03ec55 - ASoC: rsnd: Fix an error handling path in 'rsnd_node_count()' (git-fixes). - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: tegra: Set default card name for Trimslice (git-fixes). - ASoC: tegra: Restore AC97 support (git-fixes). - ASoC: soc-pcm: restore mixer functionality (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: wcd9335: Use correct version to initialize Class H (git-fixes). - ASoC: ti: rename CONFIG_SND_SOC_DM365_VOICE_CODEC_MODULE (git-fixes). - commit a8c85b8 - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: meson: t9015: Add missing AVDD-supply property (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Don't set defaults for volatile registers (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Always configure both ASP TX channels (git-fixes). - ALSA: oxfw: fix functional regression for Mackie Onyx 1640i in v5.14 or later (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: line6: fix control and interrupt message timeouts (git-fixes). - commit 8645368 - ALSA: 6fire: fix control and bulk message timeouts (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ABI: sysfs-platform-intel-pmc: add blank lines to make it valid for ReST (git-fixes). - ABI: sysfs-platform-dell-privacy-wmi: correct ABI entries (git-fixes). - commit 19d7af3 - Move upstreamed patches into sorted section - commit d1ff8bb - locking: Remove spin_lock_flags() etc (bsc#1190137). - locking/rwsem: Fix comments about reader optimistic lock stealing conditions (bsc#1190137). - locking: Remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1190137). - locking/rwsem: Disable preemption for spinning region (bsc#1190137). - locking/rwbase: Optimize rwbase_read_trylock (bsc#1190137 bsc#1189998). - rtmutex: Wake up the waiters lockless while dropping the read lock (bsc#1190137 bsc#1189998). - rtmutex: Check explicit for TASK_RTLOCK_WAIT (bsc#1190137 bsc#1189998). - locking/rt: Take RCU nesting into account for __might_resched() (bsc#1190137 bsc#1189998). - sched: Make cond_resched_lock() variants RT aware (bsc#1190137 bsc#1189998). - sched: Make RCU nest depth distinct in __might_resched() (bsc#1190137 bsc#1189998). - sched: Make might_sleep() output less confusing (bsc#1190137 bsc#1189998). - sched: Cleanup might_sleep() printks (bsc#1190137 bsc#1189998). - sched: Remove preempt_offset argument from __might_sleep() (bsc#1190137 bsc#1189998). - sched: Make cond_resched_*lock() variants consistent vs. might_sleep() (bsc#1190137 bsc#1189998). - sched: Clean up the might_sleep() underscore zoo (bsc#1190137 bsc#1189998). - locking/ww-mutex: Fix uninitialized use of ret in test_aa() (bsc#1190137). - lockdep: Improve comments in wait-type checks (bsc#1190137). - lockdep: Let lock_is_held_type() detect recursive read as read (bsc#1190137). - kernel/locking: Add context to ww_mutex_trylock() (bsc#1190137). - commit 86065d6 ++++ libvirt: - Update to libvirt 7.9.0 - jsc#SLE-19264 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: 3f9c1a4b-fix-host-validate-sev.patch, 2703b0b5-qemu-dont-report-eof.patch, 1b9ce05c-lxc-fix-cgroupV1.patch - Include collection of active VM config files in the supportconfig plugin ++++ libzypp: - Check log writer before accessing it (fixes #355, bsc#1192337) - Save locks: Update an existing locks changed comment string. - Allow uname-r format in purge kernels keepspec (fixes openSUSE/zypper#418) - version 17.28.7 (22) ++++ python-libvirt-python: - Update to 7.9.0 - Add all new APIs and constants in libvirt 7.9.0 - jsc#SLE-19264 ++++ wicked: - dbus: config files in /usr shouldn't be marked as config in spec ------------------------------------------------------------------ ------------------ 2021-11-3 - Nov 3 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Add git-36-16d1cb895c2742e96a56af98111f8281bedd3188.patch: * Add $HOME/.local/bin to PATH, if it exists (bsc#1192248) ++++ cockpit-branding-openSUSE-Leap-Micro: - initial package ++++ haproxy: - Update to version 2.4.8+git0.d1f8d41e0: * [RELEASE] Released version 2.4.8 * SCRIPTS: git-show-backports: re-enable file-based filtering * DOC/peers: some grammar fixes for peers 2.1 spec * MINOR: stream: Improve dump of bogus streams * BUILD/MINOR: cpuset freebsd build fix * DOC: config: Fix alphabetical order of fc_* samples * BUG/MINOR: sample: fix backend direction flags consecutive to last fix * BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags * BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data * BUG/MINOR: http: Authorization value can have multiple spaces after the scheme * BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration * MINOR: halog: Add support for extracting captures using -hdr * BUG/MINOR: halog: Add missing newlines in die() messages * CLEANUP: halog: Use consistent indentation in help() * MINOR: halog: Rename -qry to -query * DOC: halog: Move the `-qry` parameter into the correct section in help text * MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX * BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions * BUG/MEDIUM: resolvers: Don't recursively perform requester unlink * MEDIUM: resolvers: remove the last occurrences of the "safe" argument * MEDIUM: resolvers: use a kill list to preserve the list consistency * CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT * CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters * CLEANUP: always initialize the answer_list * CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() * BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released * BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed * BUILD: atomic: fix build on mac/arm64 * BUG/MINOR: backend: fix improper insert in avail tree for always reuse * BUILD: fix compilation on NetBSD * MINOR: memprof: add one pointer size to the size of allocations * MINOR: memprof: report the delta between alloc and free on realloc() * BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems * BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame * BUG/MINOR: task: do not set TASK_F_USR1 for no reason * BUG/MAJOR: buf: fix varint API post- vs pre- increment * BUG/MEDIUM: resolvers: always check a valid item in query_list * BUILD: resolvers: avoid a possible warning on null-deref * BUG/MAJOR: resolvers: add other missing references during resolution removal * MINOR: resolvers: merge address and target into a union "data" * BUG/MEDIUM: resolvers: use correct storage for the target address * BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix * MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero * BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records * BUG/MEDIUM: resolver: make sure to always use the correct hostname length * MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero * BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier * BUG/MAJOR: dns: tcp session can remain attached to a list after a free * BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors * Revert "CLEANUP: server: always include the storage for SSL settings" * BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error * BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD * BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data * BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back * MINOR: initcall: Rename __GLOBL and __GLOBL1. * DOC: configuration: add clarification on escaping in keyword arguments * BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames * BUG/MEDIUM: sample: properly verify that variables cast to sample * MINOR: sample: provide a generic var-to-sample conversion function * CLEANUP: sample: uninline sample_conv_var2smp_str() * CLEANUP: sample: rename sample_conv_var2smp() to *_sint * CLEANUP: server: always include the storage for SSL settings ++++ kernel-default: - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - commit 3274f52 - Move upstreamed patches into sorted section - commit 8e8bf1d - Revert "PM: sleep: Do not assume that "mem" is always present" (git-fixes). - commit c0f0040 - wilc1000: fix possible memory leak in cfg_scan_result() (git-fixes). - commit 663fdc6 - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Channel list update before hardware scan (git-fixes). - wcn36xx: Fix discarded frames due to wrong sequence number (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - Revert "wcn36xx: Disable bmps when encryption is disabled" (git-fixes). - wcn36xx: Fix tx_status mechanism (git-fixes). - wcn36xx: Fix (QoS) null data frame bitrate/modulation (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: Fix Antenna Diversity Switching (git-fixes). - commit c191910 - thermal/core: fix a UAF bug in __thermal_cooling_device_register() (git-fixes). - PM: EM: Fix inefficient states detection (git-fixes). - PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions (git-fixes). - rsi: fix control-message timeout (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: fix rate mask set leading to P2P failure (git-fixes). - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 (git-fixes). - rsi: fix occasional initialisation failure with BT coex (git-fixes). - commit 0e59d7a - PM: sleep: Do not assume that "mem" is always present (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mt76: mt7615: mt7622: fix ibss and meshpoint (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mt76: mt7615: fix monitor mode tear down crash (git-fixes). - mt76: mt7921: fix retrying release semaphore without end (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7615: fix hwmon temp sensor mem use-after-free (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - commit 11ac107 - mt76: mt7915: fix hwmon temp sensor mem use-after-free (git-fixes). - mt76: mt7921: always wake device if necessary in debugfs (git-fixes). - mt76: mt7921: fix kernel warning from cfg80211_calculate_bitrate (git-fixes). - mt76: mt7921: fix firmware usage of RA info using legacy rates (git-fixes). - mt76: mt7921: report HE MU radiotap (git-fixes). - mt76: overwrite default reg_ops if necessary (git-fixes). - mt76: connac: fix GTK rekey offload failure on WPA mixed mode (git-fixes). - mt76: mt7921: fix dma hang in rmmod (git-fixes). - mt76: mt7915: fix bit fields for HT rate idx (git-fixes). - mt76: mt7915: fix potential overflow of eeprom page index (git-fixes). - commit 282c2b4 - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - commit 19163fe - mt76: mt7921: Fix out of order process by invalid event pkt (git-fixes). - mt76: mt7915: fix mgmt frame using unexpected bitrate (git-fixes). - mt76: mt7921: fix mgmt frame using unexpected bitrate (git-fixes). - mt76: add mt76_default_basic_rate more devices can rely on (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7921: fix survey-dump reporting (git-fixes). - mt76: fix build error implicit enumeration conversion (git-fixes). - mt76: connac: fix mt76_connac_gtk_rekey_tlv usage (git-fixes). - mt76: mt7915: fix info leak in mt7915_mcu_set_pre_cal() (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt7921: fix endianness warning in mt7921_update_txs (git-fixes). - commit d1310f8 - iwlwifi: fw: uefi: add missing include guards (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mt76: mt7915: fix endianness warning in mt7915_mac_add_txs_skb (git-fixes). - mt76: mt7921: fix endianness in mt7921_mcu_tx_done_event (git-fixes). - iwlwifi: cfg: set low-latency-xtal for some integrated So devices (git-fixes). - iwlwifi: mvm: reset PM state on unsuccessful resume (git-fixes). - gve: Track RX buffer allocation failures (git-fixes). - gve: Allow pageflips on larger pages (git-fixes). - commit 110b62b - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/amdgpu: fix a potential memory leak in amdgpu_device_fini_sw() (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - fbdev/efifb: Release PCI device's runtime PM ref during FB destroy (git-fixes). - gve: Add netif_set_xps_queue call (git-fixes). - gve: Recover from queue stall due to missed IRQ (git-fixes). - gve: Do lazy cleanup in TX path (git-fixes). - gve: Add rx buffer pagecnt bias (git-fixes). - gve: Switch to use napi_complete_done (git-fixes). - gve: DQO: avoid unused variable warnings (git-fixes). - commit 55a8612 - drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8" (git-fixes). - commit 542acac - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: Fix potential Oops in a6xx_gmu_rpmh_init() (git-fixes). - drm/amdkfd: Fix an inappropriate error handling in allloc memory of gpu (git-fixes). - drm: fb_helper: fix CONFIG_FB dependency (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu: move amdgpu_virt_release_full_gpu to fini_early stage (git-fixes). - commit b55334e - drm/amd/display: Revert "Directly retrain link from debugfs" (git-fixes). - drm: bridge: it66121: Fix return value it66121_probe (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/bridge: it66121: Wait for next bridge to be probed (git-fixes). - drm/bridge: it66121: Initialize {device,vendor}_ids (git-fixes). - drm/bridge: anx7625: Propagate errors from sp_tx_rst_aux() (git-fixes). - cfg80211: always free wiphy specific regdomain (git-fixes). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - commit c29b2e3 - ath6kl: fix division by zero in send path (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - ath11k: Fix memory leak in ath11k_qmi_driver_event_work (git-fixes). - ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status (git-fixes). - ath11k: Avoid race during regd updates (git-fixes). - ath11k: fix some sleeping in atomic bugs (git-fixes). - commit 4e5d1a9 - amd/display: remove ChromeOS workaround (git-fixes). - ACPI: PM: Fix sharing of wakeup power resources (git-fixes). - ACPI: PM: Turn off unused wakeup power resources (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix module load regression with iram-recovery feature (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Don't always treat modem stop events as crashes (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - commit dfaf1e9 - Revert "net: hns3: fix pause config problem after autoneg disabled" (git-fixes). - commit ea23b32 - Update config files: version bump to 5.14.16 - commit b93546f - Linux 5.14.16 (stable-5.14.16). - commit e533e4f - perf script: Fix PERF_SAMPLE_WEIGHT_STRUCT support (stable-5.14.16). - perf script: Check session->header.env.arch before using it (stable-5.14.16). - KVM: x86: Take srcu lock in post_kvm_run_save() (stable-5.14.16). - KVM: SEV-ES: fix another issue with string I/O VMGEXITs (stable-5.14.16). - KVM: x86/xen: Fix kvm_xen_has_interrupt() sleeping in kvm_vcpu_block() (stable-5.14.16). - KVM: x86: switch pvclock_gtod_sync_lock to a raw spinlock (stable-5.14.16). - scsi: ufs: ufs-exynos: Correct timeout value setting registers (stable-5.14.16). - riscv: Fix asan-stack clang build (stable-5.14.16). - riscv: Do not re-populate shadow memory with kasan_populate_early_shadow (stable-5.14.16). - riscv: fix misalgned trap vector base address (stable-5.14.16). - commit 09b4969 - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - Refresh patches.suse/bpf-Fix-error-usage-of-map_fd-and-fdget-in-generic_m.patch. - commit cedd276 - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (stable-5.14.16). - KVM: s390: clear kicked_mask before sleeping again (stable-5.14.16). - octeontx2-af: Check whether ipolicers exists (stable-5.14.16). - net: hns3: expand buffer len for some debugfs command (stable-5.14.16). - net: hns3: add more string spaces for dumping packets number of queue info in debugfs (stable-5.14.16). - phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings (stable-5.14.16). - RDMA/irdma: Do not hold qos mutex twice on QP resume (stable-5.14.16). - RDMA/irdma: Set VLAN in UD work completion correctly (stable-5.14.16). - RDMA/irdma: Process extended CQ entries correctly (stable-5.14.16). - commit 53d65f5 - net: ethernet: microchip: lan743x: Fix skb allocation failure (stable-5.14.16). - net/tls: Fix flipped sign in async_wait.err assignment (stable-5.14.16). - net: hns3: fix data endian problem of some functions of debugfs (stable-5.14.16). - net: hns3: fix pause config problem after autoneg disabled (stable-5.14.16). - net: nxp: lpc_eth.c: avoid hang when bringing interface down (stable-5.14.16). - phy: phy_start_aneg: Add an unlocked version (stable-5.14.16). - phy: phy_ethtool_ksettings_set: Move after phy_start_aneg (stable-5.14.16). - phy: phy_ethtool_ksettings_get: Lock the phy for consistency (stable-5.14.16). - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent (stable-5.14.16). - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails (stable-5.14.16). - commit df8349f - ice: check whether PTP is initialized in ice_ptp_release() (stable-5.14.16). - mlxsw: pci: Recycle received packet upon allocation failure (stable-5.14.16). - net-sysfs: initialize uid and gid before calling net_ns_get_ownership (stable-5.14.16). - net: Prevent infinite while loop in skb_tx_hash() (stable-5.14.16). - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (stable-5.14.16). - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (stable-5.14.16). - RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR (stable-5.14.16). - RDMA/mlx5: Set user priority for DCT (stable-5.14.16). - reset: brcmstb-rescal: fix incorrect polarity of status bit (stable-5.14.16). - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (stable-5.14.16). - commit 97aac17 - nvmet-tcp: fix data digest pointer calculation (stable-5.14.16). - nvme-tcp: fix data digest pointer calculation (stable-5.14.16). - nvme-tcp: fix possible req->offset corruption (stable-5.14.16). - octeontx2-af: Fix possible null pointer dereference (stable-5.14.16). - octeontx2-af: Display all enabled PF VF rsrc_alloc entries (stable-5.14.16). - tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function (stable-5.14.16). - bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch() (stable-5.14.16). - ice: Respond to a NETDEV_UNREGISTER event for LAG (stable-5.14.16). - IB/hfi1: Fix abba locking issue with sc_disable() (stable-5.14.16). - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (stable-5.14.16). - commit a55a0c7 - drm/ttm: fix memleak in ttm_transfered_destroy (stable-5.14.16). - drm/amd/display: Fallback to clocks which meet requested voltage on DCN31 (stable-5.14.16). - drm/amdgpu: support B0&B1 external revision id for yellow carp (stable-5.14.16). - drm/amd/display: Moved dccg init to after bios golden init (stable-5.14.16). - drm/amd/display: Increase watermark latencies for DCN3.1 (stable-5.14.16). - drm/amd/display: increase Z9 latency to workaround underflow in Z9 (stable-5.14.16). - drm/amd/display: Fix prefetch bandwidth calculation for DCN3.1 (stable-5.14.16). - drm/amd/display: Limit display scaling to up to true 4k for DCN 3.1 (stable-5.14.16). - riscv, bpf: Fix potential NULL dereference (stable-5.14.16). - cgroup: Fix memory leak caused by missing cgroup_bpf_offline (stable-5.14.16). - commit e3a5ce8 - mm: khugepaged: skip huge page collapse for special files (stable-5.14.16). - mm, thp: bail out early in collapse_file for writeback page (stable-5.14.16). - mm: filemap: check if THP has hwpoisoned subpage for PMD page fault (stable-5.14.16). - mm: hwpoison: remove the unnecessary THP check (stable-5.14.16). - drm/amd/display: Require immediate flip support for DCN3.1 planes (stable-5.14.16). - arm64: dts: imx8mm-kontron: Fix connection type for VSC8531 RGMII PHY (stable-5.14.16). - arm64: dts: imx8mm-kontron: Fix CAN SPI clock frequency (stable-5.14.16). - arm64: dts: imx8mm-kontron: Fix polarity of reg_rst_eth2 (stable-5.14.16). - arm64: dts: imx8mm-kontron: Set lower limit of VDD_SNVS to 800 mV (stable-5.14.16). - arm64: dts: imx8mm-kontron: Make sure SOC and DRAM supply voltages are correct (stable-5.14.16). - commit 274ce5a - nvme-tcp: fix H2CData PDU send accounting (again) (stable-5.14.16). - block: Fix partition check for host-aware zoned block devices (stable-5.14.16). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (stable-5.14.16). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (stable-5.14.16). - net/tls: Fix flipped sign in tls_err_abort() calls (stable-5.14.16). - tipc: fix size validations for the MSG_CRYPTO type (stable-5.14.16). - ftrace/nds32: Update the proto for ftrace_trace_function to match ftrace_stub (stable-5.14.16). - ata: sata_mv: Fix the error handling of mv_chip_id() (stable-5.14.16). - pinctrl: amd: disable and mask interrupts on probe (stable-5.14.16). - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode" (stable-5.14.16). - commit 26c5964 - usbnet: fix error return code in usbnet_probe() (stable-5.14.16). - ARM: 9148/1: handle CONFIG_CPU_ENDIAN_BE32 in arch/arm/kernel/head.S (stable-5.14.16). - ARM: 9141/1: only warn about XIP address when not compile testing (stable-5.14.16). - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (stable-5.14.16). - ARM: 9138/1: fix link warning with XIP + frame-pointer (stable-5.14.16). - ARM: 9134/1: remove duplicate memcpy() definition (stable-5.14.16). - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (stable-5.14.16). - ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images (stable-5.14.16). - usbnet: sanity check for maxpacket (stable-5.14.16). - commit 47b76d0 - Update patch references for stable-5.14.16 - commit 88fbd03 ++++ python3-core: - 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH ++++ patterns-microos: - adjustments to be able to build for Leap (boo#1192518) ++++ python3: - 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#532 - merge gh#openSUSE/installation-images#521 - Fix conditions for turning on/off zram (bcs#1187434) - 16.57.5 - merge gh#openSUSE/installation-images#531 - increase minimal ext2 fs size to 128 kiB (bsc#1192213) - 16.57.4 ------------------------------------------------------------------ ------------------ 2021-11-2 - Nov 2 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Add cargo_audit service - Resolve incomplete use of services for getting source tars. - Update to version 5.0.0: * cargo: Afterburn release 5.0.0 * providers: add Azure Stack Hub (azurestack) * providers: move azure into microsoft module * build(deps): bump anyhow from 1.0.39 to 1.0.40 * ci: adapt to new buildroot image * build(deps): bump serde from 1.0.124 to 1.0.125 * build(deps): bump anyhow from 1.0.38 to 1.0.39 * cargo: accept mockito 0.29 * build(deps): bump mockito from 0.29.0 to 0.30.0 * cli: stop wrapping command-line parse errors * Switch from error-chain to anyhow ++++ librsvg: - Add cargo audit obs service ++++ haveged: - revert last change, e.g. for VMs where we are not being fed entropy from the host or similar setups. ++++ kernel-default: - Update patch reference for selinux fix (CVE-2021-43057 bsc#1192260) - commit 23a504e - Update reference tag to the right issuses. - Update patches.suse/gpio-mlxbf2-Convert-to-device-PM-ops.patch (jsc#SLE-19248 jsc#SLE-19789). - Update patches.suse/gpio-mlxbf2-Drop-wrong-use-of-ACPI_PTR.patch (jsc#SLE-19248 jsc#SLE-19789). - Update patches.suse/gpio-mlxbf2-Use-DEFINE_RES_MEM_NAMED-helper-macro.patch (jsc#SLE-19248 jsc#SLE-19789). - Update patches.suse/gpio-mlxbf2-Use-devm_platform_ioremap_resource.patch (jsc#SLE-19248 jsc#SLE-19789). - commit d6c0a5e - spi: spi-rpc-if: Check return value of rpcif_sw_init() (git-fixes). - spi: Fixed division by zero warning (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - tpm_tis_spi: Add missing SPI ID (git-fixes). - tpm: fix Atmel TPM crash caused by too frequent queries (git-fixes). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - commit d58beb2 - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - mmc: sdhci-omap: Fix context restore (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: ir_toy: assignment to be16 should be of correct type (git-fixes). - media: ivtv: fix build for UML (git-fixes). - media: rkvdec: Support dynamic resolution changes (git-fixes). - media: rkvdec: Do not override sizeimage for output format (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - commit 747b3ec - media: CEC: keep related menu entries together (git-fixes). - Update config files. - commit db3b570 - media: venus: fix vpp frequency calculation for decoder (git-fixes). - media: em28xx: Don't use ops->suspend if it is NULL (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: atmel: fix the ispck initialization (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - commit 58ed58d - media: sun6i-csi: Allow the video device to be open multiple times (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: imx-jpeg: Fix the error handling path of 'mxc_jpeg_probe()' (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: mtk-vcodec: venc: fix return value when start_streaming fails (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: ov8856: Set default mbus format but allow caller to alter (git-fixes). - media: imx258: Fix getting clock frequency (git-fixes). - commit 10ca4a5 - mailbox: Remove WARN_ON for async_cb.cb in cmdq_exec_done (git-fixes). - ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()' (git-fixes). - ipmi:watchdog: Set panic count to proper value on a panic (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: ttusb-dec: avoid release of non-acquired mutex (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: meson-ge2d: Fix rotation parameter changes detection in 'ge2d_s_ctrl()' (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - irqchip: Fix compile-testing without CONFIG_OF (git-fixes). - commit 962eefd - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - hwmon: (tmp401) Drop support for TMP461 (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fortify: Fix dropped strcpy() compile-time write overflow check (git-fixes). - commit c3d9755 - Move more upstreamed patches into sorted section - commit 6bd75c5 - Move upstreamed patches into sorted section - commit 3505517 - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move BPF_MAP_TYPE for INODE_STORAGE and TASK_STORAGE outside of CONFIG_NET (git-fixes). - commit 7b0e1e4 ++++ libgcrypt: - FIPS: PBKDF requirements [bsc#1185137] * The PBKDF2 selftests were introduced in libgcrypt version 1.9.1 in the function selftest_pbkdf2() * Upstream task: https://dev.gnupg.org/T5182 ------------------------------------------------------------------ ------------------ 2021-11-1 - Nov 1 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Drop patches where were added for ustat() glibc doesn't expose this system call anymore, and so no point in carrying this delta. LTP does test for this but the test uses its own headers instead of libc for it. It is not worth carrying this delta for a deprecated call. This patch set was tested with kernel-ci and found no new regressions with btrfs. - Delete patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch. - Delete patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch. - commit ea7c7f6 - iommu/dart: Clear sid2group entry when a group is freed (bsc#1192202). - iommu/dart: Remove iommu_flush_ops (bsc#1192202). - commit bfa1796 - iommu: Merge strictness and domain type configs (bsc#1192202). - Update config files. - commit d1fa7e3 - iommu/dart: Add DART iommu driver (bsc#1192202). - Update config files. - commit 5aaf175 - check.sh: - iommu: Enhance IOMMU default DMA mode build options (bsc#1192202). - Update config files. - commit 2189b47 - iommu/io-pgtable: Abstract iommu_iotlb_gather access (bsc#1192202). - iommu/vt-d: Add present bit check in pasid entry setup helpers (bsc#1192202). - iommu/vt-d: Use pasid_pte_is_present() helper function (bsc#1192202). - iommu/vt-d: Drop the kernel doc annotation (bsc#1192202). - iommu/vt-d: Allow devices to have more than 32 outstanding PRs (bsc#1192202). - iommu/vt-d: Preset A/D bits for user space DMA usage (bsc#1192202). - iommu/vt-d: Enable Intel IOMMU scalable mode by default (bsc#1192202). - iommu/vt-d: Refactor Kconfig a bit (bsc#1192202). - iommu/vt-d: Remove unnecessary oom message (bsc#1192202). - iommu: Allow enabling non-strict mode dynamically (bsc#1192202). - iommu: Only log strictness for DMA domains (bsc#1192202). - iommu: Expose DMA domain strictness via sysfs (bsc#1192202). - iommu: Express DMA strictness via the domain type (bsc#1192202). - iommu/vt-d: Prepare for multiple DMA domain types (bsc#1192202). - iommu/arm-smmu: Prepare for multiple DMA domain types (bsc#1192202). - iommu/amd: Prepare for multiple DMA domain types (bsc#1192202). - iommu: Introduce explicit type for non-strict DMA domains (bsc#1192202). - iommu/io-pgtable: Remove non-strict quirk (bsc#1192202). - iommu: Indicate queued flushes via gather data (bsc#1192202). - iommu/dma: Remove redundant "!dev" checks (bsc#1192202). - iommu/virtio: Drop IOVA cookie management (bsc#1192202). - iommu/sun50i: Drop IOVA cookie management (bsc#1192202). - iommu/sprd: Drop IOVA cookie management (bsc#1192202). - iommu/rockchip: Drop IOVA cookie management (bsc#1192202). - iommu/mtk: Drop IOVA cookie management (bsc#1192202). - iommu/ipmmu-vmsa: Drop IOVA cookie management (bsc#1192202). - iommu/exynos: Drop IOVA cookie management (bsc#1192202). - iommu/vt-d: Drop IOVA cookie management (bsc#1192202). - iommu/arm-smmu: Drop IOVA cookie management (bsc#1192202). - iommu/amd: Drop IOVA cookie management (bsc#1192202). - iommu: Pull IOVA cookie management into the core (bsc#1192202). - iommu/amd: Remove stale amd_iommu_unmap_flush usage (bsc#1192202). - iommu/amd: Use only natural aligned flushes in a VM (bsc#1192202). - iommu/amd: Sync once for scatter-gather operations (bsc#1192202). - iommu/amd: Tailored gather logic for AMD (bsc#1192202). - iommu: Factor iommu_iotlb_gather_is_disjoint() out (bsc#1192202). - iommu: Improve iommu_iotlb_gather helpers (bsc#1192202). - iommu/amd: Do not use flush-queue when NpCache is on (bsc#1192202). - iommu/amd: Selective flush on unmap (bsc#1192202). - iommu/amd: Fix printing of IOMMU events when rate limiting kicks in (bsc#1192202). - iommu/amd: Convert from atomic_t to refcount_t on pasid_state->count (bsc#1192202). - iommu/arm-smmu: Fix missing unlock on error in arm_smmu_device_group() (bsc#1192202). - iommu/arm-smmu-v3: Stop pre-zeroing batch commands (bsc#1192202). - iommu/arm-smmu-v3: Extract reusable function __arm_smmu_cmdq_skip_err() (bsc#1192202). - iommu/arm-smmu-v3: Add and use static helper function arm_smmu_get_cmdq() (bsc#1192202). - iommu/arm-smmu-v3: Add and use static helper function arm_smmu_cmdq_issue_cmd_with_sync() (bsc#1192202). - iommu/arm-smmu-v3: Use command queue batching helpers to improve performance (bsc#1192202). - iommu/arm-smmu: Optimize ->tlb_flush_walk() for qcom implementation (bsc#1192202). - iommu/arm-smmu: Fix race condition during iommu_group creation (bsc#1192202). - iommu: Fix race condition during default domain allocation (bsc#1192202). - iommu/arm-smmu: Add clk_bulk_{prepare/unprepare} to system pm callbacks (bsc#1192202). - iommu/arm-smmu-v3: Remove some unneeded init in arm_smmu_cmdq_issue_cmdlist() (bsc#1192202). - iommu/dart: APPLE_DART should depend on ARCH_APPLE (bsc#1192202). - dt-bindings: iommu: add DART iommu bindings (bsc#1192202). - iommu/io-pgtable: Add DART pagetable format (bsc#1192202). - iommu/arm-smmu-v3: Implement the map_pages() IOMMU driver callback (bsc#1192202). - iommu/arm-smmu-v3: Implement the unmap_pages() IOMMU driver callback (bsc#1192202). - iommu/vt-d: Move clflush'es from iotlb_sync_map() to map_pages() (bsc#1192202). - iommu/vt-d: Implement map/unmap_pages() iommu_ops callback (bsc#1192202). - iommu/vt-d: Report real pgsize bitmap to iommu core (bsc#1192202). - iommu: Streamline iommu_iova_to_phys() (bsc#1192202). - iommu: Remove mode argument from iommu_set_dma_strict() (bsc#1192202). - iommu/amd: Add support for IOMMU default DMA mode build options (bsc#1192202). - iommu/vt-d: Add support for IOMMU default DMA mode build options (bsc#1192202). - iommu: Print strict or lazy mode at init time (bsc#1192202). - iommu: Deprecate Intel and AMD cmdline methods to enable strict mode (bsc#1192202). - iommu/arm-smmu: Implement the map_pages() IOMMU driver callback (bsc#1192202). - iommu/arm-smmu: Implement the unmap_pages() IOMMU driver callback (bsc#1192202). - iommu/io-pgtable-arm-v7s: Implement arm_v7s_map_pages() (bsc#1192202). - iommu/io-pgtable-arm-v7s: Implement arm_v7s_unmap_pages() (bsc#1192202). - iommu/io-pgtable-arm: Implement arm_lpae_map_pages() (bsc#1192202). - iommu/io-pgtable-arm: Implement arm_lpae_unmap_pages() (bsc#1192202). - iommu/io-pgtable-arm: Prepare PTE methods for handling multiple entries (bsc#1192202). - iommu: Add support for the map_pages() callback (bsc#1192202). - iommu: Hook up '->unmap_pages' driver callback (bsc#1192202). - iommu: Split 'addr_merge' argument to iommu_pgsize() into separate parts (bsc#1192202). - iommu: Use bitmap to calculate page size in iommu_pgsize() (bsc#1192202). - iommu: Add a map_pages() op for IOMMU drivers (bsc#1192202). - iommu/io-pgtable: Introduce map_pages() as a page table op (bsc#1192202). - iommu: Add an unmap_pages() op for IOMMU drivers (bsc#1192202). - iommu/io-pgtable: Introduce unmap_pages() as a page table op (bsc#1192202). - commit a0c9d74 - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (boo#1191417) There is one model that contains *-66.ucode. Add the exception. - commit 092f914 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to claim 3DES unapproved in FIPS mode (bsc#1192080). - Update nss-fips-constructor-self-tests.patch to allow testing of unapproved algorithms (bsc#1192228). - Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086). This adds FIPS version indicators. - Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087). Most of the relevant changes are already upstream since NSS 3.60. ++++ yast2-trans: - Update to version 84.87.20211030.c198d302b1: * Translated using Weblate (Korean) * Translated using Weblate (Korean) * Translated using Weblate (Korean) * Translated using Weblate (Korean) * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * New POT for text domain 's390'. ------------------------------------------------------------------ ------------------ 2021-10-31 - Oct 31 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772 bsc#1190351). - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772 bsc#1190351). - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772 bsc#1190351). - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772 bsc#1190351). - sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772 bsc#1190351). - sctp: fix the processing for INIT chunk (CVE-2021-3772 bsc#1190351). - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772 bsc#1190351). - commit eced362 ------------------------------------------------------------------ ------------------ 2021-10-30 - Oct 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: xgs-iproc: fix parsing of ngpios property (git-fixes). - mmc: tmio: reenable card irqs after the reset callback (git-fixes). - mmc: mediatek: Move cqhci init behind ungate clock (git-fixes). - mmc: cqhci: clear HALT state after CQE enable (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: sdhci-pci: Read card detect from ACPI for Intel Merrifield (git-fixes). - commit 1481f8d ++++ python-pyOpenSSL: - Add check_inv_ALPN_lists.patch checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). ------------------------------------------------------------------ ------------------ 2021-10-29 - Oct 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - commit 646f67b - rtw89: Fix variable dereferenced before check 'sta' (bsc#1191321). - rtw89: fix return value in hfc_pub_cfg_chk (bsc#1191321). - rtw89: remove duplicate register definitions (bsc#1191321). - rtw89: fix error function parameter (bsc#1191321). - rtw89: remove unneeded semicolon (bsc#1191321). - rtw89: fix return value check in rtw89_cam_send_sec_key_cmd() (bsc#1191321). - rtw89: Remove redundant check of ret after call to rtw89_mac_enable_bb_rf (bsc#1191321). - rtw89: Fix two spelling mistakes in debug messages (bsc#1191321). - commit 6b3302b - gpio: mlxbf2: Use DEFINE_RES_MEM_NAMED() helper macro (jsc#SLE-95282). - gpio: mlxbf2: Use devm_platform_ioremap_resource() (jsc#SLE-95282). - gpio: mlxbf2: Drop wrong use of ACPI_PTR() (jsc#SLE-95282). - gpio: mlxbf2: Convert to device PM ops (jsc#SLE-95282). - commit 9b96e8f - Update references to a new jira ticket SLE-22489. - Update patches.suse/MAINTAINERS-add-an-entry-for-NXP-S32G-boards.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-add-NXP-S32G2-support.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-USDHC-support.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-VNP-EVB-and-VNP-RDB2-support.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-memory-nodes-for-evb-and-rdb2.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-serial-uart-support.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-arm-fsl-add-NXP-S32G2-boards.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-mmc-fsl-imx-esdhc-add-NXP-S32G2-support.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-serial-fsl-linflexuart-add-compatible-fo.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-serial-fsl-linflexuart-convert-to-json-s.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-Remove-redundant-code-for-manual.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-Remove-unneeded-mmc-esdhc-imx.h-.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-Select-the-correct-mode-for-auto.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-add-NXP-S32G2-support.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-clear-the-buffer_read_ready-to-r.patch (jsc#SLE-22489). - commit 618f4ad - drm/i915/dp: Skip the HW readout of DPCD on disabled encoders (git-fixes). - drm/i915: Catch yet another unconditioal clflush (git-fixes). - drm/i915: Convert unconditional clflush to drm_clflush_virt_range() (git-fixes). - drm/amd/display: Fix deadlock when falling back to v2 from v3 (git-fixes). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - net: lan78xx: fix division by zero in send path (git-fixes). - net: batman-adv: fix error handling (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - mac80211: mesh: fix HE operation element length check (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - watchdog: sbsa: only use 32-bit accessors (git-fixes). - Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" (git-fixes). - virtio-ring: fix DMA metadata flags (git-fixes). - commit 0d15701 - drm/amdgpu: Fix even more out of bound writes from debugfs (bsc#1191949 CVE-2021-42327). - drm/amdgpu: fix out of bounds write (bsc#1191949 CVE-2021-42327). - commit 3b100a9 - arm64: dts: s32g2: add USDHC support (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: add NXP S32G2 support (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (jsc#SLE-17612). - dt-bindings: mmc: fsl-imx-esdhc: add NXP S32G2 support (jsc#SLE-17612). - MAINTAINERS: add an entry for NXP S32G boards (jsc#SLE-17612). - arm64: dts: s32g2: add memory nodes for evb and rdb2 (jsc#SLE-17612). - arm64: dts: s32g2: add VNP-EVB and VNP-RDB2 support (jsc#SLE-17612). - arm64: dts: s32g2: add serial/uart support (jsc#SLE-17612). - arm64: dts: add NXP S32G2 support (jsc#SLE-17612). - dt-bindings: serial: fsl-linflexuart: add compatible for S32G2 (jsc#SLE-17612). - dt-bindings: serial: fsl-linflexuart: convert to json-schema format (jsc#SLE-17612). - dt-bindings: arm: fsl: add NXP S32G2 boards (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: Select the correct mode for auto tuning (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: Remove redundant code for manual tuning (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: Remove unneeded mmc-esdhc-imx.h header (jsc#SLE-17612). - commit 904b8f7 ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#529 - Add chipidea module (bsc#1184867) - add kernel modules for USB PHYs (bsc#1184867) - Add chipidea and USB PHYs (bsc#1184867) - 16.57.3 ------------------------------------------------------------------ ------------------ 2021-10-28 - Oct 28 2021 ------------------- ------------------------------------------------------------------ ++++ cpio: - Update keyring ++++ glib2: - Update to version 2.70.1: + Fix network changes not being signalled from NetworkManager. + Fix build when building with --fatal-meson-warnings. + Bugs fixed: glgo#GNOME/GLib#2505, glgo#GNOME/GLib!2245, glgo#GNOME/GLib!2253, glgo#GNOME/GLib!2256, glgo#GNOME/GLib!2259, glgo#GNOME/GLib!2262, glgo#GNOME/GLib!2271, glgo#GNOME/GLib!2276, glgo#GNOME/GLib!2300, glgo#GNOME/GLib!2301, glgo#GNOME/GLib!2302, glgo#GNOME/GLib!2304. - Refresh patches with quilt. ++++ kernel-default: - Delete patches.suse/sched-numa-Check-numa-balancing-information-only-when-enabled.patch. Marginal benefit. - commit f084d35 - sched/fair: Increase wakeup_gran if current task has not executed the minimum granularity (Scheduler enhancements for I7 (bnc#754690, bnc#1144446)). - commit c69685a - sched/fair: Couple wakee flips with heavy wakers (Scheduler enhancements for I7 (bnc#754690, bnc#1144446)). - commit fdca596 - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCS (bsc#1192120). - commit c881665 - Update bug references. patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056). patches.suse/KVM-PPC-Book3S-HV-Make-idle_kvm_start_guest-return-0.patch (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056). patches.suse/powerpc-idle-Don-t-corrupt-back-chain-when-going-idl.patch (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056). - commit 140b7c5 - Update patch reference for ISDN fix (CVE-2021-3896 bsc#1191958) The config isn't enabled but the fix was already picked up by stable tree. - commit ee64c99 - efi: cper: check section header more appropriately (jsc#SLE-18522). - efi/libstub: Simplify "Exiting bootservices" message (jsc#SLE-18522). - efi: sysfb_efi: fix build when EFI is not set (jsc#SLE-18522). - drivers/firmware: fix SYSFB depends to prevent build failures (jsc#SLE-18522). - drivers/firmware: consolidate EFI framebuffer setup for all arches (jsc#SLE-18522). Update config files: +# CONFIG_SYSFB_SIMPLEFB is not set - drivers/firmware: move x86 Generic System Framebuffers support (jsc#SLE-18522). Update config files: +CONFIG_SYSFB=y - efi: cper: fix scnprintf() use in cper_mem_err_location() (jsc#SLE-18522). - commit f3836a8 ++++ kmod: - Enable ZSTD on 15.3 as well (boo#1192104). - Only test ZSTD in testsuite on releases where it is available. ++++ libgcrypt: - FIPS: Fix regression tests in FIPS mode [bsc#1192131] * Add libgcrypt-FIPS-fix-regression-tests.patch * Upstream task: https://dev.gnupg.org/T5520 ++++ rpm-config-SUSE: - backport %sle_version in macros file from Factory (boo#1187214, sle_version.diff) ++++ virt-manager: - bsc#1188223 - L3: Sles12sp3 DomU won't boot after adding phys hard drive virtinst-xenbus-disk-index-fix.patch ------------------------------------------------------------------ ------------------ 2021-10-27 - Oct 27 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Add patch git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch * sysctl.d/50-default.conf: allow everybody to create IPPROTO_ICMP sockets (bsc#1174504) - Add patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch * sysctl.d/50-default.conf: fix ping_group_range syntax error ++++ librsvg: - Update to version 2.52.3: + Bugfixes, mostly for text layout. Also, text links in PDF! - Support text-decoration=overline. - Basic support for the unicode-bidi property. Librsvg still considers each tspan independently of others, which is incorrect, but at least bidi-override works now for a single embedding level. - Fix placement of tspan that changes the text direction. - :lang() selector should now match lang attribute from an element's parent. - Fix the text-anchor property for right-to-left text. - PDF now includes links inside text elements. ++++ kernel-default: - ACPI: tools: fix compilation error (jsc#SLE-19223). - ACPI: PM: Do not turn off power resources in unknown state (jsc#SLE-19223). - Revert "ACPI: Add memory semantics to acpi_os_map_memory()" (jsc#SLE-19223). - ACPI: scan: Remove unneeded header linux/nls.h (jsc#SLE-19223). - ACPI: CPPC: Introduce cppc_get_nominal_perf() (jsc#SLE-19223). - ACPI: memhotplug: memory resources cannot be enabled yet (jsc#SLE-19223). - clk: fractional-divider: Introduce POWER_OF_TWO_PS flag (jsc#SLE-19223). - isystem: ship and use stdarg.h (jsc#SLE-19223). - clk: x86: Rename clk-lpt to more specific clk-lpss-atom (jsc#SLE-19223). - ACPI: button: Add DMI quirk for Lenovo Yoga 9 (14INTL5) (jsc#SLE-19223). - ACPI: power: Drop name from struct acpi_power_resource (jsc#SLE-19223). - ACPI: power: Use acpi_handle_debug() to print debug messages (jsc#SLE-19223). - ACPI: Add memory semantics to acpi_os_map_memory() (jsc#SLE-19223). - ACPI: platform-profile: call sysfs_notify() from platform_profile_store() (jsc#SLE-19223). - ACPI: tables: FPDT: Do not print FW_BUG message if record types are reserved (jsc#SLE-19223). - ACPI: SPCR: Add support for the new 16550-compatible Serial Port Subtype (jsc#SLE-19223). - ACPI: DPTF: Add new PCH FIVR methods (jsc#SLE-19223). - ACPI / PMIC: XPower: optimize MIPI PMIQ sequence I2C-bus accesses (jsc#SLE-19223). - ACPI / PMIC: XPower: optimize I2C-bus accesses (jsc#SLE-19223). - ACPI: configfs: Make get_header() to return error pointer (jsc#SLE-19223). - ACPI: configfs: Use sysfs_emit() in "show" functions (jsc#SLE-19223). - ACPI: glue: Eliminate acpi_platform_notify() (jsc#SLE-19223). - ACPI: bus: Rename functions to avoid name collision (jsc#SLE-19223). - ACPI: glue: Change return type of two functions to void (jsc#SLE-19223). - ACPI: glue: Rearrange acpi_device_notify() (jsc#SLE-19223). - ACPI: Add LoongArch support for ACPI_PROCESSOR/ACPI_NUMA (jsc#SLE-19223). - ACPICA: Update version to 20210730 (jsc#SLE-19223). - ACPICA: Add method name "_DIS" For use with aslmethod.c (jsc#SLE-19223). - ACPICA: iASL: Fix for WPBT table with no command-line arguments (jsc#SLE-19223). - ACPICA: Headers: Add new DBG2 Serial Port Subtypes (jsc#SLE-19223). - ACPICA: Macros should not use a trailing semicolon (jsc#SLE-19223). - ACPICA: Fix an if statement (add parens) (jsc#SLE-19223). - ACPICA: iASL: Add support for the AEST table (data compiler) (jsc#SLE-19223). - x86: Fix typo s/ECLR/ELCR/ for the PIC register (jsc#SLE-19223). - x86: Avoid magic number with ELCR register accesses (jsc#SLE-19223). - commit fec7c9a - blacklist.conf: Blacklist 889c05cc5834 - commit 5a487b9 - block, bfq: reset last_bfqq_created on group change (bsc#1192069). - commit 766d534 - Update patch reference for NFC fix (CVE-2021-3760 bsc#1190067) - commit ff45dbb - Update patch reference for firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673) - commit 5dddbb4 - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" (git-fixes). - commit 9dd851c - Update config files: just version bump to 5.14.15 - commit 9c26279 - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (stable-5.14.15). - Update config files. - commit 3874624 - Linux 5.14.15 (stable-5.14.15). - commit de92495 - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (stable-5.14.15). - commit f116064 - drm/kmb: Enable alpha blended second plane (stable-5.14.15). - Refresh patches.suse/drm-kmb-Disable-change-of-plane-parameters.patch. - commit 6bcd94d - autofs: fix wait name hash calculation in autofs_wait() (stable-5.14.15). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (stable-5.14.15). - drm/kmb: Limit supported mode to 1080p (stable-5.14.15). - e1000e: Separate TGP board type from SPT (stable-5.14.15). - s390/pci: fix zpci_zdev_put() on reserve (stable-5.14.15). - bpf, test, cgroup: Use sk_{alloc,free} for test cases (stable-5.14.15). - net: mdiobus: Fix memory leak in __mdiobus_register (stable-5.14.15). - s390/pci: cleanup resources only if necessary (stable-5.14.15). - commit 905ecd1 - net/mlx5: Lag, change multipath and bonding to be mutually exclusive (stable-5.14.15). - commit 46bc273 - net: hns3: fix for miscalculation of rx unused desc (stable-5.14.15). - commit 4b9aac9 - sched/scs: Reset the shadow stack when idle_task_exit (stable-5.14.15). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (stable-5.14.15). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (stable-5.14.15). - scsi: storvsc: Fix validation for unsolicited incoming packets (stable-5.14.15). - scsi: iscsi: Fix set_param() handling (stable-5.14.15). - ASoC: codec: wcd938x: Add irq config support (stable-5.14.15). - mm/thp: decrease nr_thps in file's mapping on THP split (stable-5.14.15). - Input: snvs_pwrkey - add clk handling (stable-5.14.15). - commit 45f2107 - perf/x86/msr: Add Sapphire Rapids CPU support (stable-5.14.15). - libperf tests: Fix test_stat_cpu (stable-5.14.15). - libperf test evsel: Fix build error on !x86 architectures (stable-5.14.15). - spi-mux: Fix false-positive lockdep splats (stable-5.14.15). - spi: Fix deadlock when adding SPI controllers on SPI buses (stable-5.14.15). - isdn: mISDN: Fix sleeping function called from invalid context (stable-5.14.15). - ARM: dts: spear3xx: Fix gmac node (stable-5.14.15). - net: stmmac: add support for dwmac 3.40a (stable-5.14.15). - platform/x86: intel_scu_ipc: Update timeout value in comment (stable-5.14.15). - platform/x86: intel_scu_ipc: Increase virtual timeout to 10s (stable-5.14.15). - commit 09559eb - KVM: MMU: Reset mmu->pkru_mask to avoid stale data (stable-5.14.15). - objtool: Update section header before relocations (stable-5.14.15). - objtool: Check for gelf_update_rel[a] failures (stable-5.14.15). - drm/msm/a6xx: Serialize GMU communication (stable-5.14.15). - bitfield: build kunit tests without structleak plugin (stable-5.14.15). - device property: build kunit tests without structleak plugin (stable-5.14.15). - iio/test-format: build kunit tests without structleak plugin (stable-5.14.15). - gcc-plugins/structleak: add makefile var for disabling structleak (stable-5.14.15). - kunit: fix reference count leak in kfree_at_end (stable-5.14.15). - btrfs: deal with errors when checking if a dir entry exists during log replay (stable-5.14.15). - commit 1f55831 - KVM: x86: remove unnecessary arguments from complete_emulator_pio_in (stable-5.14.15). - KVM: x86: split the two parts of emulator_pio_in (stable-5.14.15). - drm: mxsfb: Fix NULL pointer dereference crash on unload (stable-5.14.15). - selftests: netfilter: remove stray bash debug line (stable-5.14.15). - netfilter: Kconfig: use 'default y' instead of 'm' for bool config option (stable-5.14.15). - net: hns3: fix the max tx size according to user manual (stable-5.14.15). - net: bridge: mcast: use multicast_membership_interval for IGMPv3 (stable-5.14.15). - KVM: SEV-ES: Set guest_state_protected after VMSA update (stable-5.14.15). - isdn: cpai: check ctr->cnr to avoid array index out of bound (stable-5.14.15). - nfc: nci: fix the UAF of rf_conn_info object (stable-5.14.15). - commit 41d6324 - KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed (stable-5.14.15). - KVM: SEV-ES: keep INS functions together (stable-5.14.15). - KVM: SEV-ES: clean up kvm_sev_es_ins/outs (stable-5.14.15). - KVM: x86: leave vcpu->arch.pio.count alone in emulator_pio_in_out (stable-5.14.15). - KVM: SEV-ES: rename guest_ins_data to sev_pio_data (stable-5.14.15). - KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA (stable-5.14.15). - KVM: nVMX: promptly process interrupts delivered while in guest mode (stable-5.14.15). - KVM: x86: check for interrupts before deciding whether to exit the fast path (stable-5.14.15). - KVM: SEV-ES: reduce ghcb_sa_len to 32 bits (stable-5.14.15). - KVM: SEV-ES: fix length of string I/O (stable-5.14.15). - commit 55eb497 - ucounts: Proper error handling in set_cred_ucounts (stable-5.14.15). - ucounts: Pair inc_rlimit_ucounts with dec_rlimit_ucoutns in commit_creds (stable-5.14.15). - ucounts: Fix signal ucount refcounting (stable-5.14.15). - powerpc/idle: Don't corrupt back chain when going idle (stable-5.14.15). - mm, slub: fix incorrect memcg slab count for bulk free (stable-5.14.15). - mm, slub: fix potential use-after-free in slab_debugfs_fops (stable-5.14.15). - mm, slub: fix potential memoryleak in kmem_cache_open() (stable-5.14.15). - mm, slub: fix mismatch between reconstructed freelist depth and cnt (stable-5.14.15). - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest (stable-5.14.15). - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() (stable-5.14.15). - commit 91fb3d7 - blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu (stable-5.14.15). - ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring (stable-5.14.15). - net: dsa: mt7530: correct ds->num_ports (stable-5.14.15). - ASoC: DAPM: Fix missing kctl change notifications (stable-5.14.15). - ASoC: nau8824: Fix headphone vs headset, button-press detection no longer working (stable-5.14.15). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (stable-5.14.15). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (stable-5.14.15). - audit: fix possible null-pointer dereference in audit_filter_rules (stable-5.14.15). - mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() (stable-5.14.15). - vfs: check fd has read access in kernel_read_file_from_fd() (stable-5.14.15). - commit 683b2ff - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes (stable-5.14.15). - ceph: fix handling of "meta" errors (stable-5.14.15). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (stable-5.14.15). - tracing: Have all levels of checks prevent recursion (stable-5.14.15). - elfcore: correct reference to CONFIG_UML (stable-5.14.15). - mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() (stable-5.14.15). - ocfs2: mount fails with buffer overflow in strlen (stable-5.14.15). - ocfs2: fix data corruption after conversion from inline format (stable-5.14.15). - userfaultfd: fix a race between writeprotect and exit_mmap() (stable-5.14.15). - mm/userfaultfd: selftests: fix memory corruption with thp enabled (stable-5.14.15). - commit f96874a - net: enetc: make sure all traffic classes can send large frames (stable-5.14.15). - can: isotp: isotp_sendmsg(): fix return error on FC timeout on TX path (stable-5.14.15). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (stable-5.14.15). - can: peak_pci: peak_pci_remove(): fix UAF (stable-5.14.15). - can: rcar_can: fix suspend/resume (stable-5.14.15). - can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() (stable-5.14.15). - can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() (stable-5.14.15). - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length (stable-5.14.15). - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (stable-5.14.15). - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer (stable-5.14.15). - commit 5922c25 - drm/kmb: Enable ADV bridge after modeset (stable-5.14.15). - drm/kmb: Corrected typo in handle_lcd_irq (stable-5.14.15). - drm/kmb: Disable change of plane parameters (stable-5.14.15). - drm/kmb: Remove clearing DPHY regs (stable-5.14.15). - drm/kmb: Work around for higher system clock (stable-5.14.15). - drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02 panel (stable-5.14.15). - net: enetc: fix ethtool counter name for PM0_TERR (stable-5.14.15). - net/mlx5e: IPsec: Fix work queue entry ethernet segment checksum flags (stable-5.14.15). - net/mlx5e: IPsec: Fix a misuse of the software parser's fields (stable-5.14.15). - ice: Add missing E810 device ids (stable-5.14.15). - commit 8a2728b - igc: Update I226_K device ID (stable-5.14.15). - e1000e: Fix packet loss on Tiger Lake and later (stable-5.14.15). - ptp: Fix possible memory leak in ptp_clock_register() (stable-5.14.15). - net: stmmac: Fix E2E delay mechanism (stable-5.14.15). - net: hns3: disable sriov before unload hclge layer (stable-5.14.15). - net: hns3: fix vf reset workqueue cannot exit (stable-5.14.15). - net: hns3: schedule the polling again when allocation fails (stable-5.14.15). - net: hns3: add limit ets dwrr bandwidth cannot be 0 (stable-5.14.15). - net: hns3: reset DWRR of unused tc to zero (stable-5.14.15). - net: hns3: Add configuration of TM QCN error event (stable-5.14.15). - commit 5c6e545 - net: dsa: Fix an error handling path in 'dsa_switch_parse_ports_of()' (stable-5.14.15). - net/sched: act_ct: Fix byte count on fragmented packets (stable-5.14.15). - net: dsa: lantiq_gswip: fix register definition (stable-5.14.15). - hamradio: baycom_epp: fix build for UML (stable-5.14.15). - ipv6: When forwarding count rx stats on the orig netdev (stable-5.14.15). - tcp: md5: Fix overlap between vrf and non-vrf keys (stable-5.14.15). - lan78xx: select CRC32 (stable-5.14.15). - sctp: fix transport encap_port update in sctp_vtag_verify (stable-5.14.15). - powerpc/smp: do not decrement idle task preempt count in CPU offline (stable-5.14.15). - NIOS2: irqflags: rename a redefined register name (stable-5.14.15). - commit 9aa725a - netfilter: ipvs: make global sysctl readonly in non-init netns (stable-5.14.15). - netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 (stable-5.14.15). - netfilter: nf_tables: skip netdev events generated on netns removal (stable-5.14.15). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (stable-5.14.15). - ice: Print the api_patch as part of the fw.mgmt.api (stable-5.14.15). - ice: fix getting UDP tunnel entry (stable-5.14.15). - ice: Avoid crash from unnecessary IDA free (stable-5.14.15). - ice: Fix failure to re-add LAN/RDMA Tx queues (stable-5.14.15). - dma-debug: fix sg checks in debug_dma_map_sg() (stable-5.14.15). - ASoC: wm8960: Fix clock configuration on slave mode (stable-5.14.15). - commit 245d6d8 - ASoC: cs4341: Add SPI device ID table (stable-5.14.15). - ASoC: pcm179x: Add missing entries SPI to device ID table (stable-5.14.15). - ASoC: fsl_xcvr: Fix channel swap issue with ARC (stable-5.14.15). - ASoC: pcm512x: Mend accesses to the I2S_1 and I2S_2 registers (stable-5.14.15). - KVM: arm64: Release mmap_lock when using VM_SHARED with MTE (stable-5.14.15). - KVM: arm64: Fix host stage-2 PGD refcount (stable-5.14.15). - xtensa: xtfpga: Try software restart before simulating CPU reset (stable-5.14.15). - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (stable-5.14.15). - drm/amdgpu: init iommu after amdkfd device init (stable-5.14.15). - NFSD: Keep existing listeners on portlist error (stable-5.14.15). - commit c073ebb - block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output (stable-5.14.15). - xen/x86: prevent PVH type from getting clobbered (stable-5.14.15). - drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI (stable-5.14.15). - arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address (stable-5.14.15). - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (stable-5.14.15). - r8152: avoid to resubmit rx immediately (stable-5.14.15). - sh: pgtable-3level: fix cast to pointer from integer of different size (stable-5.14.15). - block/mq-deadline: Move dd_queued() to fix defined but not used warning (stable-5.14.15). - parisc: math-emu: Fix fall-through warnings (stable-5.14.15). - commit 009acde - Update patch references for stable-5.14.15 - commit c4e784c ++++ kernel-firmware: - Update to version 20211027 (git commit 1d00989a6596): * linux-firmware: Update AMD cpu microcode * QCA: Update Bluetooth firmware for WCN685x * bnx2x: Add FW 7.13.20.0 * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1006 * linux-firmware: Update NXP Management Complex firmware to version 10.28.1 * linux-firmware: update firmware for MT7921 WiFi device * rtw89: 8852a: update fw to v0.13.30.0 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 - Update topics and aliases for rtw88 and rtw89 ++++ python3-core: - The previous construct works only on the current Factory, not in SLE. ++++ python3: - The previous construct works only on the current Factory, not in SLE. ------------------------------------------------------------------ ------------------ 2021-10-26 - Oct 26 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Fix build errors in Factory * Alert ocaml_deprecated_cli: Setting a warning with a sequence of lowercase or uppercase letters, like 'CDEFLMPSUVYZX', is deprecated. 63c9cd93-m4-guestfs-ocaml.m4-Fix-deprecated-warning-format.patch * Error (warning 6 [labels-omitted]): label verbose was omitted in the application of this function. a4930f5f-customize-Suppress-OCaml-warning.patch ++++ kernel-default: - scsi: storvsc: Fix validation for unsolicited incoming packets (git-fixes). - hyperv/vmbus: include linux/bitops.h (git-fixes). - commit b72f394 - Normally we take git fixes for perf userspace into the userspace package. However prior commit f3f3684a8ebf perf-tools-Fix-hybrid-config-terms-list-corruption.patch) was added but without this needed dependency so perf userspace fails to build perf tools: Factor out copy_config_terms() and free_config_terms() (git-fixes). - commit 0d60052 - perf/x86/intel/uncore: Support IMC free-running counters on Sapphire Rapids server (jsc#SLE-18939). - perf/x86/intel/uncore: Support IIO free-running counters on Sapphire Rapids server (jsc#SLE-18939). - perf/x86/intel/uncore: Factor out snr_uncore_mmio_map() (jsc#SLE-18939). - perf/x86/intel/uncore: Add alias PMU name (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server MDF support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server M3UPI support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server UPI support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server M2M support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server IMC support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server PCU support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server M2PCIe support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server IRP support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server IIO support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server CHA support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server framework (jsc#SLE-18939). - commit 4b44ca8 ++++ python-pyOpenSSL: - update to 21.0.0 (bsc#1200771, jsc#SLE-24519): - The minimum ``cryptography`` version is now 3.3. - Drop support for Python 3.5 - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. ++++ qemu: - qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu (bsc#1189938 CVE-2021-3748) solved by virtio-net-fix-use-after-unmap-free-for-.patch - kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702 CVE-2021-3713) * Patches added: uas-add-stream-number-sanity-checks.patch ++++ ovmf: - Removed patches which are merged to mainline: ovmf-bsc1186151-fix-iscsi-overflows.patch ovmf-xen-relocate-shared_info_page-map.patch - Removed patches because replaced: ovmf-fix-xen-s3-detection.patch -> ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch ovmf-xen-add-qemu-kernel-loader-fs.patch -> ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch ++++ virt-manager: - jsc#SLE-21540 Dev: Prefer UEFI when creating new virtual machines. Add a preferences option to allow users to default to UEFI when creating a new VM. Libvirt decides which firmware file to use. virtman-add-firmware-preferences.patch - Renamed patch virtinst-modify-gui-defaults.patch to virtman-modify-gui-defaults.patch ------------------------------------------------------------------ ------------------ 2021-10-25 - Oct 25 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Change %python38_version_nodots to %suse_version which is compatible with Leap and SLE. See also: https://github.com/openSUSE/python-rpm-macros/issues/107 ++++ coreutils: - coreutils-df-fuse-portal-dummy.patch: df: Add "fuse.portal" as a dummy file system (used in flatpak implementations). (bsc#1189152) ++++ python-kiwi: - Bump version: 9.23.20 → 9.24.2 This version upgrade includes several fixes: * Fixed secure boot fallback setup Make sure MokManager gets copied. The name and location of the mok manager is distribution specific in the same way as the shim loader. Thus we need to apply a similar concept for looking it up. This Fixes bsc#1187515 * Allow creation of LUKS system with empty key To support cloud platforms better we should allow the creation of an initial(insecure) LUKS encrypted image with an empty passphrase/keyfile. This Fixes bsc#1187461 and bsc#1187460 * Delete obsolete ddb.adapterType patching When building a vmdk image with pvscsi as adapter type, kiwi implicitly changed the adapter_type from pvscsi to lsilogic because qemu only knows lsilogic. At the end kiwi patched the adapter type in the descriptor of the vmdk header back to pvscsi. That patching seems to be wrong according to information from users and VMware support. This commit deletes the descriptor patching and only leaves the pvscsi setting in the guest configuration(vmx). This Fixes bsc#1180539 and Fixes #1847 * Make dracut version check more robust The check_dracut_module_versions_compatible_to_kiwi() runtime check calls the package manager from the host and reads the package database from the image root. Doing this requires the package database in the image to be compatible with the package manager on the host. However this cannot be guarenteed and it is more robust to chroot into the image root and call the package manager from there. However, this change also comes with the cost that it's required to have a package manager available in the image root tree. Therefore along with the chroot based call, eventual exceptions from the call are now catched and leads to a debug message in the log file but will not lead the runtime check to fail. I consider the cases without a package database inside of the image to be less critical than the incompatibility issue between the host tooling and the package database in the image. This Fixes bsc#1185937 * Fixed setup of repository architecture Unfortunately the architecture reported by uname is not necessarily the same name as used in the repository metadata. Therefore it was not a good idea to set the architecture and manage the name via a mapping table. It also has turned out that repo arch names are distro specific which causes more complexity on an eventual mapping table. In the end this commit changes the way how the repository architecture is setup in a way that we only set the architecture if a name was explicitly specified such that the user keeps full control over it without any mapping magic included This Fixes bsc#1185287 * Do not apply default subcommand for derivate containers This commit does not apply the default subcommand for derivate containers. Fixes bsc#1184823 * Added openssl to the core requires openssl is used in kiwi to construct a password hash if the plaintext password feature for user settings is used. This Fixes bsc#1184128 ++++ open-iscsi: - Fix the usr-merge changes (bsc#1192013). This includes catching all the places that /sbin was still used directly, as well as making the SPEC file build using /usr/sbin for openSUSE but still use /sbin for SLE, for now. ++++ kernel-default: - PCI: ACPI: Check parent pointer in acpi_pci_find_companion() (git-fixes). - commit 90dd941 - PCI/ACPI: Don't reset a fwnode set by OF (git-fixes). - commit 0173047 - PCI/VPD: Defer VPD sizing until first access (git-fixes). - commit 92d679d - PCI: Make saved capability state private to core (git-fixes). - commit bac6705 - PCI/ACS: Enforce pci=noats with Transaction Blocking (git-fixes). - commit 6f1e5b6 - PCI/VPD: Add pci_vpd_check_csum() (git-fixes). - commit b2480cc - PCI/VPD: Add pci_vpd_find_ro_info_keyword() (git-fixes). - commit fdb75f4 - PCI/VPD: Add pci_vpd_alloc() (git-fixes). - commit fe7ed38 - Revert "Revert "rpm: Abolish scritplet templating (bsc#1189841)."" This reverts commit eebdae782118154482586a51f83b305ccb57f907. - commit d8f0414 ++++ yast2-trans: - Update to version 84.87.20211022.37a68b8306: * Translated using Weblate (Turkish) * New POT for text domain 'timezone_db'. * New POT for text domain 'country'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'users'. * New POT for text domain 'network'. * New POT for text domain 'registration'. * Translated using Weblate (Hindi) * New POT for text domain 'installation'. ------------------------------------------------------------------ ------------------ 2021-10-24 - Oct 24 2021 ------------------- ------------------------------------------------------------------ ++++ pcre2: - pcre2 10.38: * Following Perl's lead, \K is now locked out in lookaround assertions by default, but an option is provided to re-enable the previous behaviour ++++ libsoup2: - Update to version 2.74.1: + Fix support for older versions of Vala. + Fix trying to build sysprof as a subproject on Windows. + Fix missing `extern "C"` in an installed header. + Improve `gssapi` dependency handling. + Fix `libsoup-doc` build target. + Updated translations. ------------------------------------------------------------------ ------------------ 2021-10-22 - Oct 22 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Using package bash-sh instead of the update-alternative mechanism. ++++ transactional-update: - Version 3.6.0 - Simplify mount hierarchy by just using a single slave bind mount as the root of the update environment; this may avoid the error messages of failed unmounts May fix [boo#1191945] ++++ kernel-default: - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - commit bb7897a ++++ cairo: - Add upstream patch + cairo-do-not-override-explicitly-requested-grayscale-aa.patch Do not replace explicitly set applications settings by user settings for font antialiasing. See: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/114 ++++ ovmf: - Removed edk2-stable202105.tar.gz because we updated to edk2-stable202108 ++++ suse-module-tools: - Update to version 15.4.7: * fixup "rpm-script: fix bad exit status in OpenQA (bsc#1191922)" - Update to version 15.4.6: * rpm-script: fix bad exit status in OpenQA (bsc#1191922) * cert-script: Deal with existing $cert.delete file (bsc#1191804). * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480). * cert-script: Only print mokutil output in verbose mode. ++++ u-boot-rpiarm64: Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches added: 0015-Enable-EFI-and-ISO-partitions-suppo.patch - boo#1191966 0016-Revert-video-backlight-fix-pwm-s-du.patch - boo#1187573 ++++ virt-manager: - Add dependency in spec file for python3-gobject-Gdk (bsc#1191705) virt-manager.spec ------------------------------------------------------------------ ------------------ 2021-10-21 - Oct 21 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Remove openSUSE Tumbleweed specific handling for default grub distributor (bsc#1191198) - Use /usr/lib/os-release as fallback (bsc#1191196) * grub2-default-distributor.patch * grub2-check-default.sh - VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474) (CVE-2021-46705) * grub2-once * grub2-once.service - Fix unknown TPM error on buggy uefi firmware (bsc#1191504) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769) * 0001-Filter-out-POSIX-locale-for-translation.patch - Fix error lvmid disk cannot be found after second disk added to the root volume group (bsc#1189874) (bsc#1071559) * 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch - Fix error in grub installation due to unnecessary requirement to support excessive device for the root logical volume (bsc#1184135) * 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch - Fix regression in reading xfs v4 * 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch ++++ gtk2: - Add gtk2-rpmlintrc (boo#1191758): + Filter wrong split request for libgdk-x11-2.0.so.0: the library shares the version info with gtk2 and is allowed to be in the same library package. + Filter libgail.so.18 split request: the error is actually correct, but gtk2 being a legacy package does not justify the extra efort. The libgtk-2_0-0 package is the only consumer. ++++ kernel-default: - irq_work: Also rcuwait for !IRQ_WORK_HARD_IRQ on PREEMPT_RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - irq_work: Handle some irq_work in a per-CPU thread on PREEMPT_RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - irq_work: Allow irq_work_sync() to sleep if irq_work() no IRQ support (bsc#1189998 (PREEMPT_RT prerequisite backports)). - commit 4d0412e - sched: Add cluster scheduler level for x86 (bsc#1189999 (Scheduler functional and performance backports)). - Update config files. - commit 7189714 - x86/cpu: Add get_llc_id() helper function (bsc#1189999 (Scheduler functional and performance backports)). - commit 297c787 - sched: Add cluster scheduler level in core and related Kconfig for ARM64 (bsc#1189999 (Scheduler functional and performance backports)). - Update config files. - commit c5db281 - topology: Represent clusters of CPUs within a die (bsc#1189999 (Scheduler functional and performance backports)). - commit 323bd69 - sched: Add wrapper for get_wchan() to keep task blocked (bsc#1189999 (Scheduler functional and performance backports)). - x86: Fix get_wchan() to support the ORC unwinder (bsc#1189999 (Scheduler functional and performance backports)). - proc: Use task_is_running() for wchan in /proc/$pid/stat (bsc#1189999 (Scheduler functional and performance backports)). - leaking_addresses: Always print a trailing newline (bsc#1189999 (Scheduler functional and performance backports)). - Revert "proc/wchan: use printk format instead of lookup_symbol_name()" (bsc#1189999 (Scheduler functional and performance backports)). - sched: Fill unconditional hole induced by sched_entity (bsc#1189999 (Scheduler functional and performance backports)). - kernel/sched: Fix sched_fork() access an invalid sched_task_group (bsc#1189999 (Scheduler functional and performance backports)). - sched/topology: Remove unused numa_distance in cpu_attach_domain() (bsc#1189999 (Scheduler functional and performance backports)). - sched/numa: Fix a few comments (bsc#1189999 (Scheduler functional and performance backports)). - sched/numa: Remove the redundant member numa_group::fault_cpus (bsc#1189999 (Scheduler functional and performance backports)). - sched/numa: Replace hard-coded number by a define in numa_task_group() (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Removed useless update of p->recent_used_cpu (bsc#1189999 (Scheduler functional and performance backports)). - sched: Remove pointless preemption disable in sched_submit_work() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Move kprobes cleanup out of finish_task_switch() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Disable TTWU_QUEUE on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Limit the number of task migrations per batch on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Move mmdrop to RCU on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Make cookie functions static (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Consider SMT in ASYM_PACKING load balance (jsc#SLE-18889). - sched/fair: Carve out logic to mark a group for asymmetric packing (jsc#SLE-18889). - sched/fair: Provide update_sg_lb_stats() with sched domain statistics (jsc#SLE-18889). - sched/fair: Optimize checking for group_asym_packing (jsc#SLE-18889). - sched/topology: Introduce sched_group::flags (jsc#SLE-18889). - x86/sched: Decrease further the priorities of SMT siblings (jsc#SLE-18889). - kthread: Move prio/affinite change into the newly created thread (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Remove unused inline function __rq_clock_broken() (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Use __schedstat_set() in set_next_entity() (bsc#1189999 (Scheduler functional and performance backports)). - sched: adjust sleeper credit for SCHED_IDLE entities (bsc#1189999 (Scheduler functional and performance backports)). - sched: reduce sched slice for SCHED_IDLE entities (bsc#1189999 (Scheduler functional and performance backports)). - sched: Account number of SCHED_IDLE entities on each cfs_rq (bsc#1189999 (Scheduler functional and performance backports)). - fs/proc/uptime.c: Fix idle time reporting in /proc/uptime (bsc#1189999 (Scheduler functional and performance backports)). Refresh patches.suse/ACPI-acpi_pad-Do-not-launch-acpi_pad-threads-on-idle-cpus.patch. - sched/core: Simplify core-wide task selection (bsc#1189999 (Scheduler functional and performance backports)). - sched: Switch wait_task_inactive to HRTIMER_MODE_REL_HARD (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched/fair: Trigger nohz.next_balance updates when a CPU goes NOHZ-idle (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Add NOHZ balancer flag for nohz.next_balance updates (bsc#1189999 (Scheduler functional and performance backports)). - drivers/base/node.c: use bin_attribute to break the size limitation of cpumap ABI (bsc#1189999 (Scheduler functional and performance backports)). - topology: use bin_attribute to break the size limitation of cpumap ABI (bsc#1189999 (Scheduler functional and performance backports)). - cpumask: introduce cpumap_print_list/bitmask_to_buf to support large bitmask and list (bsc#1189999 (Scheduler functional and performance backports)). - sched: Cgroup SCHED_IDLE support (bsc#1189999 (Scheduler functional and performance backports)). - commit 2792d9b ++++ systemd: - Temporarily disable systemd-experimental sub-package until rpmlint is updated. - Add 1009-drop-or-soften-deprecation-warnings.patch ++++ pam: - Corrected a bad directive file which resulted in the "securetty" file to be installed as "macros.pam". [pam.spec] ------------------------------------------------------------------ ------------------ 2021-10-20 - Oct 20 2021 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - Use systemd-sysusers from 15.3 onwards ++++ kernel-default: - Linux 5.14.14 (stable-5.14.14). - commit cdb7a44 - net: dsa: felix: break at first CPU port during init and teardown (stable-5.14.14). - net: mscc: ocelot: cross-check the sequence id from the timestamp FIFO with the skb PTP header (stable-5.14.14). - net: mscc: ocelot: deny TX timestamping of non-PTP packets (stable-5.14.14). - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (stable-5.14.14). - net: mscc: ocelot: avoid overflowing the PTP timestamp FIFO (stable-5.14.14). - net: mscc: ocelot: make use of all 63 PTP timestamp identifiers (stable-5.14.14). - ionic: don't remove netdev->dev_addr when syncing uc list (stable-5.14.14). - commit d86b081 - block/rnbd-clt-sysfs: fix a couple uninitialized variable bugs (stable-5.14.14). - mlxsw: thermal: Fix out-of-bounds memory accesses (stable-5.14.14). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (stable-5.14.14). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (stable-5.14.14). - nfp: flow_offload: move flow_indr_dev_register from app init to app start (stable-5.14.14). - ice: fix locking for Tx timestamp tracking flush (stable-5.14.14). - r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 (stable-5.14.14). - qed: Fix missing error code in qed_slowpath_start() (stable-5.14.14). - mqprio: Correct stats in mqprio_dump_class_stats() (stable-5.14.14). - mptcp: fix possible stall on recvmsg() (stable-5.14.14). - commit ee264dd - vhost-vdpa: Fix the wrong input in config_cb (stable-5.14.14). - ethernet: s2io: fix setting mac address during resume (stable-5.14.14). - nfc: fix error handling of nfc_proto_register() (stable-5.14.14). - net: encx24j600: check error in devm_regmap_init_encx24j600 (stable-5.14.14). - net/mlx5e: Switchdev representors are not vlan challenged (stable-5.14.14). - net: dsa: fix spurious error message when unoffloaded port leaves bridge (stable-5.14.14). - net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work (stable-5.14.14). - net: dsa: mv88e6xxx: don't use PHY_DETECT on internal PHY's (stable-5.14.14). - net: phy: Do not shutdown PHYs in READY state (stable-5.14.14). - net: stmmac: fix get_hw_feature() on old hardware (stable-5.14.14). - commit 809f3a8 - clk: renesas: rzg2l: Fix clk status function (stable-5.14.14). - ARM: dts: bcm2711-rpi-4-b: Fix pcie0's unit address formatting (stable-5.14.14). - ARM: dts: bcm2711-rpi-4-b: fix sd_io_1v8_reg regulator states (stable-5.14.14). - ARM: dts: bcm2711: fix MDIO #address- and #size-cells (stable-5.14.14). - sctp: account stream padding length for reconf chunk (stable-5.14.14). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (stable-5.14.14). - net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (stable-5.14.14). - net: korina: select CRC32 (stable-5.14.14). - net: arc: select CRC32 (stable-5.14.14). - net/smc: improved fix wait on already cleared link (stable-5.14.14). - commit 0bb8d8e - Revert "virtio-blk: Add validation for block size in config space" (stable-5.14.14). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (stable-5.14.14). - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically (stable-5.14.14). - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (stable-5.14.14). - iio: adc: aspeed: set driver data when adc probe (stable-5.14.14). - tracing: Fix missing osnoise tracer on max_latency (stable-5.14.14). - tee: optee: Fix missing devices unregister during optee_remove (stable-5.14.14). - ARM: dts: bcm2711-rpi-4-b: Fix usb's unit address (stable-5.14.14). - ARM: dts: bcm283x: Fix VEC address for BCM2711 (stable-5.14.14). - virtio-blk: remove unneeded "likely" statements (stable-5.14.14). - commit 34ea1c0 - blacklist.conf: remove the entries to be backported via 5.14.14 stable - commit 7f83a6f - virtio: write back F_VERSION_1 before validate (stable-5.14.14). - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() (stable-5.14.14). - efi/cper: use stack buffer for error record decoding (stable-5.14.14). - USB: serial: qcserial: add EM9191 QDL support (stable-5.14.14). - USB: serial: option: add Quectel EC200S-CN module support (stable-5.14.14). - USB: serial: option: add prod. id for Quectel EG91 (stable-5.14.14). - USB: serial: option: add Telit LE910Cx composition 0x1204 (stable-5.14.14). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (stable-5.14.14). - xhci: Fix command ring pointer corruption while aborting a command (stable-5.14.14). - Input: xpad - add support for another USB ID of Nacon GC-100 (stable-5.14.14). - commit 210e031 - mei: me: add Ice Lake-N device id (stable-5.14.14). - xhci: add quirk for host controllers that don't update endpoint DCS (stable-5.14.14). - module: fix clang CFI with MODULE_UNLOAD=n (stable-5.14.14). - arm64/hugetlb: fix CMA gigantic page order for non-4K PAGE_SIZE (stable-5.14.14). - btrfs: fix abort logic in btrfs_replace_file_extents (stable-5.14.14). - btrfs: check for error when looking up inode during dir entry replay (stable-5.14.14). - btrfs: deal with errors when adding inode reference during log replay (stable-5.14.14). - btrfs: deal with errors when replaying dir entry during log replay (stable-5.14.14). - btrfs: update refs for any root except tree log roots (stable-5.14.14). - btrfs: unlock newly allocated extent buffer after error (stable-5.14.14). - commit f6ad9c3 - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^' (stable-5.14.14). - dm: fix mempool NULL pointer race when completing IO (stable-5.14.14). - dm rq: don't queue request to blk-mq during DM suspend (stable-5.14.14). - s390: fix strrchr() implementation (stable-5.14.14). - csky: Fixup regs.sr broken in ptrace (stable-5.14.14). - csky: don't let sigreturn play with priveleged bits of status register (stable-5.14.14). - ACPI: PM: Include alternate AMDI0005 id in special behaviour (stable-5.14.14). - platform/x86: gigabyte-wmi: add support for B550 AORUS ELITE AX V2 (stable-5.14.14). - platform/x86: amd-pmc: Add alternative acpi id for PMC controller (stable-5.14.14). - commit cbe2ba1 - Update patch references for stable-5.14.14 - commit c50dd6b - net/mlx5e: Fix division by 0 in mlx5e_select_queue for representors (jsc#SLE-19253). - net/mlx5e: Allow only complete TXQs partition in MQPRIO channel mode (jsc#SLE-19253). - net/mlx5: Fix cleanup of bridge delayed work (jsc#SLE-19253). - ionic: move filter sync_needed bit set (jsc#SLE-19282). - net/mlx5e: Mutually exclude setting of TX-port-TS and MQPRIO in channel mode (jsc#SLE-19253). - net/mlx5e: Improve MQPRIO resiliency (jsc#SLE-19253). - net: hns3: PF enable promisc for VF when mac table is overflow (bsc#1190336). - net: hns3: fix hclge_dbg_dump_tm_pg() stack usage (bsc#1190336). - RDMA/usnic: Lock VF with mutex instead of spinlock (jsc#SLE-19249). - igc: fix build errors for PTP (jsc#SLE-18377). - devlink: Fix port_type_set function pointer check (jsc#SLE-19253). - commit 1989ed9 - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-3542 bsc#1184673). - commit f01ebd2 - PCI: Change the type of probe argument in reset functions (jsc#SLE-19359). - commit 15b2a9c - PCI: Add support for ACPI _RST reset method (jsc#SLE-19359). - commit 954ff8e - PCI: Setup ACPI fwnode early and at the same time with OF (jsc#SLE-19357). - commit 4efb7e7 - mm: fs: invalidate bh_lrus for only cold path (git fixes (fs)). - mm/shmem.c: fix judgment error in shmem_is_huge() (git fixes (mm/shmem)). - commit 9a4edb0 - PCI: Use acpi_pci_power_manageable() (jsc#SLE-19357). - commit b978bc6 - PCI: Add pci_set_acpi_fwnode() to set ACPI_COMPANION (jsc#SLE-19357). - commit edd957b - PCI: Allow userspace to query and set device reset mechanism (jsc#SLE-19359). - commit 836778f - PCI: Remove reset_fn field from pci_dev (jsc#SLE-19359). - commit de732a2 - PCI: Add array to track reset method ordering (jsc#SLE-19359). - commit b158f04 - PCI: Add pcie_reset_flr() with 'probe' argument (jsc#SLE-19359). - PCI: Cache PCIe Device Capabilities register (jsc#SLE-19359). - commit da5c594 - PCI/VPD: Treat invalid VPD like missing VPD capability (jsc#SLE-19359). - commit 53f468a - PCI/VPD: Determine VPD size in pci_vpd_init() (jsc#SLE-19359). - commit 470bfbb - PCI/VPD: Embed struct pci_vpd in struct pci_dev (jsc#SLE-19359). - commit 47aa1b9 - PCI/VPD: Remove struct pci_vpd.valid member (jsc#SLE-19359). - commit ef22353 - kernel-binary.spec: Bump dwarves requirement to 1.22. 1.22 is finally released, and it is required for functionality. - commit 83e6c84 ++++ gcc11: - Remove spurious exit from change_spec. ++++ libglvnd: - libglvnd.rpmlintrc * workaround for future buildcheck (boo#1191763) ++++ openssl-1_1: - Import centralized crypto policy profile from Factory [jsc#SLE-15832] * openssl-1.1.1-system-cipherlist.patch * openssl-1_1-disable-test_srp-sslapi.patch * openssl-1_1-seclevel.patch * openssl-1_1-use-seclevel2-in-tests.patch ++++ libxml2: - Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild. ++++ osinfo-db: - Update to database version 20211013 osinfo-db-20211013.tar.xz ++++ podman: - Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). ++++ libxml2-python: - Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild. ++++ tpm2.0-tools: - Update to version 5.2: + tpm2_nvextend: * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_Extend command to the TPM. + tpm2_nvread: * Added option --rphash=FILE to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NVRead command to the TPM. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. + tpm2_nvsetbits: * Added option --rphash=FILE to specify file path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_SetBits command to the TPM. + tpm2_createprimary: * Support public-key output at creation time in various public-key formats. + tpm2_create: * Support public-key output at creation time in various public-key formats. + tpm2_print: * Support outputing public key in various public key formats over the default YAML output. Supports taking -u output from tpm2_create and converting it to a PEM or DER file format. + tpm2_import: * Add support for importing keys with sealed-data-blobs. + tpm2_rsaencrypt, tpm2_rsadecrypt: * Add support for specifying the hash algorithm with oaep. + tpm2_pcrread, tpm2_quote: * Add option -F, --pcrs_format to specify PCR format selection for the binary blob in the PCR output file. 'values' will output a binary blob of the PCR values. 'serialized' will output a binary blob of the PCR values in the form of serialized data structure in little endian format. + tpm2_eventlog: * Add support for decoding StartupLocality. * Add support for printing the partition information. * Add support for reading eventlogs longer than 64kb including from /sys/kernel/security/tpm0/binary_bios-measurements. + tpm2_duplicate: * Add option -L, --policy to specify an authorization policy to be associated with the duplicated object. * Added support for external key duplication without needing the TCTI. + tools: * Enhance error message on invalid passwords when sessions cannot be used. + lib/tpm2_options: * Add option to specify fake tcti which is required in cases where sapi ctx is required to be initialized for retrieving command parameters without invoking the tcti to talk to the TPM. + openssl: * Dropped support for OpenSSL < 1.1.0 * Add support for OpenSSL 3.0.0 + Support added to make the repository documentation and man pages available live on readthedocs. + Bug-fixes: * tpm2_import: Don't allow setting passwords for imported object with -p option as the tool doesn't modify the TPM2B_SENSITIVE structure. Added appropriate logging to indicate using tpm2_changeauth after import. * lib/tpm2_util.c: The function to calculate pHash algorithm returned error when input session is a password session and the only session in the command. * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under ECC. * tpm2_sign: Fix segfaults when tool does not find TPM resources (TPM or RM). * tpm2_makecredential: Fix an issue where reading input from stdin could result in unsupported data size larger than the largest digest size. * tpm2_loadexternal: Fix an issue where restricted attribute could not be set. * lib/tpm2_nv_util.h: The NV index size is dependent on different data sets read from the GetCapability structures because there is a dependency on the NV operation type: Define vs Read vs Write vs Extend. Fix a sane default in the case where GetCapability fails or fails to report the specific property/ data set. This is especially true because some properties are TPM implementation dependent. * tpm2_createpolicy: Fix an issue where tool exited silently without reporting an error if wrong pcr string is specified. * lib/tpm2_alg_util: add error message on public init to prevent tools from dying silently, add an error message. * tpm2_import: fix an issue where an imported hmac object scheme was NULL. While allowed, it was inconsistent with other tools like tpm2_create which set the scheme as hmac->sha256 when generating a keyedhash object. - Drop patches already in upstream: + 0001-tpm2_checkquote-fix-uninitialized-variable.patch + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch ------------------------------------------------------------------ ------------------ 2021-10-19 - Oct 19 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add rpmlintrc: Filter shlib-policy-name-error for libdns_sd (boo#1191750). ++++ grub2: - Fix installation on usrmerged s390x ++++ kernel-default: - blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically - commit cf4ab4f - x86/fpu: Mask out the invalid MXCSR bits properly (bsc#1190497). - commit 58acecc - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - commit 3d53a5b - rpm/kernel-obs-build.spec.in: reduce initrd functionality For building in OBS, we always build inside a virtual machine that gets a new, freshly created scratch filesystem image. So we do not need to handle fscks because that ain't gonna happen, as well as not we do not need to handle microcode update in the initrd as these only can be run on the host system anyway. We can also strip and hardlink as an additional optimisation that should not significantly hurt. - commit c72c6fc - blacklist.conf: 424b650f35c7 ("tracing: Fix missing osnoise tracer on max_latency") A cleanup. Not needed, because our configuration does not allow the fixed case. - commit aae9b8a - nvme-pci: Fix abort command id (git-fixes). - commit e887eb9 - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - commit e69f9af ++++ pcre: - pcre 8.45 (the final release) * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771). - pcre 8.44 * Small patch to pcreposix.c to set the erroroffset field to -1 immediately after a successful compile, instead of at the start of matching to avoid a sanitizer complaint (regexec is supposed to be thread safe). * Check the size of the number after (?C as it is read, in order to avoid integer overflow. (bsc#1172974, CVE-2020-14155) * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference in pcretest. - pcre 8.43 * In a pattern such as /[^\x{100}-\x{ffff}]*[\x80-\xff]/ which has a repeated negative class with no characters less than 0x100 followed by a positive class with only characters less than 0x100, the first class was incorrectly being auto-possessified, causing incorrect match failures. * If the only branch in a conditional subpattern was anchored, the whole subpattern was treated as anchored, when it should not have been, since the assumed empty second branch cannot be anchored. Demonstrated by test patterns such as /(?(1)^())b/ or /(?(?=^))b/. * Fix subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier. This issue was found by Yunho Kim. (bsc#1172973 CVE-2019-20838) * If a pattern started with a subroutine call that had a quantifier with a minimum of zero, an incorrect "match must start with this character" could be recorded. Example: /(?&xxx)*ABC(?XYZ)/ would (incorrectly) expect 'A' to be the first character of a match. - pcre 8.42 * If a backreference with a minimum repeat count of zero was first in a pattern, apart from assertions, an incorrect first matching character could be recorded. For example, for the pattern /(?=(a))\1?b/, "b" was incorrectly set as the first character of a match. * Fix out-of-bounds read for partial matching of /./ against an empty string when the newline type is CRLF. * When matching using the the REG_STARTEND feature of the POSIX API with a non-zero starting offset, unset capturing groups with lower numbers than a group that did capture something were not being correctly returned as "unset" (that is, with offset values of -1). * Matching the pattern /(*UTF)\C[^\v]+\x80/ against an 8-bit string containing multi-code-unit characters caused bad behaviour and possibly a crash. This issue was fixed for other kinds of repeat in release 8.37 by change 38, but repeating character classes were overlooked. ++++ systemd: - Disable nss-systemd and translations features for the mini flavour ------------------------------------------------------------------ ------------------ 2021-10-18 - Oct 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - PCI/VPD: Remove struct pci_vpd_ops (git-fixes). - commit 984c94d - PCI/VPD: Remove struct pci_vpd.flag (jsc#SLE-19359). - commit 006d47c - PCI/VPD: Make pci_vpd_wait() uninterruptible (jsc#SLE-19359). - commit 334e7ed - PCI/VPD: Remove pci_vpd_size() old_size argument (jsc#SLE-19359). - commit 420bcdb - PCI/VPD: Allow access to valid parts of VPD if some is invalid (jsc#SLE-19359). - commit b0220ad - PCI/VPD: Don't check Large Resource Item Names for validity (jsc#SLE-19359). - commit 3f38b29 - Update upstream commit id for rtw89 patch (bsc#1191321) - commit 6302389 - EDAC/armada-xp: Fix output of uncorrectable error counter (bsc#1190497). - commit ab34390 - PCI/VPD: Reject resource tags with invalid size (jsc#SLE-19359). - commit 2e7fe76 - PCI/VPD: Reorder pci_read_vpd(), pci_write_vpd() (jsc#SLE-19359). - commit ca27a75 - PCI/MSI: Use new mask/unmask functions (jsc#SLE-19359). - commit 170d718 - PCI/MSI: Provide a new set of mask and unmask functions (jsc#SLE-19359). - commit c486b09 - PCI/MSI: Cleanup msi_mask() (jsc#SLE-19359). - commit d5b790b - PCI/MSI: Deobfuscate virtual MSI-X (jsc#SLE-19359). - commit 3f4f59c - PCI/MSI: Consolidate error handling in msi_capability_init() (jsc#SLE-19359). - commit 7aeefb4 - PCI/MSI: Rename msi_desc::masked (jsc#SLE-19359). - commit 1677f96 - s390/pci: Do not mask MSI[-X] entries on teardown (jsc#SLE-19359). - commit b8a920c - PCI/MSI: Simplify msi_verify_entries() (jsc#SLE-19359). - commit d5590a9 - eeprom: 93xx46: fix MODULE_DEVICE_TABLE (git-fixes). - commit d949730 - drivers: bus: simple-pm-bus: Add support for probing simple bus only devices (git-fixes). - driver core: Reject pointless SYNC_STATE_ONLY device links (git-fixes). - mei: hbm: drop hbm responses on early shutdown (git-fixes). - fpga: ice40-spi: Add SPI device ID table (git-fixes). - eeprom: 93xx46: Add SPI device ID table (git-fixes). - eeprom: at25: Add SPI ID table (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: adis16480: fix devices that do not support sleep mode (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: adis16475: fix deadlock on frequency set (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - iio: adc: ad7793: Fix IRQ flag (git-fixes). - iio: adc: ad7780: Fix IRQ flag (git-fixes). - iio: adc: ad7192: Add IRQ flag (git-fixes). - iio: adc: max1027: Fix the number of max1X31 channels (git-fixes). - iio: adc: max1027: Fix wrong shift with 12-bit devices (git-fixes). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: accel: fxls8962af: return IRQ_HANDLED when fifo is flushed (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - Input: resistive-adc-touch - fix division by zero error on z1 == 0 (git-fixes). - commit 4a8ed33 - net: mana: Fix error handling in mana_create_rxq() (jsc#SLE-18779, bsc#1185726). - commit 2dddb33 - Linux 5.14.13 (stable-5.14.13). - commit 8c13fce - ext4: correct the error path of ext4_write_inline_data_end() (stable-5.14.13). - ext4: check and update i_disksize properly (stable-5.14.13). - sched: Always inline is_percpu_thread() (stable-5.14.13). - perf/core: fix userpage->time_enabled of inactive events (stable-5.14.13). - hwmon: (pmbus/ibm-cffps) max_power_out swap changes (stable-5.14.13). - hwmon: (ltc2947) Properly handle errors when looking for the external clock (stable-5.14.13). - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (stable-5.14.13). - scsi: ses: Fix unsigned comparison with less than zero (stable-5.14.13). - io_uring: kill fasync (stable-5.14.13). - drm/amdgpu: fix gart.bo pin_count leak (stable-5.14.13). - net: sun: SUNVNET_COMMON should depend on INET (stable-5.14.13). - mac80211: check return value of rhashtable_init (stable-5.14.13). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (stable-5.14.13). - net: bgmac-platform: handle mac-address deferral (stable-5.14.13). - net: prevent user from passing illegal stab size (stable-5.14.13). - netfilter: nf_nat_masquerade: defer conntrack walk to work queue (stable-5.14.13). - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic (stable-5.14.13). - netfilter: ip6_tables: zero-initialize fragment offset (stable-5.14.13). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (stable-5.14.13). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (stable-5.14.13). - ALSA: usb-audio: Unify mixer resume and reset_resume procedure (stable-5.14.13). - ALSA: oxfw: fix transmission method for Loud models based on OXFW971 (stable-5.14.13). - pinctrl: qcom: sc7280: Add PM suspend callbacks (stable-5.14.13). - m68k: Handle arrivals of multiple signals correctly (stable-5.14.13). - KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule (stable-5.14.13). - vboxfs: fix broken legacy mount signature checking (stable-5.14.13). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (stable-5.14.13). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (stable-5.14.13). - commit b87c703 - Update patch references for stable-5.14.13 - commit 35174a4 ++++ pcsc-lite: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_pcscd.service.patch ++++ systemd: - Enable build of systemd-experimental sub-package It will be shipped in Leap only. - Really enable libiptc for masquerading support (bsc#1191651) Currently used by systemd-nspawn and systemd-networkd. - Convert systemd package to multibuild ++++ libvirt: - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active ++++ libzypp: - Zypper should keep cached files if transaction is aborted (bsc#1190356) Singletrans mode currently does not keep files around if the transaction is aborted. This patch fixes the problem. - Require a minimum number of mirrors for multicurl (bsc#1191609) - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324) Especially in a VM iterating over all possible fd's to close open ones right before a exec() slows down zypper unnecessarily. This patch uses /proc/self/fd to iterate over open fd's in case rlimit is above 1024. - po: Fix some lost '%' signs in positional args (bsc#1191370) - RepoManager: Don't probe for plaindir repo if URL schema is plugin: (bsc#1191286) - version 17.28.6 (22) ++++ pam_u2f: - Define macro _pam_moduledir if not set to fix builds for Leap and SLE ++++ supportutils: - getappcore identifies compressed core files (bsc#1191794) ++++ zypper: - Fix compiler warning. - zypper.conf: New option whether to collect subcommands found in $PATH (fixes #379) +[subcommand] i + +## Whether to look for subcommands in $PATH +## +## If a subcommand is not found in the zypper_execdir, the wrapper +## will look in the rest of your $PATH for it. Thus, it's possible +## to write local zypper extensions that don't live in system space. +## See section SUBCOMMANDS in the zypper manpage. +## +## Valid values: boolean +## Default value: yes +## +# seachSubcommandInPath = yes. - help subcommand: show path of command found in $PATH. - version 1.14.50 ------------------------------------------------------------------ ------------------ 2021-10-17 - Oct 17 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - clk: renesas: r9a07g044: Mark IA55_CLK and DMAC_ACLK critical (git-fixes). - clk: socfpga: agilex: fix duplicate s2f_user0_clk (git-fixes). - firmware: arm_ffa: Fix __ffa_devices_unregister (git-fixes). - firmware: arm_ffa: Add missing remove callback to ffa_bus_type (git-fixes). - commit 4bfc04e ------------------------------------------------------------------ ------------------ 2021-10-16 - Oct 16 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.52.2: + New features: - rsvg-convert now supports generating multi-page PDFs in a sensible way. - With one SVG document per page, each page with the SVG's natural size: - rsvg-convert --format=pdf -o out.pdf a.svg b.svg c.svg - With all pages sized as portrait US Letter, and each SVG scaled to fit so that there is a 1in margin around each page: rsvg-convert --format=pdf -o out.pdf \ - -page-width=8.5in --page-height=11in \ - -width=6.5in --height=8.5in --keep-aspect-ratio \ - -top=1in --left=1in a.svg b.svg c.svg Please see the man page for details. - Support elements inside . Also, support the CSS :link pseudo-class for matching against links. - Support the CSS :lang() pseudo-class for matching against an element's xml:lang attribute. - Support the mask-type property from SVG2. + Bugs fixed: - Don't panic when a shorthand property is set to inherit. - Fix regression with the viewport size of interior elements. - Allow length units to be case-insensitive, per SVG2. + Documentation: - There is now a FEATURES.md in the repository, where you can see all the elements, attributes, and properties that librsvg supports. We will be adding detail to this gradually. - For developers, there is now devel-docs/adding-a-property.md with a tutorial on how to add support for new CSS properties. ++++ kernel-default: - gpio: pca953x: Improve bias setting (git-fixes). - gpio: 74x164: Add SPI device ID table (git-fixes). - spi: bcm-qspi: clear MSPI spifie interrupt during probe (git-fixes). - spi: spi-nxp-fspi: don't depend on a specific node name erratum workaround (git-fixes). - spi: atmel: Fix PDC transfer setup bug (git-fixes). - spi: spidev: Add SPI ID table (git-fixes). - mtd: rawnand: qcom: Update code word value for raw read (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - commit 640042d - drm/r128: fix build for UML (git-fixes). - drm/nouveau/fifo: Reinstate the correct engine bit programming (git-fixes). - drm/hyperv: Fix double mouse pointers (git-fixes). - drm/fbdev: Clamp fbdev surface size if too large (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: dsi_phy_14nm: Take ready-bit into account in poll_for_ready (git-fixes). - drm/msm/dsi/phy: fix clock names in 28nm_8960 phy (git-fixes). - drm/msm/dpu: Fix address of SM8150 PINGPONG5 IRQ register (git-fixes). - commit 2a33767 - drm/msm: Do not run snapshot on non-DPU devices (git-fixes). - drm/msm/a3xx: fix error handling in a3xx_gpu_init() (git-fixes). - drm/msm/a4xx: fix error handling in a4xx_gpu_init() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dp: only signal audio when disconnected detected at dp_pm_resume (git-fixes). - drm/msm/submit: fix overflow check on 64-bit architectures (git-fixes). - drm/msm/a6xx: Track current ctx by seqno (git-fixes). - commit ae911f7 ++++ python-pytz: - update to 2021.3 * matches tzdata 2021c ------------------------------------------------------------------ ------------------ 2021-10-15 - Oct 15 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532) ++++ audit-secondary: - Add CONFIG parameter to %sysusers_generate_pre ++++ fdo-client: - This is the successor of sdo-client EPIC: SLE/SLE-22946 ++++ iputils: - Drop ProtectClock hardening, can cause issues if other device acceess is needed ++++ kernel-default: - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - commit 3fb3802 - scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18989). - commit 0d8669e ++++ libapparmor: - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532) ++++ rdma-core: - Update to rdma-core v37.1 (jsc#SLE-18381, jsc#SLE-19249) - Bugfixes on all providers - Fix cmake flags to correct paths for .pc files ++++ Mesa: - update to 21.2.4 * fourth bugfix release * 300 fixes from the new r300 maintainer! Additionally, panfrost, lots of crocus, some freedreno, intel, radv, core meas, gallivum, anv, spirv, gallim, aco, i915g, lima, and llvmpipe fixes. - supersedes U_gallivm-add-new-wrapper-around-Module.patch, U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ++++ systemd: - Import commit ad045db5d34afeb4ece43f349783eda931e49a04 (merge of v249.5) 8de173ff93 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/2f8e2ef85dfbe8e10a21e0e1bd5e356ff8ed6c5a...ad045db5d34afeb4ece43f349783eda931e49a04 - Rename %{gnu-efi} into %{sd_boot} Build conditionals (%bcond_with and %bcond_without) are used to define a specific feature of systemd. "gnu-efi" is rather an implemenation detail. Also not really sure what "efi" option alone is useful for since systemd-boot & co depends on "gnu-efi". - Enable sd_boot support for aarch64 - Suppress PAM warning when the credentials for user@.service service are established (bsc#1190515) systemd-user PAM service needs to define a default implementation of pam_setcred() otherwise the fallback (defined by /etc/pam.d/other) is used, which consists of pam_warn.so + pam_deny.so, and will throw a warning each time a user logs in. - Drop systemd-logger (Leap only) This sub package was introduced in order to configure persistent journal and also to make sure that another syslog provider (such as rsyslog) couldn't be installed at the same time: each syslog provider conflicts with each others. However this mechanism didn't work since uninstalling systemd-logger wasn't magically turning off persistent logging because /var/log/journal is likely to be populated hence not removed. Moreover using a subpackage to configure the mode of journald was overkill and the usual ways (main conf file or drop-ins) should be preferred. This change should have no effect on SLE as the sub-package was shipped in Leap only. ++++ libvirt: - Drop 'Requires: libvirt-daemon-driver-lxc' from the main libvirt package jsc#SLE-22296 - qemu: Do not report eof when processing monitor IO 2703b0b5-qemu-dont-report-eof.patch bsc#1190917 ++++ nvme-cli: - Drop ProtectClock hardening, can cause issues if other device acceess is needed ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#527 - ensure perl-XML-Simple is available in installation system (bsc#1191498) - 16.57.2 ------------------------------------------------------------------ ------------------ 2021-10-14 - Oct 14 2021 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Add crypto-policies support in SLE-15-SP4 [jsc#SLE-20287] ++++ kernel-default: - scsi: bnx2i: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19010). - commit 7d4390e - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - commit c792d6c - Move upstreamed ALSA fix into sorted section - commit 0bb2bac - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: usb-audio: Fix a missing error check in scarlett gen2 mixer (git-fixes). - commit ed955ae - supported.conf: sort sound/* entries - commit 590a3e1 - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: target: usb: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: ibm_vscsi: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: srpt: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: sbp: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: qla2xxx: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: iscsi: Replace tpg enable attr with ops.enable (bsc#1191649). - scsi: target: core: Add common tpg/enable attribute (bsc#1191649). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - commit 0d93e70 ++++ Mesa: - u_fix-build-on-ppc64le.patch * fixes build on ppc64le (boo#1191569) ++++ lshw: - Update to version B.02.19.2+git.20211013: * add some includes * fix typo * cosmetic fixes * support for new ethtool capabilities * code clean-up * code clean-up * allow pkg-config override * allow pkg-config override * Remove unnecessary space before closing parenthesis * Translate all words of a phrase together * Fix another typo ++++ pam: - Added tmpfiles for pam to set up directory for pam_faillock. [pam.conf] ++++ ovmf: - Update to edk2-stable202108 - Features (https://github.com/tianocore/edk2/releases): OvmfPkg: remove Xen support from OvmfPkg*.dsc, in favor of OvmfXen.dsc Add CLANGDWARF toolchain for generating ELF+DWARF NetworkPkg/IScsiDxe: remotely exploitable buffer overflows NetworkPkg/IScsiDxe: add sha256 support to CHAP Create header files and multiple Hobs for Universal Payload Add search feature in config editor Add additional build option to treat Dynamic Pcd as DynamicEx Pcd Add a new MicrocodeLib for microcode loading Implement key enrolment from default key variables StandaloneMm support for 32bit Arm machines Add firmware support for Cloud Hypervisor on arm64 Support architecture-specific openssl acceleration Support measured AMD SEV boot with kernel/initrd/cmdline Add ACPI 6.4 header Add new BootDiscoveryPolicyUiLib - Patches (git log --oneline --reverse edk2-stable202105~..edk2-stable202108): e1999b264f ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3 b8ed8c0fb2 Maintainers.txt: add Sami Mujawar as top-level ArmVirtPkg reviewer dbc22a1785 UefiCpuPkg/MpInitLib: Allocate a separate SEV-ES AP reset stack area 0095070e70 MdePkg/Register/Amd: expand the SEV MSR to include the SNP definition f828fc9876 MdePkg/Register/Amd: realign macros with more space for future expansion 34e16ff883 MdePkg/Register/Amd: define GHCB macros for hypervisor feature detection f0983b2074 MdePkg/Register/Amd: define GHCB macro for Register GPA structure 4665fa6503 MdePkg/Register/Amd: define GHCB macro for the Page State Change dfd41aef78 MdePkg/Register/Amd: define GHCB macros for SNP AP creation 5a7cbd54a1 MdePkg/BaseLib: add support for PVALIDATE instruction 2b5b2ff04d MdePkg/BaseLib: add support for RMPADJUST instruction 901a9bfc3a OvmfPkg/BaseMemEncryptSevLib: introduce MemEncryptSevClearMmioPageEncMask() c394fa4c9e OvmfPkg/AmdSevDxe: use MemEncryptSevClearMmioPageEncMask() to clear EncMask 8ee4e52ba8 OvmfPkg/QemuFlashFvbServicesRuntimeDxe: use Mmio helper to clear enc mask b4a8de5d27 OvmfPkg/TpmMmioSevDecryptPei: use MemEncryptSevClearMmioPageEncMask() adfa3327d4 OvmfPkg/BaseMemEncryptSevLib: remove Flush parameter fe5da0927a IntelFsp2WrapperPkg: Remove microcode related PCDs d3ff5dbe1d MdePkg: MmControl: Fix function and structure definition mismatches 197e27c90a MdePkg: Add new 16550-compatible Serial Port Subtypes to DBG2 fdf3666f01 MdePkg: Update DBG2 and SPCR header with NVIDIA 16550 Subtype b233eb1849 EmbeddedPkg/RealTimeClockRuntimeDxe: Improve GetWakeupTime b5379899b3 MdeModulePkg/Xhci: Fix TRT when data length is 0 039e07f626 MdePkg/MdeModulePkg: Move AML_NAME_SEG_SIZE definition 1f515342d8 DynamicTablesPkg: Use AML_NAME_SEG_SIZE define 75e9154f81 OvmfPkg/VirtioMmioDeviceLib: Add EFIAPI to VirtioMmioSetQueueAddress c410ad4da4 MdePkg/BaseLib: Fix AsmReadSs() with GCC toolchain c1aa3bab12 BaseTools: Add ClangBase.lds for CLANG8 tool chain with max-page-size c6b872c6ab BaseTools GenFw: Support CLANG8ELF with conversion ELF to PE/COFF image cf9959adff BaseTools: Update build_rule to skip CLANG resource section generation 4b56ad2049 BaseTools: Add new CLANG8ELF tool chain for new LLVM/CLANG8 e1636fe18f BaseTools: Update ClangBase.lds to keep dynamic section 924c2b847f BaseTools: Change CLANG8ELF to CLANGDWARF e25566cd2b OvmfPkg: remove the Xen drivers from the IA32, IA32X64, and X64 platforms aa7f19f480 OvmfPkg: remove the Xen drivers from the AmdSev platform 7bc04a75a7 OvmfPkg: switch IA32, IA32X64, X64 to the fw_cfg-only ACPI platform driver d697037446 OvmfPkg: switch the AmdSev platform to the fw_cfg-only ACPI platform driver ae4aa4a346 OvmfPkg/README: bump minimum QEMU version to 1.7.1, machine types to 1.7 2a85d9b07e OvmfPkg/AcpiPlatformDxe: fix header file warts 180f1908b3 OvmfPkg/AcpiPlatformDxe: sort #includes and [LibraryClasses] 6d1e56e715 OvmfPkg/AcpiPlatformDxe/QemuLoader.h: remove QemuFwCfgLib class dependency 747b1ef725 OvmfPkg/AcpiPlatformDxe: move "QemuLoader.h" to IndustryStandard cc302b799e OvmfPkg/AcpiPlatformDxe: consolidate #includes and [LibraryClasses] c9bba52fc7 OvmfPkg/XenAcpiPlatformDxe: create from AcpiPlatformDxe a31fcb5096 OvmfPkg/AcpiPlatformDxe: remove the "AcpiPlatformDxe.inf" driver 4115840c28 OvmfPkg/XenAcpiPlatformDxe: remove the QEMU ACPI linker/loader client d6ba8aa6ef OvmfPkg/XenAcpiPlatformDxe: remove QEMU fw_cfg dependency 3f975ee570 OvmfPkg/XenAcpiPlatformDxe: remove the InstallAcpiTable() helper function 8f8d3d90c5 OvmfPkg/XenAcpiPlatformDxe: remove OVMF's built-in ACPI tables 4174c5c787 OvmfPkg/Bhyve/AcpiPlatformDxe: fix file path typo in comment d491c88a0c OvmfPkg/AcpiTables: remove unused module e7641171b6 OvmfPkg/OvmfXen: make "PcdPciDisableBusEnumeration" Fixed-at-Build 3357ac7380 OvmfPkg/XenAcpiPlatformDxe: remove delayed ACPI table installation d06eb2d1d9 OvmfPkg/PlatformPei: remove Xen support 8899e3fe6a OvmfPkg: drop PcdPciDisableBusEnumeration from the IA32, IA32X64, X64 DSCs 2833589ad0 OvmfPkg: drop PcdPciDisableBusEnumeration from the AmdSev platform e43cca74ad OvmfPkg/Bhyve: make "PcdPciDisableBusEnumeration" Fixed-at-Build b005f9f1f5 OvmfPkg/OvmfXen: remove IncompatiblePciDeviceSupport DXE driver 8c8f886f27 OvmfPkg/Bhyve: remove IncompatiblePciDeviceSupport DXE driver 984c93ece3 OvmfPkg/IncompatiblePciDeviceSupportDxe: remove PcdPciDisableBusEnumeration 32fef03563 OvmfPkg/PciHostBridgeLib: consolidate #includes and INF file sections e120c962f5 OvmfPkg/PciHostBridgeLibScan: create from PciHostBridgeLib c2f24ba321 OvmfPkg/Bhyve: consume PciHostBridgeLibScan 307763c3da OvmfPkg/OvmfXen: consume PciHostBridgeLibScan 242678da2a OvmfPkg/PciHostBridgeLib: remove Bhyve and Xen support 33d4f3e39e OvmfPkg/PciHostBridgeLibScan: remove QEMU (fw_cfg) support 4c81178cf0 OvmfPkg/PciHostBridgeLibScan: remove PcdOvmfHostBridgePciDevId 8af38170b5 OvmfPkg/PciHostBridgeLibScan: clean up file names and file-top comments 7e25086a00 OvmfPkg/SmbiosPlatformDxe: clean up #includes and INF 5072593738 OvmfPkg/SmbiosPlatformDxe: return EFI_NOT_FOUND if there is no SMBIOS data 4db374562f OvmfPkg/SmbiosPlatformDxe: locate SMBIOS protocol in InstallAllStructures() a8ab14424e OvmfPkg/SmbiosPlatformDxe: split GetXenSmbiosTables() decl. to new header 9d84e74ca0 OvmfPkg/SmbiosPlatformDxe: declare InstallAllStructures() in header file d4a8aaee73 OvmfPkg/SmbiosPlatformDxe: create Xen-specific module INF file ce270905bf OvmfPkg/SmbiosPlatformDxe: split Xen entry point from QEMU entry point 51adb689e1 OvmfPkg: restrict XenPlatformLib to BdsDxe in the IA32, IA32X64, X64 DSCs ddb3fdbef3 BaseTools GenFw: Fix regression issue to convert the image to ACPI data 558d83ab1a OvmfPkg/README: Fix typo in README beb443fde0 ShellPkg: Fix typo 702ba436ed OvmfPkg/PlatformCI: bump QEMU choco package version to 2021.5.5 83761337ec NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters 29cab43bb7 NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size 95616b8661 NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" e8f28b09e6 NetworkPkg/IScsiDxe: clean up library class dependencies cf01b2dc8f NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex() d90fff40cb NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds dc469f1371 NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block 47b76780b4 NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing 54e90edaed NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow b8649cf2a3 NetworkPkg/IScsiDxe: check IScsiHexToBin() return values 288bd74a22 Pytool: SpellCheck: Fix incorrect file mask across package matrices 1ad794b627 MdeModulePkg: Fix device path when boot manager menu is from different FV 11b1c1d4b9 SecurityPkg: TcgStorageOpalLib: Initialize SupportedAttributes parameter. d58016b768 UefiPayloadPkg: Get platform specific logic via protocol for BDS d8c18ba3f4 MdeModulePkg: Add Universal Payload general definition header file b597b6e24c MdeModulePkg: Add new structure for the PCI Root Bridge Info Hob 99de2e7e03 UefiPayloadPkg: UefiPayload retrieve PCI root bridge from Guid Hob 9d53e01efe MdeModulePkg: Add new structure for the Universal Payload SMBios Table Hob 70e8c9c3bc MdeModulePkg/Universal/SmbiosDxe: Scan for existing tables 302a8f353c UefiPayloadPkg: Create gUniversalPayloadSmbiosTableGuid Hob 75293330ea MdeModulePkg: Add new structure for the Universal Payload ACPI Table Hob 761329ee27 MdeModulePkg/ACPI: Install ACPI table from HOB. 8c0d678063 UefiPayloadPkg: Create gUniversalPayloadAcpiTableGuid Hob fa24b6ed26 UefiPayloadPkg: Use DynamicEx instead of Dynamic to pass PCD across binary c511426abe MdeModulePkg/UniversalPayload: Add definition for extra info in payload fe471d4a57 UefiPayloadPkg: Add PayloadLoaderPeim which can load ELF payload ab2b389e7a PeiCore: Remove assertion when failing to load PE image 1b380aa603 BaseTools GenFw: Keep read only alloc section as text when convert ELF 9cf9de668f StandaloneMmPkg: Core: Spelling error in comment 610385fa3b ArmPlatformPkg: SpellCheck: Switch spellcheck CI to AuditOnly 04ddd1271e ArmPkg: SpellCheck: Update valid acronyms in ExtendedWords cdf7544703 MdeModulePkg PciBusDxe: Increase the width of data read during oprom shadow 2847c72fda Maintainers.txt: Add Reviewers for Universal Payload definitions 1162ae8297 Maintainers.txt: Add reviewers for ACPI and SMBIOS modules a63914d3f6 ArmPkg: Move cache defs used in Universal/Smbios into ArmCache.h 6cfeeb71c4 UefiCpuPkg/CpuCommonFeaturesLib: Correct the CPU location check d9a7612f8d MdeModulePkg/BdsDxe: Update BdsEntry to use Variable Policy 5959879e92 ArmVirtPkg: Add PCIe host bridge utility lib for ArmVirtPkg 4dda0f7ab4 ArmVirtPkg: Enable PCIe support for Kvmtool 1e5e58d39b UefiPayloadPkg/UefiPayloadEntry: Improve bootloader memrange parsing 7471751a4d UefiPayloadPkg/UefiPayloadEntry: Remove 4GB memory WA 20ca528828 CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme. 18b2272e4d Azurepipeline: SpellCheck: Enforce Node dependency to use version 14.x eba32695ee CryptoPkg/BaseCryptLib: Enabled CryptSha512 for Smm/Runtime drivers 12e34cd2f7 OvmfPkg/Bhyve: clean up TPM_ENABLE remnants 82f727c4af UefiPayloadPkg: Add HobLib for UniversalPayload ea0bd5f6a7 MdeModulePkg: Add new structure for the Universal Payload Serial Port Info a75c029f60 UefiPayloadPkg: Add a separate PlatformHookLib for Universal Payload d63595c3c9 UefiPayloadPkg: Update the function definition of HobConstructor 0ff6de9358 UefiPayloadPkg: Create separate Payload Entry for UniversalPayload b208d37c73 UefiPayloadPkg: Get and enter DxeCore for Universal Payload 27cb64fffc UefiPayloadPkg: Fix up UPL Pcd database 6b69f73b59 UefiPayloadPkg: Include UniversalPayLoad modules in UefiPayloadPkg.dsc 86e6948cfb UefiPayloadPkg: Remove assert when reserve MMIO/IO resource for devices 2db0ed93ff UefiPayloadPkg: Add macro to enable and disable some drivers 3eb72b308a UefiPayloadPkg: Add PcdInstallAcpiSdtProtocol feature in UefiPayloadPkg caa139fe17 UefiPayloadPkg: Add PcdResetOnMemoryTypeInformationChange in UefiPayloadPkg 8efd912baf UefiPayloadPkg: Add new structure for BootManagerMenuFile HOB 19a541d70e UefiPayloadPkg: consume the BootManagerMenuFile HOB 333a866106 BaseTools: Remove check for Split.exe in toolset.bat f0a3f6d9c3 BaseTools: Fix spelling of "overwrite" and "overwriting" in toolset.bat 17143c4837 BaseTools: Reset ERRORLEVEL in toolsetup.bat after edk2basetools check abfff7c45d BaseTools GenFw: Add support for RISCV GOT/PLT relocations 27b8a52957 MdePkg: MmConfiguration: Move definition of EFI_MM_RESERVED_MMRAM_REGION d1fc3d7ef3 MdePkg: MmConfiguration: Added definition of MM Configuration PPI 5a2e030f73 OvmfPkg/GenericQemuLoadImageLib: plug cmdline blob leak on success 932449710c OvmfPkg/X86QemuLoadImageLib: plug cmdline blob leak on success 24b0e9d128 Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command line" cf20302474 OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs 9421f5ab8d OvmfPkg/X86QemuLoadImageLib: State fw_cfg dependency in file header b37cfdd280 OvmfPkg/XenPlatformPei: Relocate shared_info page mapping 55dee4947b MdePkg : Add IPMI Macro and Structure Defintions to resolve build errors 580b11201e IntelFsp2Pkg: Add Config Editor tool support 939ed3a592 UefiPayloadPkg/PayloadLoader: Fix bug in locating relocation section 3cde0d553d UefiPayloadPkg/PayloadLoader: Remove assertion 49eeda113a NetworkPkg/IScsiDxe: re-set session-level authentication state before login 7eba9f698e NetworkPkg/IScsiDxe: add horizontal whitespace to IScsiCHAP files 7b6c2b2a26 NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizes 903ce1d8f8 NetworkPkg/IScsiDxe: support multiple hash algorithms for CHAP 47fea2abcb NetworkPkg/IScsiDxe: support SHA256 in CHAP bb33c27fbe NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro 8697dc60cc Maintainers.txt: Update Maintainers and reviewers for UefiPayloadPkg fea7901dba UefiPayloadPkg: Fix the build failure 1e0c441c92 OvmfPkg/Bhyve: add USB support 44ced03798 OvmfPkg/Bhyve: use static PCI32Base address b3db0cb1f8 MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI spec 0a6b303dce UefiCpuPkg/ExceptionLib: Conditionally clear shadow stack token busy bit d10e058016 MdeModulePkg/RegularExpressionDxe: Fix memory assert in FreePool() 4c051c2c65 MdeModulePkg: Update YAML file to fix CI error 31fcee6d99 ArmVirtPkg: Add PlatformHasAcpiDtDxe for Cloud Hypervisor c28fc8ab3b ArmVirtPkg: Install Acpi tables for Cloud Hypervisor 0e3b6bd0ee ArmVirtPkg: support Cloud Hypervisor in edk2 b560e9d9b6 IntelFsp2Pkg: PatchFv parseInfFile function modification f47c4676dd Pytool: SpellCheck: Defer path expansion in cspell parameters cc89d245f9 Maintainers.txt: remove Laszlo Ersek's entries 84af6ea320 BaseTools/Scripts: Ignore Mergify merge commits in PatchCheck.py b491eace37 .mergify: Simplify Mergify rules using GitHub status checks 5ef08a49e3 .azurepipelines: Remove FINISHED and FAILED states ad1009ec62 MdePkg/Include: Add STATIC_ASSERT for L'' and L"" strings 3de3c24755 BaseTools: Remove non-ascii character of StructurePcd comment 40a9066439 BaseTools: Enable the flag to treat dynamic pcd as dynamicEx 22fe311bd2 .pytool/EccCheck: Locate BaseTools dir with EDK_TOOLS_PATH a050c599df .pytool/EccCheck: Rename edk2_path as workspace_path 50672d2692 .pytool/EccCheck: Check ecc_csv exists fb5b6220a9 .pytool/EccCheck: Set PACKAGES_PATH env var in Ecc fda5226aa3 UefiPayloadPkg: Dump hob information from boot loader 7d748705b1 MdeModulePkg: Change the PldHeader to Header in ExtraData.h 9bf4aee734 UefiPayloadPkg: Assign the length of UniversalPayload ExtraData d0b6596b8e MdeModulePkg/RamDiskDxe: Init list head before registering RamDisk protocol 91f5d3b410 IntelFsp2Pkg: BaseCacheLib EfiProgramMtrr MtrrNumber Should be UINT32 be282b1493 UefiPayloadPkg: Add PCD_DYNAMIC_AS_DYNAMICEX and set to True cac83b6f3b IntelFsp2Pkg: Add search function for Config Editor 4bac086e8e UefiPayloadPkg: Add FV Guid for DXEFV and PLDFV fddb8d24ec ArmPlatformPkg/Scripts: Infer dll load address from console output 885efcd3f9 MdePkg/Include: Smbios Specification 3.4.0 changes 83b43c4cb1 MdeModulePkg PCD: Print which PCD was unable to be found c32c5911c4 BaseTools GenFw: Add support for R_RISCV_PCREL_LO12_S relocation 097aeeb119 MdePkg/BaseLib: Add MemoryFence implementation for RiscV64 391cffcb61 MdeModulePkg PiSmmCore: Change MemoryAttributes message to DEBUG_VERBOSE 8781b143de BaseTools/Scripts: Fix GetMaintainer.py line endings 28ef05ce10 BaseTools/Scripts: Allow GitHub ID at end Maintainers.txt lines 2f5ad3f451 Maintainers.txt: Add GitHub IDs 332632abf3 Maintainers.txt: Add Jiewen Yao as OvmfPkg Maintainer 4d28a1c2fd BaseTools: Remove COMMON section from the GCC discard list 878a92a887 CryptoPkg/OpensslLib: Add native instruction support for X64 147f34b56c CryptoPkg/OpensslLib: Commit the auto-generated assembly files for X64 ac70e71b1f NetworkPkg: Making the HTTP IO timeout value programmable with PCD ab796d3e2a NetworkPkg: Add HTTP Additional Event Notifications b461d67639 OvmfPkg/ResetVector: move SEV specific code in a separate file 7f05102f65 OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT dc485c556d OvmfPkg/ResetVector: add the macro to request guest termination f05eb2dfe5 OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming 35e267cb34 OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds a26a08dc1f OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg 0cb48007f7 OvmfPkg: add library class BlobVerifierLib with null implementation c73e31f54d OvmfPkg: add BlobVerifierLibNull to DSC 6bf5580a3d ArmVirtPkg: add BlobVerifierLibNull to DSC d10ad8444f OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg 5ace477f34 OvmfPkg/AmdSev/SecretPei: build hob for full page 0deeab36d1 OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes 385b9d80a0 OvmfPkg/AmdSev: add BlobVerifierLibSevHashes 514b3aa08e OvmfPkg/AmdSev: Enforce hash verification of kernel blobs 8e6bb64fe4 EmbeddedPkg/VirtualRealTimeClockLib: Fix SetTime issues 610bcc69ed ArmVirtPkg: Remove meaningless comment 3445058aea MdeModulePkg/CapsuleApp: Fix typo in error message 2e1fb41339 build: Fix python3.10 threading DeprecationWarnings 0b1b0a9674 python: Replace distutils.utils.split_quotes with shlex.split fc50df0d8e BaseTools: Drop check for distutils.utils 03e77558d4 BaseTools: use shutil.copyfile instead shutil.copy2 2b47aaecef MdeModulePkg: Add BootDiscoveryPolicyUiLib. bb806a6e88 SecurityPkg: Create SecureBootVariableLib. 9732659698 SecurityPkg: Create library for enrolling Secure Boot variables. 12a4d0cb9d ArmVirtPkg: add SecureBootVariableLib class resolution 3d427c5f83 OvmfPkg: add SecureBootVariableLib class resolution b926956418 EmulatorPkg: add SecureBootVariableLib class resolution db959018b6 SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. a97e9e327e ArmPlatformPkg: Create include file for default key content. 94e065582b SecurityPkg: Add SecureBootDefaultKeysDxe driver 19107590b6 SecurityPkg: Add EnrollFromDefaultKeys application. 45f3dd2ce9 SecurityPkg: Add new modules to Security package. 55266a9b8a SecurityPkg: Add option to reset secure boot keys. 6355287206 Maintainers.txt: Add new maintainer and reviewer to EmbeddedPkg/ 9abc60f9f7 EmbeddedPkg/libfdt: Add strcmp and strncpy to libfdt_env.h 0856cdc89e MdePkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID 97fdcbda4e OvmfPkg: Remove Initrd LINUX_EFI_INITRD_MEDIA_GUID 4de77ae989 UefiCpuPkg/CpuCacheInfoLib: Sort CpuCacheInfo array 3c6107758b SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation b40bdd6ecd UefiPayloadPkg: Add Fixed PCDs and use Macro to define the default value. d497eace3b UefiPayloadPkg: define some PCD as DynamicEX PCD ac6e5d6b41 UefiPayloadPkg: change the default value of some PCDs. 672bd1c711 UefiPayloadPkg: Add a macro to enable or diable the serial driver. d02dbb53cd UefiPayloadPkg: Fix the non-ascii character in UniversalPayloadEntry.c a7ddc7847c RedfishPkg/JsonLib: Add more JsonLib functions 5963ce5d28 MdePkg: Add ACPI 6.4 header file 4d7137f261 MdePkg: Increment FADT version d910e83299 MdePkg: Rename SBSA Generic Watchdog to Arm Generic Watchdog ad3dea9861 MdePkg: Update PMTT to ACPI 6.4 ced4cb7609 MdePkg: Add SPA Location Cookie field to SPA Range structure c82d6dd4a3 MdePkg: Remove DPPT table 357383bc4f MdePkg: Add flags and MinTransferSize to Generic Initiator 7b17bcd9a0 MdePkg: Add 'Type 5' PCC structure 0938f9235c MdePkg: Add Multiprocessor Wakeup structure 75c4a8e10d MdePkg: Add the Platform Health Assessment Table (PHAT) 1803757a9b MdePkg: Add Secure Access Components in the SDEV table 605c4a1ff2 MdePkg: Add Cache ID to PPTT 3d359ff905 MdePkg: Fix broken coding style in Acpi64.h 7311e96417 RedfishPkg/RefishCrtLib: Public RefishCrtLib 03e19e6bc8 ArmPkg/IndustryStandard: 32b/64b agnostic FF-A, Mm SVC and Std SMC IDs aee0098faf ArmPkg: prepare 32bit ARM build of StandaloneMmPkg ca1773878d GenFv: Arm: support images entered in Thumb mode b7f0226a46 StandaloneMmPkg: fix pointer/int casts against 32bit architectures a776bbabd9 StandaloneMmPkg: build for 32bit arm machines ac826886c9 MdeModulePkg/UefiSortLib:Add UefiSortLib unit test 6fdd1c13a7 MdeModulePkg PCD: Reinstall PCD service PPIS when memory available ef56f55d19 EmbeddedPkg/NonCoherentDmaLib: Avoid dereferencing unset Map field 8dd4fc5be6 UefiCpuPkg/CpuCacheInfoLib: Correct logical for identifying cache type 7b4a99be8a CryptoPkg: BaseCryptLib fix incorrect param order - Removed patches which are merged to mainline: ovmf-bsc1186151-fix-iscsi-overflows.patch ovmf-xen-relocate-shared_info_page-map.patch - Updated patches ovmf-fix-xen-s3-detection.patch -> ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch ovmf-xen-add-qemu-kernel-loader-fs.patch -> ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch - Added patches ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch ++++ tar: - tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test 'tests/time01.at' on platforms with 32-bit time_t for now. - tar.spec: Reference it. (%check): Output the testsuite.log in case the testsuite failed. ------------------------------------------------------------------ ------------------ 2021-10-13 - Oct 13 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Create separate service for augenrules (bsc#1191614, bsc#1181400) * add create-augenrules-service.patch Remove ReadWritePaths=/etc/audit from auditd.service, also removes augenrules call from ExecStartPost. Create augenrules.service with the ReadWritePaths directive above. This makes /etc/audit only accessible by augenrules.service and let auditd.service (and daemon) to be sandboxed again. - Update audit-secondary.spec to accomodate the new service file. ++++ kernel-default: - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - commit 3e55f55 - Linux 5.14.12 (stable-5.14.12). - commit 71639b1 - x86/hpet: Use another crystalball to evaluate HPET usability (stable-5.14.12). - dsa: tag_dsa: Fix mask for trunked packets (stable-5.14.12). - commit 3ac1b3f - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (stable-5.14.12). - powerpc/32s: Fix kuap_kernel_restore() (stable-5.14.12). - powerpc/64s: Fix unrecoverable MCE calling async handler from NMI (stable-5.14.12). - powerpc/traps: do not enable irqs in _exception (stable-5.14.12). - powerpc/64s: fix program check interrupt emergency stack path (stable-5.14.12). - powerpc/bpf ppc32: Fix BPF_SUB when imm == 0x80000000 (stable-5.14.12). - x86/Kconfig: Correct reference to MWINCHIP3D (stable-5.14.12). - x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI (stable-5.14.12). - x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n (stable-5.14.12). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (stable-5.14.12). - commit a271375 - blacklist.conf: remove entries to be backported via stable tree - commit be385b6 - sysfs: Rename struct bin_attribute member to f_mapping (jsc#SLE-19359). - commit 15c2f03 - sysfs: Invoke iomem_get_mapping() from the sysfs open callback (jsc#SLE-19359). - commit bbc08fc - thunderbolt: build kunit tests without structleak plugin (jsc#SLE-19359). - commit ac50a23 - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - powerpc/security: Add a helper to query stf_barrier type (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - powerpc/lib: Add helper to check if offset is within conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - commit fb48dfd - powerpc/bpf ppc32: Do not emit zero extend instruction for 64-bit BPF_END (stable-5.14.12). - powerpc/bpf ppc32: Fix JMP32_JSET_K (stable-5.14.12). - powerpc/bpf ppc32: Fix ALU32 BPF_ARSH operation (stable-5.14.12). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (stable-5.14.12). - powerpc/bpf: Fix BPF_MOD when imm == 1 (stable-5.14.12). - objtool: Make .altinstructions section entry size consistent (stable-5.14.12). - objtool: Remove reloc symbol type checks in get_alt_entry() (stable-5.14.12). - scsi: iscsi: Fix iscsi_task use after free (stable-5.14.12). - RISC-V: Include clone3() on rv32 (stable-5.14.12). - bpf, s390: Fix potential memory leak about jit_data (stable-5.14.12). - commit 0b7cd77 - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (stable-5.14.12). - riscv/vdso: make arch_setup_additional_pages wait for mmap_sem for write killable (stable-5.14.12). - riscv/vdso: Move vdso data page up front (stable-5.14.12). - riscv/vdso: Refactor asm/vdso.h (stable-5.14.12). - net: prefer socket bound to interface when not in VRF (stable-5.14.12). - iavf: fix double unlock of crit_lock (stable-5.14.12). - i40e: Fix freeing of uninitialized misc IRQ vector (stable-5.14.12). - i40e: fix endless loop under rtnl (stable-5.14.12). - RISC-V: Fix VDSO build for !MMU (stable-5.14.12). - riscv: explicitly use symbol offsets for VDSO (stable-5.14.12). - commit 13da5f1 - drm/nouveau/fifo/ga102: initialise chid on return from channel creation (stable-5.14.12). - ARM: defconfig: gemini: Restore framebuffer (stable-5.14.12). - perf jevents: Free the sys_event_tables list after processing entries (stable-5.14.12). - rtnetlink: fix if_nlmsg_stats_size() under estimation (stable-5.14.12). - net: stmmac: trigger PCS EEE to turn off on link down (stable-5.14.12). - net: pcs: xpcs: fix incorrect steps on disable EEE (stable-5.14.12). - netlink: annotate data races around nlk->bound (stable-5.14.12). - net: pcs: xpcs: fix incorrect CL37 AN sequence (stable-5.14.12). - net: sfp: Fix typo in state machine debug string (stable-5.14.12). - net/sched: sch_taprio: properly cancel timer from taprio_destroy() (stable-5.14.12). - commit 58adfed - drm/i915/tc: Fix TypeC port init/resume time sanitization (stable-5.14.12). - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence (stable-5.14.12). - arm64: dts: ls1028a: fix eSDHC2 node (stable-5.14.12). - arm64: dts: imx8mm-kontron-n801x-som: do not allow to switch off buck2 (stable-5.14.12). - afs: Fix afs_launder_page() to set correct start file position (stable-5.14.12). - netfs: Fix READ/WRITE confusion when calling iov_iter_xarray() (stable-5.14.12). - net: bridge: fix under estimation in br_get_linkxstats_size() (stable-5.14.12). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (stable-5.14.12). - dt-bindings: drm/bridge: ti-sn65dsi86: Fix reg value (stable-5.14.12). - drm/i915/jsl: Add W/A 1409054076 for JSL (stable-5.14.12). - commit e19b658 - arm64: dts: imx8: change the spi-nor tx (stable-5.14.12). - ARM: dts: imx: change the spi-nor tx (stable-5.14.12). - powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 (stable-5.14.12). - netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event notification (stable-5.14.12). - net: stmmac: dwmac-rk: Fix ethernet on rk3399 based devices (stable-5.14.12). - net: mscc: ocelot: fix VCAP filters remaining active after being deleted (stable-5.14.12). - net_sched: fix NULL deref in fifo_set_limit() (stable-5.14.12). - net/mlx5e: Fix the presented RQ index in PTP stats (stable-5.14.12). - net/mlx5: Fix setting number of EQs of SFs (stable-5.14.12). - MIPS: Revert "add support for buggy MT7621S core detection" (stable-5.14.12). - commit 3909a87 - bpf, arm: Fix register clobbering in div/mod implementation (stable-5.14.12). - netfilter: nf_tables: reverse order in rule replacement expansion (stable-5.14.12). - netfilter: nf_tables: add position handle in event notification (stable-5.14.12). - netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1 (stable-5.14.12). - net/mlx5: Fix length of irq_index in chars (stable-5.14.12). - net/mlx5: Avoid generating event after PPS out in Real time mode (stable-5.14.12). - net/mlx5: Force round second at 1PPS out start time (stable-5.14.12). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (stable-5.14.12). - net/mlx5e: Keep the value for maximum number of channels in-sync (stable-5.14.12). - net/mlx5e: IPSEC RX, enable checksum complete (stable-5.14.12). - commit bbb8378 - riscv: Flush current cpu icache before other cpus (stable-5.14.12). - xtensa: call irqchip_init only when CONFIG_USE_OF is selected (stable-5.14.12). - xtensa: use CONFIG_USE_OF instead of CONFIG_OF (stable-5.14.12). - ARM: dts: imx6qdl-pico: Fix Ethernet support (stable-5.14.12). - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (stable-5.14.12). - ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo (stable-5.14.12). - arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding (stable-5.14.12). - Revert "arm64: dts: qcom: sc7280: Fixup the cpufreq node" (stable-5.14.12). - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (stable-5.14.12). - ARM: at91: pm: do not panic if ram controllers are not enabled (stable-5.14.12). - commit 0497f48 - scsi: ufs: core: Fix task management completion (stable-5.14.12). - xen/balloon: fix cancelled balloon action (stable-5.14.12). - SUNRPC: fix sign error causing rpcsec_gss drops (stable-5.14.12). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (stable-5.14.12). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (stable-5.14.12). - ARM: dts: omap3430-sdp: Fix NAND device node (stable-5.14.12). - ARM: dts: imx6dl-yapp4: Fix lp5562 LED driver probe (stable-5.14.12). - ARM: dts: qcom: apq8064: use compatible which contains chipid (stable-5.14.12). - ovl: fix IOCB_DIRECT if underlying fs doesn't support direct IO (stable-5.14.12). - ovl: fix missing negative dentry check in ovl_rename() (stable-5.14.12). - commit fd84f59 - xen/privcmd: fix error handling in mmap-resource processing (stable-5.14.12). - mmc: sdhci-of-at91: replace while loop with read_poll_timeout (stable-5.14.12). - drm/amd/display: Fix detection of 4 lane for DPALT (stable-5.14.12). - drm/amd/display: Limit display scaling to up to 4k for DCN 3.1 (stable-5.14.12). - drm/amdgpu: During s0ix don't wait to signal GFXOFF (stable-5.14.12). - drm/amd/display: USB4 bring up set correct address (stable-5.14.12). - drm/amd/display: Fix DCN3 B0 DP Alt Mapping (stable-5.14.12). - drm/amd/display: Fix B0 USB-C DP Alt mode (stable-5.14.12). - drm/nouveau/ga102-: support ttm buffer moves via copy engine (stable-5.14.12). - commit d9a85e7 - Update patch references for stable-5.14.12 - commit 5952e94 - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1190497). - commit 6c546c2 - supported.conf: Avoid wildcard use for wireless drivers The wildcard may put modules into the wrong subpackage unexpectedly. Expand and adjusted entries manually instead. - commit 83560a0 - Partially revert "usb: Kconfig: using select for USB_COMMON dependency" (git-fixes). - Update config files. - supported.conf: add usb-common - commit 0ea5896 - fbdev: simplefb: fix Kconfig dependencies (git-fixes). - Update config files. - commit 0c3a03c - USB: cdc-acm: fix break reporting (git-fixes). - USB: cdc-acm: fix racy tty buffer accesses (git-fixes). - usb: gadget: f_uac2: fixed EP-IN wMaxPacketSize (git-fixes). - usb: cdc-wdm: Fix check for WWAN (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - commit 65dd579 - platform/x86: intel_skl_int3472: Correct null check (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: dell: Make DELL_WMI_PRIVACY depend on DELL_WMI (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - usb: typec: tcpci: don't handle vSafe0V event if it's not enabled (git-fixes). - usb: typec: tipd: Remove dependency on "connector" child fwnode (git-fixes). - usb: xhci: tegra: mark PM functions as __maybe_unused (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - commit 9b7e7bd - i2c: mlxcpld: Modify register setting for 400KHz frequency (git-fixes). - i2c: mlxcpld: Fix criteria for frequency setting (git-fixes). - i2c: mediatek: Add OFFSET_EXT_CONF setting back (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - mmc: sdhci-of-at91: wait for calibration done before proceed (git-fixes). - drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume (git-fixes). - drm/amdkfd: fix a potential ttm->sg memory leak (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - commit 479e4f9 - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (git-fixes). - drm/panel: abt-y030xx067a: yellow tint fix (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/i915: Extend the async flip VT-d w/a to skl/bxt (git-fixes). - drm/i915/bdb: Fix version check (git-fixes). - drm/i915: Fix runtime pm handling in i915_gem_shrink (git-fixes). - drm/i915/audio: Use BIOS provided value for RKL HDA link (git-fixes). - commit eaddc65 ++++ ncurses: - Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo in captoinfo.c ++++ python3-core: - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. ++++ liburing2: - update to 2.1 (bsc#1193522): * Ignore spurious fadvise/madvise failures * build: add -D_GNU_SOURCE to all CPPFLAGS/CFLAGS. * man: clean up spelling * man/io_uring_enter.2: add notes about direct open/accept * io_uring.h: sync with 5.15 kernel * Fix IORING_REGISTER_IOWQ_MAX_WORKERS name * man: document new register/update API * liburing: add helpers for direct open/accept * liburing.h: correct max_worker name * Change IORING_REGISTER_IOWQ_MAX_UNBOUND_WORKERS * src/syscall.h: get rid of useless externs * man/io_uring_enter.2: document IORING_ENTER_EXT_ARG * Add io_uring_register_iowq_max_unbound() helper * Get rid of useless 'extern' on function declarations in liburing.h * Add (UN)REGISTER_IOWQ_AFF helpers * man/io_uring_register.2: note when MAX_UNBOUND became available * man/io_uring_register.2: add missing punctuation * man/io_uring_register.2: document IORING_REGISTER_IOWQ_MAX_UNBOUND * man/io_uring_enter.2: add IORING_OP_TIMEOUT clock sources * man/io_uring_enter.2: improve timeout entry * man/io_uring_enter.2: update SQE * man/io_uring_enter.2: note that not all requests support fixed files * man/io_uring_enter.2: add new 5.15 opcodes * man/io_uring_enter.2: note that cqe->flags is indeed used * man/io_uring_enter.2: add poll update and multishot mode * man/io_uring_register.2: add IORING_(UN)REGISTER_IOWQ * man: update notes on register quiesce * man: fix io_uring_sqe alignment * register: add tagging and buf update helpers * liburing.h: make header clean for implicit sign and size conversions * configure: document --cc and --cxx options * io_uring: update buffer update feature testing * liburing.h: dedup poll mask conversion * liburing.h: add a multipoll helper * Update io_uring.h * examples: disable ucontext-cp for elbrus (e2k) architecture * Update io_uring_setup.2 * man/io_uring_setup.2: document the two most recent FEAT flags * man/io_uring_setup.2: make sure FEAT flags are kernel versioned * correct syscall NR in mips * Fix 32-bit compile warnings * liburing.h: make all file/IO offset __u64 * src/queue: don't flush SQ ring for new wait interface * man/io_uring_enter.2: further clarify what cqe->res holds * Clarify information about error results * Refer to the accept_flags in io_uring_enter manual * Fix a bug due to the unreleased lock before function returns * debian/rules: add missing slash for relativelibdir * man/io_uring_enter.2: clarify io_uring_enter(2) SQPOLL return value * liburing.h: add linkat prep helper * io_uring.h: add linkat opcode * liburing.h: add symlinkat prep helper * io_uring.h: add symlinkat opcode * liburing.h: add mkdirat prep helper * update rsrc register/update ABI and tests * queue: clean up SQ flushing * io_uring_enter(2): Clarify how to read from and write to non-seekable files * clarify an edge case of IORING_SETUP_SQ_AFF * io_uring_enter(2): clarify OP_READ and OP_WRITE * sync io_uring.h API file with Linux 5.13 * man: Fix typo in man io_uring_queue_exit * examples/link-cp: fix a couple of strerror negations * src/setup: don't treat dummy ring init as failure * src/setup: add some documentation to the memlock helpers * examples/ucontext-cp.c: cope with variable SIGSTKSZ * setup: provide helpers to inquire about necessary mlock sizes * examples/io_uring-cp: wait for pending writes before exit copy loop * spec: add explicit build dependency on make * spec: bump version to 2.0 * man/io_uring_enter.2: note that -EBUSY can also happen for getevents ++++ pam_u2f: - Update to version 1.2.0 (released 2021-09-22) * Added support for EdDSA keys. * Added support for SSH ed25519-sk keys. * Added authenticator filtering based on user verification options. * Fixed an issue with privilege restoration on MacOS. * Fixed an issue where credentials created with pamu2fcfg 1.0.8 or earlier were not handled correctly if their origin and appid differed. * Miscellaneous improvements to the documentation. * Miscellaneous minor bug fixes found by fuzzing. - Fix for bsc#1190961 - Removed hardcoded library pathnames using %{_pam_moduledir} ++++ python3: - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. ++++ salt: - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Added: * fix-crash-when-calling-manage.not_alive-runners.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch ++++ samba: - Enable samba-tool without ad dc. ------------------------------------------------------------------ ------------------ 2021-10-12 - Oct 12 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.5.7 Various fixes affecting Salt support: - t-u: Don't squash stderr messages into stdout - t-u: Correctly handle case when the snapshot has been deleted due to using --drop-if-no-change: Don't show reboot messages and avoid an awk error message [bsc#1191475] - tukit: Make inotify handler less sensitive / ignore more directories [bsc#1191475] ++++ kernel-default: - scsi: be2iscsi: Fix use-after-free during IP updates (jsc#SLE-18973). - commit 5cfabf9 - Update patch reference for soc fix (CVE-2021-42252 bsc#1190479) - commit be54ca3 - blacklist.conf: Append 'drm/i915: Drop all references to DRM IRQ midlayer' - commit 3803dca - blacklist.conf: Append 'drm/i915: Use the correct IRQ during resume' - commit b057a8f ++++ nvme-cli: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_nvmf-connect@.service.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#525 - Include the yast2-widget-demo package (bsc#1186426) - 16.57.1 - merge gh#openSUSE/installation-images#524 - adjust module config (bsc#1191309) - remove bind-libs from BuildRequires (jsc#SLE-21678) - 16.57.0 ++++ virt-manager: - bsc#1191358 - The Virtual Machine Manager shows disconnected after rebooting virtual machine in Xen mode in SLES15 SP3. virtman-init-viewer-on-reboot.patch ------------------------------------------------------------------ ------------------ 2021-10-11 - Oct 11 2021 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - Update to 9.19.0 * v9,events2: show changes of peer-client * v9: rr-conflict strategy auto-discard for protocol A * windrbd: various fixes including setting the systemd root * containers: switch to UBI8 * v9,wait-*: fix segfault - bsc#1191058, active UsrMerge to install in /usr Add patch usrmerge_move_lib_to_prefix_lib.patch - Remove patch fix-libdir-in-Makefile.patch Remove patch systemd-drbd-service-needs-network-online.patch (included) - Add drbd-utils.rpmlintrc for Error missing-call-to-setgroups-before-setuid - Add rpmlint-build-error.patch to fix rpmbuild build errors ++++ elfutils: - Enhance license fields: all the libraries actually have a different license to the tools. While the tools are GPL-3.0-or-later, the libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later) SLE bug (for tracking the above) bsc#1191310 ++++ haveged: - Improvements on the linux kernel random subsystem have made the haveged service/daemon obsolete, remove the service files, initrd modules and udev rules, the other components are still useful. ++++ kernel-default: - x86/entry: Correct reference to intended CONFIG_64_BIT (bsc#1190497). - commit 731eb86 - posix-cpu-timers: Prevent spuriously armed 0-value itimer (git-fixes). - commit 5fa2839 - scsi: aacraid: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19274). - scsi: aacraid: Remove an unused include (jsc#SLE-19274). - commit 68239cb - Enable CONFIG_RTW88_DEBUG and CONFIG_RTW89_DEBUG on debug flavors (bsc#1191321) - commit 7107a90 - rtw89: add Realtek 802.11ax driver (bsc#1191321). Update config files: enable CONFIG_RTW89 stuff supported.conf: Add rtw89_core and rtw89_pci for *-extra - commit 7208212 - blacklist.conf: 3958b9c34c27 x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n - commit 55e9752 - blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI - commit 6e23c1c - blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D - commit d1e905d - x86/fpu: Restore the masking out of reserved MXCSR bits (bsc#1190497). - commit 6d1278a - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - commit 701e5f2 - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - commit 5f88b4e - x86/hyperv: Avoid erroneously sending IPI to 'self' (git-fixes). - hyper-v: Replace uuid.h with types.h (git-fixes). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (git-fixes). - commit 52eb8f6 ++++ linux-glibc-devel: - Update from current 15 SP4 kernel + linux-stable-version-update.patch (stable-5.14.11) + binder-fix-freeze-race.patch (stable-5.14.9) + bpf-Fix-a-typo-of-reuseport-map-in-bpf.h.patch (stable-5.14.4) + fq_codel-reject-silly-quantum-parameters.patch (stable-5.14.7) + habanalabs-add-in-device-creation-status.patch (stable-5.14.8) + serial-8250-Define-RX-trigger-levels-for-OxSemi-950-.patch (stable-5.14.6) + dmanegine-idxd-add-software-command-status.patch (jsc#SLE-18899) + dmaengine-idxd-fix-setting-up-priv-mode-for-dwq.patch (jsc#SLE-18899) + ethtool-add-two-link-extended-substates-of-bad-signa.patch (bsc#1190336) + ethtool-add-two-coalesce-attributes-for-CQE-mode.patch (jsc#SLE-19253) + msft-hv-2440-hyper-v-Replace-uuid.h-with-types.h.patch (git-fixes) + RDMA-mlx5-Add-DCS-offload-support.patch (jsc#SLE-19250) + remove-the-lightnvm-subsystem.patch (bsc#1190569) + scsi-fc-Add-EDC-ELS-definition.patch (bsc#1190576) + uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1053501) + md-display-timeout-error.patch (bsc#763402) ------------------------------------------------------------------ ------------------ 2021-10-10 - Oct 10 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qedf: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19003). - commit e885f50 - Update config files: only bumping version to 5.14.11 - commit c6fc8f2 - Linux 5.14.11 (stable-5.14.11). - commit 8054eea - Revert "ARM: imx6q: drop of_platform_default_populate() from init_machine" (stable-5.14.11). - perf/x86: Reset destroy callback on event init failure (stable-5.14.11). - KVM: x86: nSVM: restore int_vector in svm_clear_vintr (stable-5.14.11). - kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[] (stable-5.14.11). - KVM: x86: reset pdptrs_from_userspace when exiting smm (stable-5.14.11). - KVM: do not shrink halt_poll_ns below grow_start (stable-5.14.11). - selftests: KVM: Align SMCCC call with the spec in steal_time (stable-5.14.11). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (stable-5.14.11). - commit 575f27b - thermal/drivers/tsens: Fix wrong check for tzd in irq handlers (stable-5.14.11). - x86/insn, tools/x86: Fix undefined behavior due to potential unaligned accesses (stable-5.14.11). - irqchip/gic: Work around broken Renesas integration (stable-5.14.11). - kasan: always respect CONFIG_KASAN_STACK (stable-5.14.11). - tools/vm/page-types: remove dependency on opt_file for idle page tracking (stable-5.14.11). - scsi: ses: Retry failed Send/Receive Diagnostic commands (stable-5.14.11). - io_uring: allow conditional reschedule for intensive iterators (stable-5.14.11). - block: don't call rq_qos_ops->done_bio if the bio isn't tracked (stable-5.14.11). - nvme-fc: avoid race between time out and tear down (stable-5.14.11). - smb3: correct smb3 ACL security descriptor (stable-5.14.11). - commit 571e77c - nvme-fc: update hardware queues before using them (stable-5.14.11). - swiotlb-xen: ensure to issue well-formed XENMEM_exchange requests (stable-5.14.11). - Xen/gntdev: don't ignore kernel unmapping error (stable-5.14.11). - selftests: kvm: fix get_run_delay() ignoring fscanf() return warn (stable-5.14.11). - selftests: kvm: move get_run_delay() into lib/test_util (stable-5.14.11). - selftests:kvm: fix get_trans_hugepagesz() ignoring fscanf() return warn (stable-5.14.11). - selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn (stable-5.14.11). - selftests: be sure to make khdr before other targets (stable-5.14.11). - habanalabs/gaudi: fix LBW RR configuration (stable-5.14.11). - habanalabs: fail collective wait when not supported (stable-5.14.11). - commit 3ac100a - scsi: elx: efct: Do not hold lock while calling fc_vport_terminate() (stable-5.14.11). - scsi: sd: Free scsi_disk device via put_device() (stable-5.14.11). - habanalabs/gaudi: use direct MSI in single mode (stable-5.14.11). - usb: dwc2: check return value after calling platform_get_resource() (stable-5.14.11). - usb: testusb: Fix for showing the connection speed (stable-5.14.11). - ext2: fix sleeping in atomic bugs on error (stable-5.14.11). - drm/amdkfd: fix svm_migrate_fini warning (stable-5.14.11). - drm/amdkfd: handle svm migrate init error (stable-5.14.11). - platform/x86: gigabyte-wmi: add support for B550I Aorus Pro AX (stable-5.14.11). - sparc64: fix pci_iounmap() when CONFIG_PCI is not set (stable-5.14.11). - commit 3e5fccd - btrfs: fix mount failure due to past and transient device flush error (stable-5.14.11). - btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper error handling (stable-5.14.11). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (stable-5.14.11). - net: mdio: introduce a shutdown method to mdio device drivers (stable-5.14.11). - nfsd: back channel stuck in SEQ4_STATUS_CB_PATH_DOWN (stable-5.14.11). - platform/x86: touchscreen_dmi: Update info for the Chuwi Hi10 Plus (CWI527) tablet (stable-5.14.11). - platform/x86: touchscreen_dmi: Add info for the Chuwi HiBook (CWI514) tablet (stable-5.14.11). - afs: Add missing vnode validation checks (stable-5.14.11). - spi: rockchip: handle zero length transfers without timing out (stable-5.14.11). - commit 47ff1ab - Update patch references for stable-5.14.11 - commit 6437206 ------------------------------------------------------------------ ------------------ 2021-10-8 - Oct 8 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - boo#1190926: PrivateDevices is too strict, we might need to access the rtc and ptp devices. - Add back support to build chrony on SLE12. - Drop dependency on asciidoctor. It is only needed for building the HTML documentation which we don't package anyway. ++++ kernel-default: - scsi: qedi: Add support for fastpath doorbell recovery (jsc#SLE-19002). - scsi: qedi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19002). - commit 9d52484 - iwlwifi: Fix MODULE_FIRMWARE() for non-existing ucode version (boo#1191417). - commit 801c7c0 - bpf: Add ambient BPF runtime context stored in current (git-fixes). - commit 3687742 - soc: ti: omap-prm: Fix external abort for am335x pruss (git-fixes). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - soc: qcom: socinfo: Fixed argument passed to platform_set_data() (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - iwlwifi: mvm: d3: missing unlock in iwl_mvm_wowlan_program_keys() (git-fixes). - iwlwifi: mvm: d3: Fix off by ones in iwl_mvm_wowlan_get_rsc_v5_data() (git-fixes). - iwlwifi: mvm: Fix possible NULL dereference (git-fixes). - phy: mdio: fix memory leak (git-fixes). - commit 1af3d9f - bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 (git-fixes). - bus: ti-sysc: Add break in switch statement in sysc_init_soc() (git-fixes). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - Revert "brcmfmac: use ISO3166 country code and 0 rev as fallback" (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - commit b513994 - libbpf: Fix memory leak in strset (git-fixes). - libbpf: Fix segfault in light skeleton for objects without BTF (git-fixes). - commit 08333f5 ++++ systemd: - Overwriting rootprefix= is only required when split-usr is enabled - Rename %usrmerged into %split_usr ++++ libvirt: - lxc: controller: Fix container launch on cgroup v1 1b9ce05c-lxc-fix-cgroupV1.patch boo#1183247 ++++ qemu: - Stable fixes from upstream * Patches added: block-introduce-max_hw_iov-for-use-in-sc.patch hmp-Unbreak-change-vnc.patch qemu-nbd-Change-default-cache-mode-to-wr.patch target-arm-Don-t-skip-M-profile-reset-en.patch vhost-vsock-fix-migration-issue-when-seq.patch virtio-mem-pci-Fix-memory-leak-when-crea.patch virtio-net-fix-use-after-unmap-free-for-.patch ++++ tar: - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1181131, CVE-2021-20193 * bsc#1120610 ------------------------------------------------------------------ ------------------ 2021-10-7 - Oct 7 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf: Fix integer overflow in prealloc_elems_and_freelist() (bsc#1191317, CVE-2021-41864). - commit 52f3d1c - supported.conf: Fix micrel module entries The modules get split/renamed recently - commit 577c15c - Update config files: only versiom bump to 5.14.10 - commit a928c69 - Linux 5.14.10 (stable-5.14.10). - commit 0e61aee - objtool: print out the symbol type when complaining about it (stable-5.14.10). - netfilter: conntrack: serialize hash resizes and cleanups (stable-5.14.10). - netfilter: nf_tables: Fix oversized kvmalloc() calls (stable-5.14.10). - drivers: net: mhi: fix error path in mhi_net_newlink (stable-5.14.10). - KVM: x86: Handle SRCU initialization failure during page track init (stable-5.14.10). - HID: amd_sfh: Fix potential NULL pointer dereference - take 2 (stable-5.14.10). - crypto: aesni - xts_crypt() return if walk.nbytes is 0 (stable-5.14.10). - commit 317e73c - ext4: fix potential infinite loop in ext4_dx_readdir() (stable-5.14.10). - ext4: flush s_error_work before journal destroy in ext4_fill_super (stable-5.14.10). - net: udp: annotate data race around udp_sk(sk)->corkflag (stable-5.14.10). - netfilter: ipset: Fix oversized kvmalloc() calls (stable-5.14.10). - NIOS2: setup.c: drop unused variable 'dram_start' (stable-5.14.10). - HID: u2fzero: ignore incomplete packets without data (stable-5.14.10). - HID: betop: fix slab-out-of-bounds Write in betop_probe (stable-5.14.10). - HID: usbhid: free raw_report buffers in usbhid_stop (stable-5.14.10). - mm: don't allow oversized kvmalloc() calls (stable-5.14.10). - usb: hso: remove the bailout parameter (stable-5.14.10). - commit ca118a0 - ext4: fix loff_t overflow in ext4_max_bitmap_size() (stable-5.14.10). - ext4: fix reserved space counter leakage (stable-5.14.10). - ext4: limit the number of blocks in one ADD_RANGE TLV (stable-5.14.10). - ext4: add error checking to ext4_ext_replay_set_iblocks() (stable-5.14.10). - ipack: ipoctal: fix module reference leak (stable-5.14.10). - ipack: ipoctal: fix missing allocation-failure check (stable-5.14.10). - ipack: ipoctal: fix tty-registration error handling (stable-5.14.10). - ipack: ipoctal: fix tty registration race (stable-5.14.10). - ipack: ipoctal: fix stack information leak (stable-5.14.10). - debugfs: debugfs_create_file_size(): use IS_ERR to check for error (stable-5.14.10). - commit 80874ba - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings (stable-5.14.10). - kvm: fix objtool relocation warning (stable-5.14.10). - perf/x86/intel: Update event constraints for ICX (stable-5.14.10). - objtool: Teach get_alt_entry() about more relocation types (stable-5.14.10). - nvme: add command id quirk for apple controllers (stable-5.14.10). - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (stable-5.14.10). - net: stmmac: fix EEE init issue when paired with EEE capable PHYs (stable-5.14.10). - net: sched: flower: protect fl_walk() with rcu (stable-5.14.10). - net: hns3: disable firmware compatible features when uninstall PF (stable-5.14.10). - net: hns3: fix always enable rx vlan filter problem after selftest (stable-5.14.10). - commit 83e2b3f - scsi: csiostor: Add module softdep on cxgb4 (stable-5.14.10). - Revert "block, bfq: honor already-setup queue merges" (stable-5.14.10). - net: hns3: fix show wrong state when add existing uc mac address (stable-5.14.10). - net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and HCLGE_FLAG_DCB_ENABLE (stable-5.14.10). - net: hns3: don't rollback when destroy mqprio fail (stable-5.14.10). - net: hns3: remove tc enable checking (stable-5.14.10). - net: hns3: do not allow call hns3_nic_net_open repeatedly (stable-5.14.10). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (stable-5.14.10). - ionic: fix gathering of debug stats (stable-5.14.10). - net: ks8851: fix link error (stable-5.14.10). - commit 35a71ee - bpf, x86: Fix bpf mapping of atomic fetch implementation (stable-5.14.10). - selftests, bpf: test_lwt_ip_encap: Really disable rp_filter (stable-5.14.10). - selftests, bpf: Fix makefile dependencies on libbpf (stable-5.14.10). - libbpf: Fix segfault in static linker for objects without BTF (stable-5.14.10). - bpf: Exempt CAP_BPF from checks against bpf_jit_limit (stable-5.14.10). - dsa: mv88e6xxx: Include tagger overhead when setting MTU for DSA and CPU ports (stable-5.14.10). - dsa: mv88e6xxx: Fix MTU definition (stable-5.14.10). - RDMA/hns: Add the check of the CQE size of the user space (stable-5.14.10). - RDMA/hns: Fix the size setting error when copying CQE in clean_cq() (stable-5.14.10). - RDMA/hfi1: Fix kernel pointer leak (stable-5.14.10). - commit d164e21 - dsa: mv88e6xxx: 6161: Use chip wide MAX MTU (stable-5.14.10). - netfilter: log: work around missing softdep backend module (stable-5.14.10). - netfilter: nf_tables: unlink table before deleting it (stable-5.14.10). - smsc95xx: fix stalled rx after link change (stable-5.14.10). - net: ipv4: Fix rtnexthop len when RTA_FLOW is present (stable-5.14.10). - net: enetc: fix the incorrect clearing of IF_MODE bits (stable-5.14.10). - mptcp: allow changing the 'backup' bit when no sockets are open (stable-5.14.10). - mptcp: don't return sockets in foreign netns (stable-5.14.10). - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb (stable-5.14.10). - RDMA/hns: Work around broken constant propagation in gcc 8 (stable-5.14.10). - commit ea8e272 - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (stable-5.14.10). - bpf, mips: Validate conditional branch offsets (stable-5.14.10). - bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog (stable-5.14.10). - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 (stable-5.14.10). - RDMA/irdma: Report correct WC error when there are MW bind errors (stable-5.14.10). - RDMA/irdma: Report correct WC error when transport retry counter is exceeded (stable-5.14.10). - RDMA/irdma: Validate number of CQ entries on create CQ (stable-5.14.10). - RDMA/irdma: Skip CQP ring during a reset (stable-5.14.10). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (stable-5.14.10). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (stable-5.14.10). - commit e4a5822 - nbd: use shifts rather than multiplies (stable-5.14.10). - KVM: VMX: Fix a TSX_CTRL_CPUID_CLEAR field mask issue (stable-5.14.10). - drm/amdgpu: force exit gfxoff on sdma resume for rmb s0ix (stable-5.14.10). - drm/amdgpu: check tiling flags when creating FB on GFX8- (stable-5.14.10). - drm/amd/display: Pass PCI deviceid into DC (stable-5.14.10). - drm/amd/display: initialize backlight_ramping_override to false (stable-5.14.10). - drm/amd/display: Fix Display Flicker on embedded panels (stable-5.14.10). - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (stable-5.14.10). - RDMA/cma: Do not change route.addr.src_addr.ss_family (stable-5.14.10). - media: ir_toy: prevent device from hanging during transmit (stable-5.14.10). - commit 6f1de7d - KVM: x86: Swap order of CPUID entry "index" vs. "significant flag" checks (stable-5.14.10). - KVM: x86: nSVM: don't copy virt_ext from vmcb12 (stable-5.14.10). - KVM: nVMX: Filter out all unsupported controls when eVMCS was activated (stable-5.14.10). - KVM: SEV: Allow some commands for mirror VM (stable-5.14.10). - KVM: SEV: Update svm_vm_copy_asid_from for SEV-ES (stable-5.14.10). - KVM: nVMX: Fix nested bus lock VM exit (stable-5.14.10). - KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA (stable-5.14.10). - KVM: SVM: fix missing sev_decommission in sev_receive_start (stable-5.14.10). - KVM: SEV: Acquire vcpu mutex when updating VMSA (stable-5.14.10). - KVM: x86: Clear KVM's cached guest CR3 at RESET/INIT (stable-5.14.10). - commit 8610d5e - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (stable-5.14.10). - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (stable-5.14.10). - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field (stable-5.14.10). - scsi: ufs: Fix illegal offset in UPIU event trace (stable-5.14.10). - ptp: Fix ptp_kvm_getcrosststamp issue for x86 ptp_kvm (stable-5.14.10). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (stable-5.14.10). - gpio: pca953x: do not ignore i2c errors (stable-5.14.10). - fs-verity: fix signed integer overflow with i_size near S64_MAX (stable-5.14.10). - KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() (stable-5.14.10). - platform/x86/intel: hid: Add DMI switches allow list (stable-5.14.10). - commit dbbd415 - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (stable-5.14.10). - commit 3809aa3 - perf iostat: Fix Segmentation fault from NULL 'struct perf_counts_values *' (stable-5.14.10). - perf iostat: Use system-wide mode if the target cpu_list is unspecified (stable-5.14.10). - scsi: ufs: ufs-pci: Fix Intel LKF link stability (stable-5.14.10). - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (stable-5.14.10). - drm/amdgpu: stop scheduler when calling hw_fini (v2) (stable-5.14.10). - drm/amdgpu: avoid over-handle of fence driver fini in s3 test (v2) (stable-5.14.10). - drm/amdgpu: adjust fence driver enable sequence (stable-5.14.10). - tty: Fix out-of-bound vmalloc access in imageblit (stable-5.14.10). - cpufreq: schedutil: Use kobject release() method to free sugov_tunables (stable-5.14.10). - commit 18d1b3f - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (stable-5.14.10). - NIOS2: fix kconfig unmet dependency warning for SERIAL_CORE_CONSOLE (stable-5.14.10). - perf test: Fix DWARF unwind for optimized builds (stable-5.14.10). - HID: amd_sfh: Fix potential NULL pointer dereference (stable-5.14.10). - kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS (stable-5.14.10). - scsi: elx: efct: Fix void-pointer-to-enum-cast warning for efc_nport_topology (stable-5.14.10). - s390/qeth: fix deadlock during failing recovery (stable-5.14.10). - s390/qeth: Fix deadlock in remove_discipline (stable-5.14.10). - commit d01f68a - Move upstreamed ccp fix into sorted section also update the reference for stable-5.14.10 - commit 1753e80 - Update patch references for stable-5.14.10 - commit eaa4c68 - blacklist.conf: Add hso patch that has been already cherry-picked - commit 9e1c56c - net: phy: bcm7xxx: Fixed indirect MMD operations (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - phy: tegra: xusb: mark PM functions as __maybe_unused (git-fixes). - phy: marvell: phy-mvebu-a3700-comphy: Remove unsupported modes (git-fixes). - phy: marvell: phy-mvebu-a3700-comphy: Rename HS-SGMMI to 2500Base-X (git-fixes). - phy: marvell: phy-mvebu-cp110-comphy: Rename HS-SGMMI to 2500Base-X (git-fixes). - commit 4a6254c - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - commit 2dd628c ++++ util-linux: - ipcutils: Avoid potential memory allocation overflow (bsc#1188921, CVE-2021-37600, util-linux-ipcutils-overflow-CVE-2021-37600.patch). - Add bc to BuildRequires to run more complete testsuite, fix testsuite (bsc#1178236#c19, util-linux-ipcs-shmall-overflow-ts.patch). ++++ pcsc-lite: - version 1.9.4 * fix a memory leak when libusb is used for hotplug (i.e. non-Linux systems) ++++ libvirt: - tools: Fix virt-host-validate SEV detection 3f9c1a4b-fix-host-validate-sev.patch boo#1188715 ++++ systemd-presets-common-SUSE: - Haveged as a daemon is no longer required since kernel 5.6 do not enable by default. ++++ util-linux-systemd: - ipcutils: Avoid potential memory allocation overflow (bsc#1188921, CVE-2021-37600, util-linux-ipcutils-overflow-CVE-2021-37600.patch). - Add bc to BuildRequires to run more complete testsuite, fix testsuite (bsc#1178236#c19, util-linux-ipcs-shmall-overflow-ts.patch). ++++ virt-manager: - bsc#1191356 - virt-manager should not depend on gtk4 Modified files: virt-manager.spec virtman-dont-specify-gtksource-version.patch virtman-dont-specify-vte-version.patch ------------------------------------------------------------------ ------------------ 2021-10-6 - Oct 6 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355 - Switch to Go 1.16.x compiler, in line with upstream. - Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355 - Switch to Go 1.16.x compiler, in line with upstream. ++++ docker: - Update to Docker 20.10.9-ce. See upstream changelog online at . bsc#1191355 CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434 CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch - Switch to Go 1.16.x compiler, in line with upstream. ++++ dracut: - Update to version 055+suse.129.g7d8c3ce3: * fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326) * docs: update SUSE maintainers doc * fix(suse): add 60-io-scheduler.rules (bsc#1188713) * revert: remove /sbin/installkernel script from dracut package * spec: modernize specfile constructs ++++ librsvg: - Update to version 2.52.1: + Fix ordering of tspan inside text elements for right-to-left languages. + Fix text-anchor positioning for right-to-left languages. + Fix regression in computing sizes when an SVG has only one of width/height and a viewBox. + Spec compliance - the writing-mode property applies only to text elements, no to individual tspan elements. + Fix build on big-endian platforms. + Clarify documentation for the rsvg_handle_write() / rsvg_handle_close() deprecated APIs. ++++ hwdata: - Update to version 0.352 (bsc#1191375): + Updated pci, usb and vendor ids. ++++ kernel-default: - supported.conf: adjust support status for int304x_thermal stuff (jsc#SLE-21166) Drop processor_thermal_device_pci_legacy for avoiding messy dependency Also drop int3406_thermal as non-standard - commit c5201d6 - iwlwifi: bump FW API to 66 for AX devices (jsc#SLE-19360). - iwlwifi: mvm: add rtnl_lock() in iwl_mvm_start_get_nvm() (jsc#SLE-19360). - intel: switch from 'pci_' to 'dma_' API (jsc#SLE-19360). - iwlwifi: mvm: don't use FW key ID in beacon protection (jsc#SLE-19360). - iwlwifi: mvm: support broadcast TWT alone (jsc#SLE-19360). - iwlwifi: mvm: introduce iwl_stored_beacon_notif_v3 (jsc#SLE-19360). - iwlwifi: mvm: add support for responder config command version 9 (jsc#SLE-19360). - iwlwifi: mvm: add support for range request command version 13 (jsc#SLE-19360). - commit fe22bed - iwlwifi: allow debug init in RF-kill (jsc#SLE-19360). - iwlwifi: yoyo: support for new DBGI_SRAM region (jsc#SLE-19360). - iwlwifi: add 'Rx control frame to MBSSID' HE capability (jsc#SLE-19360). - iwlwifi: fw: fix debug dump data declarations (jsc#SLE-19360). - iwlwifi: api: remove datamember from struct (jsc#SLE-19360). - iwlwifi: fix __percpu annotation (jsc#SLE-19360). - iwlwifi: pcie: avoid dma unmap/remap in crash dump (jsc#SLE-19360). - iwlwifi: acpi: fill in SAR tables with defaults (jsc#SLE-19360). - iwlwifi: acpi: fill in WGDS table with defaults (jsc#SLE-19360). - iwlwifi: bump FW API to 65 for AX devices (jsc#SLE-19360). - commit 71e2a5f - iwlwifi: acpi: support reading and storing WGDS revision 2 (jsc#SLE-19360). - iwlwifi: mvm: load regdomain at INIT stage (jsc#SLE-19360). - iwlwifi: mvm: Read the PPAG and SAR tables at INIT stage (jsc#SLE-19360). - iwlwifi: mvm: trigger WRT when no beacon heard (jsc#SLE-19360). - iwlwifi: mvm: support version 11 of wowlan statuses notification (jsc#SLE-19360). - iwlwifi: convert flat GEO profile table to a struct version (jsc#SLE-19360). - iwlwifi: remove unused ACPI_WGDS_TABLE_SIZE definition (jsc#SLE-19360). - iwlwifi: support reading and storing EWRD revisions 1 and 2 (jsc#SLE-19360). - iwlwifi: acpi: support reading and storing WRDS revision 1 and 2 (jsc#SLE-19360). - iwlwifi: pass number of chains and sub-bands to iwl_sar_set_profile() (jsc#SLE-19360). - commit d145b8a - iwlwifi: remove ACPI_SAR_NUM_TABLES definition (jsc#SLE-19360). - iwlwifi: convert flat SAR profile table to a struct version (jsc#SLE-19360). - iwlwifi: rename ACPI_SAR_NUM_CHAIN_LIMITS to ACPI_SAR_NUM_CHAINS (jsc#SLE-19360). - iwlwifi: mvm: Refactor setting of SSIDs for 6GHz scan (jsc#SLE-19360). - iwlwifi: mvm: silently drop encrypted frames for unknown station (jsc#SLE-19360). - iwlwifi: mvm: d3: implement RSC command version 5 (jsc#SLE-19360). - iwlwifi: mvm: d3: make key reprogramming iteration optional (jsc#SLE-19360). - iwlwifi: mvm: d3: add separate key iteration for GTK type (jsc#SLE-19360). - iwlwifi: mvm: d3: refactor TSC/RSC configuration (jsc#SLE-19360). - iwlwifi: mvm: d3: remove fixed cmd_flags argument (jsc#SLE-19360). - commit ca7f434 - iwlwifi: mvm: d3: separate TKIP data from key iteration (jsc#SLE-19360). - iwlwifi: mvm: simplify __iwl_mvm_set_sta_key() (jsc#SLE-19360). - iwlwifi: mvm: support new station key API (jsc#SLE-19360). - iwlwifi: pcie: implement Bz reset flow (jsc#SLE-19360). - iwlwifi: implement Bz NMI behaviour (jsc#SLE-19360). - iwlwifi: pcie: implement Bz device startup (jsc#SLE-19360). - iwlwifi: read MAC address from correct place on Bz (jsc#SLE-19360). - iwlwifi: give Bz devices their own name (jsc#SLE-19360). - iwlwifi: split off Bz devices into their own family (jsc#SLE-19360). - iwlwifi: yoyo: cleanup internal buffer allocation in D3 (jsc#SLE-19360). - commit 24443e3 - iwlwifi: mvm: treat MMPDUs in iwl_mvm_mac_tx() as bcast (jsc#SLE-19360). - iwlwifi: mvm: clean up number of HW queues (jsc#SLE-19360). - iwlwifi: use DEFINE_MUTEX() for mutex lock (jsc#SLE-19360). - iwlwifi: remove trailing semicolon in macro definition (jsc#SLE-19360). - iwlwifi: mvm: remove check for vif in iwl_mvm_vif_from_mac80211() (jsc#SLE-19360). - iwlwifi: pcie: remove spaces from queue names (jsc#SLE-19360). - iwlwifi: mvm: restrict FW SMPS request (jsc#SLE-19360). - iwlwifi: mvm: set replay counter on key install (jsc#SLE-19360). - iwlwifi: mvm: remove trigger EAPOL time event (jsc#SLE-19360). - iwlwifi: iwl-dbg-tlv: add info about loading external dbg bin (jsc#SLE-19360). - commit 17e4265 - iwlwifi: mvm: Add support for hidden network scan on 6GHz band (jsc#SLE-19360). - iwlwifi: print PNVM complete notification status in hexadecimal (jsc#SLE-19360). - iwlwifi: pcie: dump error on FW reset handshake failures (jsc#SLE-19360). - iwlwifi: prepare for synchronous error dumps (jsc#SLE-19360). - iwlwifi: pcie: optimise struct iwl_rx_mem_buffer layout (jsc#SLE-19360). - iwlwifi: mvm: avoid FW restart while shutting down (jsc#SLE-19360). - iwlwifi: nvm: enable IEEE80211_HE_PHY_CAP10_HE_MU_M1RU_MAX_LTF (jsc#SLE-19360). - iwlwifi: mvm: set BROADCAST_TWT_SUPPORTED in MAC policy (jsc#SLE-19360). - iwlwifi: iwl-nvm-parse: set STBC flags for HE phy capabilities (jsc#SLE-19360). - commit 63618db - Bluetooth: btusb: Remove WAKEUP_DISABLE and add WAKEUP_AUTOSUSPEND for Realtek devices (jsc#SLE-19360). - Bluetooth: btusb: Fix fall-through warnings (jsc#SLE-19360). - commit 6951c83 - Bluetooth: btintel: Combine setting up MSFT extension (jsc#SLE-19360). - Bluetooth: btintel: Fix the legacy bootloader returns tlv based version (jsc#SLE-19360). - Bluetooth: btintel: Clean the exported function to static (jsc#SLE-19360). - Bluetooth: btintel: Move hci quirks to setup routine (jsc#SLE-19360). - Bluetooth: btintel: Refactoring setup routine for bootloader devices (jsc#SLE-19360). - Bluetooth: btintel: Add combined set_diag functions (jsc#SLE-19360). - Bluetooth: btintel: Fix the LED is not turning off immediately (jsc#SLE-19360). - Bluetooth: btintel: Fix the first HCI command not work with ROM device (jsc#SLE-19360). - Bluetooth: btintel: Add btintel data struct (jsc#SLE-19360). - Bluetooth: btintel: Refactoring setup routine for legacy ROM sku (jsc#SLE-19360). - commit 17ca4db - Bluetooth: btintel: Add combined setup and shutdown functions (jsc#SLE-19360). - Bluetooth: Add support hdev to allocate private data (jsc#SLE-19360). - Bluetooth: btusb: Support Bluetooth Reset for Mediatek Chip(MT7921) (jsc#SLE-19360). - Bluetooth: btusb: Record debug log for Mediatek Chip (jsc#SLE-19360). - Bluetooth: btusb: Enable MSFT extension for Mediatek Chip (MT7921) (jsc#SLE-19360). - Bluetooth: btusb: Enable MSFT extension for Intel next generation controllers (jsc#SLE-19360). - Bluetooth: btusb: Enable MSFT extension for WCN6855 controller (jsc#SLE-19360). - Bluetooth: btusb: Load Broadcom firmware for Dell device 413c:8197 (jsc#SLE-19360). - Bluetooth: btusb: Add valid le states quirk (jsc#SLE-19360). - Bluetooth: btusb: Add support for LG LGSBWAC92/TWCM-K505D (jsc#SLE-19360). - commit 937299d - dmaengine: idxd: Add wq occupancy information to sysfs attribute (jsc#SLE-18899 jsc#SLE-18879). - commit e516bf5 - dmaengine: idxd: remove interrupt disable for dev_lock (jsc#SLE-18899). - dmaengine: idxd: remove interrupt disable for cmd_lock (jsc#SLE-18899). - dmaengine: idxd: fix setting up priv mode for dwq (jsc#SLE-18899). - dmaengine: idxd: set descriptor allocation size to threshold for swq (jsc#SLE-18899). - dmaengine: idxd: remove interrupt flag for completion list spinlock (jsc#SLE-18899). - commit 2bc689b - dmaengine: idxd: rotate portal address for better performance (jsc#SLE-18899). - Refresh patches.suse/dmaengine-idxd-make-submit-failure-path-consistent-o.patch. - commit 7bd460d - dmaengine: idxd: move dsa_drv support to compatible mode (jsc#SLE-18899). - Update config files. - supported.conf: - commit 7221e7b - dmaengine: idxd: make I/O interrupt handler one shot (jsc#SLE-18899). - dmaengine: idxd: add capability check for 'block on fault' attribute (jsc#SLE-18899). - dmaengine: idxd: Fix a possible NULL pointer dereference (jsc#SLE-18899). - dmanegine: idxd: add software command status (jsc#SLE-18899). - dmaengine: idxd: fix uninit var for alt_drv (jsc#SLE-18899). - dmaengine: idxd: Set defaults for GRPCFG traffic class (jsc#SLE-18899). - dmaengine: dsa: move dsa_bus_type out of idxd driver to standalone (jsc#SLE-18899). - dmaengine: idxd: create user driver for wq 'device' (jsc#SLE-18899). - commit 4e952b7 - dmaengine: idxd: fix bus_probe() and bus_remove() for dsa_bus (jsc#SLE-18899). - commit 17f971a - dmaengine: idxd: remove bus shutdown (jsc#SLE-18899). - commit f31b4c7 - dmaengine: idxd: move wq_disable() to device.c (jsc#SLE-18899). - commit 8c805eb - dmaengine: idxd: create dmaengine driver for wq 'device' (jsc#SLE-18899). - dmaengine: idxd: create idxd_device sub-driver (jsc#SLE-18899). - dmaengine: idxd: add type to driver in order to allow device matching (jsc#SLE-18899). - dmanegine: idxd: open code the dsa_drv registration (jsc#SLE-18899). - dmaengine: idxd: idxd: move remove() bits for idxd 'struct device' to device.c (jsc#SLE-18899). - dmaengine: idxd: move probe() bits for idxd 'struct device' to device.c (jsc#SLE-18899). - dmaengine: idxd: remove iax_bus_type prototype (jsc#SLE-18899). - commit de16d0c - dmaengine: idxd: add 'struct idxd_dev' as wrapper for conf_dev (jsc#SLE-18899). - commit a7597b1 - dmaengine: idxd: assign MSIX vectors to each WQ rather than roundrobin (jsc#SLE-18899). - commit 2cfacbf - dmaengine: idxd: move wq_enable() to device.c (jsc#SLE-18899). - dmaengine: idxd: remove IDXD_DEV_CONF_READY (jsc#SLE-18899). - dmaengine: idxd: add driver name (jsc#SLE-18899). - dmaengine: idxd: add driver register helper (jsc#SLE-18899). - dmaengine: idxd: Simplify code and axe the use of a deprecated API (jsc#SLE-18899). - commit a03dd8e - supported.conf: Mark int340x thermal modules as supported (jsc#SLE-21166) - commit 1722883 ++++ python3-core: - Due to conflicting demands of bsc#1183858 and platforms where Python 3.6 is only in interpreter+pip set we have to make complicated ugly construct about Sphinx BR. ++++ pam: - Corrected macros.pam entry for %_pam_moduledir Cleanup in pam.spec: * Replaced all references to ${_lib}/security in pam.spec by %{_pam_moduledir} * Removed definition of (unused) "amdir". ++++ python3: - Due to conflicting demands of bsc#1183858 and platforms where Python 3.6 is only in interpreter+pip set we have to make complicated ugly construct about Sphinx BR. ++++ rpm: - backport zstd detection fix [bsc#1187670] new patch: zstddetection.diff - backport ndb rofs support [bsc#1188548] new patch: ndbrofs.diff - backport pgp hardening changes from upstream [bsc#1185299] new patch: pgpharden.diff - fix deadlock when multiple rpm processes try tp acquire the database lock [bsc#1183659] new patch: deadlock.diff ++++ rpm-config-SUSE: - Support ZSTD compressed kernel modules [bsc#1190850, bsc1190850-support-zstd-compressed-kernel-modules.patch] ------------------------------------------------------------------ ------------------ 2021-10-5 - Oct 5 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Update spec file licenses to GPL-2.0-or-later ++++ iproute2: - follow-up fixes backported from upstream (bsc#1191316): tree-wide-fix-some-typos-found-by-Lintian.patch configure-restore-backward-compatibility.patch man-ip-link-remove-double-of.patch mptcp-unbreak-JSON-endpoint-list.patch - upgrade to upstream version 5.14 (jsc#SLE-17360 jsc#SLE-18994 jsc#SLE-19271) * replace upstream tarball and signature * update specfile with changes from Factory package * drop mainline backports contained in 5.14: - Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch - bpf-Fixes-a-snprintf-truncation-warning.patch - bpf-replace-snprintf-with-asprintf-when-dealing-with.patch - bridge-Deduplicate-vlan-show-functions.patch - bridge-Fix-BRIDGE_VLAN_TUNNEL-attribute-sizes.patch - bridge-Fix-output-with-empty-vlan-lists.patch - bridge-Fix-src_vni-argument-in-man-page.patch - bridge-Fix-tunnelshow-json-output.patch - bridge-Fix-typo-in-error-messages.patch - bridge-Fix-typo.patch - bridge-Fix-vni-printing.patch - bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch - bridge-fix-string-length-warning.patch - devlink-Add-a-new-time-stamp-format-for-health-repor.patch - devlink-Add-helper-for-left-justification-print.patch - devlink-Fix-fmsg-nesting-in-non-JSON-output.patch - devlink-Fix-inconsistency-between-command-input-and-.patch - devlink-Left-justification-on-FMSG-output.patch - devlink-Print-health-reporter-s-dump-time-stamp-in-a.patch - devlink-allow-full-range-of-resource-sizes.patch - devlink-always-check-strslashrsplit-return-value.patch - devlink-fix-uninitialized-warning.patch - devlink-require-resource-parameters.patch - erspan-fix-JSON-output.patch - erspan-set-erspan_ver-to-1-by-default.patch - f_u32-fix-compiler-gcc-10-compiler-warning.patch - introduce-print_masked_u16-and-print_masked_u32.patch - ip-add-support-for-alternative-name-addition-deletio.patch - ip-allow-to-use-alternative-names-as-handle.patch - ip-drop-2-char-command-assumption.patch - ip-fix-ip-route-show-json-output-for-multipath-nexth.patch - ip-fix-link-type-and-vlan-oneline-output.patch - ip-fix-oneline-output.patch - ip-iplink_ipoib.c-Remove-extra-spaces.patch - ip-link-Fix-indenting-in-help-text.patch - ip-link-xstats-fix-TX-IGMP-reports-string.patch - ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch - ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch - ip-xfrm-Fix-help-messages.patch - ip-xfrm-if_id-ve-value-is-error.patch - ip-xfrm-limit-the-length-of-the-security-context-nam.patch - ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch - ipmonitor-Fix-recvmsg-with-ancillary-data.patch - json_print-Remove-declaration-without-implementation.patch - lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch - lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch - lib-bpf_legacy-fix-missing-socket-close-when-connect.patch - lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch - lib-fs-avoid-double-call-to-mkdir-on-make_path.patch - lib-ll_map-cache-alternative-names.patch - lib-namespace-fix-ip-all-netns-return-code.patch - libnetlink-check-error-handler-is-present-before-a-c.patch - man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch - man-fix-syntax-for-ip-link-property.patch - nexthop-fix-error-reporting-in-filter-dump.patch - nexthop-fix-memory-leak-in-add_nh_group_attr.patch - q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch - rdma-Fix-statistics-bind-unbing-argument-handling.patch - rdma-stat-fix-return-code.patch - rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch - ss-fix-end-of-line-printing-in-misc-ss.c.patch - ss-fix-fallback-to-procfs-for-raw-sockets.patch - tc-action-fix-time-values-output-in-JSON-format.patch - tc-fix-segmentation-fault-on-gact-action.patch - tc-fix-warning-in-tc-q_pie.c.patch - tc-flower-fix-output-for-ip-tos-and-ttl.patch - tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch - tc-fq_codel-fix-missing-statistic-in-JSON-output.patch - tc-pie-add-dq_rate_estimator-option.patch - tc-u32-Fix-key-folding-in-sample-option.patch - tc_util-add-an-option-to-print-masked-numbers-with-w.patch - tc_util-add-functions-for-big-endian-masked-numbers.patch - tc_util-introduce-a-function-to-print-JSON-non-JSON-.patch - testsuite-Fix-line-count-test.patch - tipc-fixed-a-compile-warning-in-tipc-link.c.patch - xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch - xfrm-not-try-to-delete-ipcomp-states-when-using-dele.patch * drop non-upstream patches obsoleted by rebase to 5.14: - sync-UAPI-header-copies-with-SLE15-SP2.patch - examples-fix-bashisms-in-example-script.patch * refresh remaining patches: - lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch - split-link-and-compile-steps-for-binaries.patch - tc-f_flower-fix-port-range-parsing.patch - xfrm-support-displaying-transformations-used-for-Mob.patch ++++ open-iscsi: - Fix possible systemd cycle by adding an "obsoletes" for the old libopeniscsiusr for older versions. ++++ kernel-default: - sched: Provide Kconfig support for default dynamic preempt mode (jsc#SLE-19284). - commit d005a21 - rpm: use _rpmmacrodir (boo#1191384) - commit e350c14 - dmaengine: ptdma: remove PT_OFFSET to avoid redefnition (jsc#SLE-21315). - dmaengine: ptdma: Add debugfs entries for PTDMA (jsc#SLE-21315). - dmaengine: ptdma: register PTDMA controller as a DMA resource (jsc#SLE-21315). - dmaengine: ptdma: Initial driver for the AMD PTDMA (jsc#SLE-21315). - Update config files. - supported.conf: add ptdma - commit 022131f - platform/x86/intel: pmc/core: Add GBE Package C10 fix for Alder Lake PCH (jsc#SLE-18901). - platform/x86/intel: pmc/core: Add Alder Lake low power mode support for pmc core (jsc#SLE-18901). - platform/x86/intel: pmc/core: Add Latency Tolerance Reporting (LTR) support to Alder Lake (jsc#SLE-18901). - platform/x86/intel: pmc/core: Add Alderlake support to pmc core driver (jsc#SLE-18901). - platform/x86: intel_pmc_core: Move to intel sub-directory (jsc#SLE-18901). - Update config files. - platform/x86: intel_pmc_core: Prevent possibile overflow (jsc#SLE-18901). - commit 3c79db0 - KVM: s390: Enable specification exception interpretation (jsc#SLE-18701). - commit 8842950 ++++ systemd: - No need to install upstream pam configuration file "systemd-user" It's overwritten by the SUSE version anyway. ++++ raspberrypi-firmware: - Update to b5257da58c (2021-09-30): * firmware: arm_loader: Allow non-optional reads of current clock See: #1619 * firmware: dispmanx: Demote null eptr from vcos_verify to no warning See: raspberrypi/linux#4592 * firmware: filesystem: sdcard: Probe FAT type in GPT ESD partitions * firmware: tvservice: Add check to warn when running with kms * firmware: filesystem: sdcard: Fix Hybrid GPT partitions See: #1465 * firmware: video_decode: Ensure all buffers are flushed before port disable completes * firmware: arm_loader: Allow hvs interrupt during SET_NOTIFY_DISPLAY_DONE * firmware: arm_display: Allow null buffer in successful call See: raspberrypi/linux#4540 ++++ raspberrypi-firmware-config: - Update to b5257da58c (2021-09-30): * firmware: arm_loader: Allow non-optional reads of current clock See: #1619 * firmware: dispmanx: Demote null eptr from vcos_verify to no warning See: raspberrypi/linux#4592 * firmware: filesystem: sdcard: Probe FAT type in GPT ESD partitions * firmware: tvservice: Add check to warn when running with kms * firmware: filesystem: sdcard: Fix Hybrid GPT partitions See: #1465 * firmware: video_decode: Ensure all buffers are flushed before port disable completes * firmware: arm_loader: Allow hvs interrupt during SET_NOTIFY_DISPLAY_DONE * firmware: arm_display: Allow null buffer in successful call See: raspberrypi/linux#4540 ++++ selinux-policy: - Add init_watch_unallocated_ttys.patch to fix services with StandardOutput=tty (bsc#1187313) ++++ trousers: - update to new upstream version 0.3.15 (jira#SLE-18269): - Corrected mutliple security issues that existed if the tcsd is started by root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331 - Replaced use of _no_optimize with asm memory barrier - Fixed multiple potential instances of use after free memory handling - Removed unused global variables which caused build issue on some distros - drop bsc1164472.patch: now contained in upstream tarball - adjusted %setup macro invocation which seemed to be wrong ++++ u-boot-rpiarm64: - Update to 2021.10 ------------------------------------------------------------------ ------------------ 2021-10-4 - Oct 4 2021 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch boo1190929-9af4afd0.patch for boo#1190929 modinfo completion fails to recognize .ko.xz ++++ e2fsprogs: - Add references from old package: Autoreconf removed from the spec file, just without bsc reference (bsc#1183791) Fix po-remove-unnecessary-buggy-positional-parameter-spe.patch in 1.45.3 (bsc#1170964) Fix e2fsck-clarify-overflow-link-count-error-message.patch in 1.46.0 (bsc#1160979) Fix ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch in 1.46.0 (bsc#1160979) Fix ext2fs-implement-dir-entry-creation-in-htree-directo.patch in 1.46.0 (bsc#1160979) Fix tests-add-test-to-excercise-indexed-directories-with.patch in 1.46.0 (bsc#1160979) Fix tune2fs-update-dir-checksums-when-clearing-dir_index.patch in 1.46.0 (bsc#1160979) Fix e2fsck-abort-if-there-is-a-corrupted-directory-block.patch in 1.45.5 (bsc#1160571 CVE-2019-5188) Fix e2fsck-don-t-try-to-rehash-a-deleted-directory.patch in 1.45.5 (bsc#1160571 CVE-2019-5188) Fix resize2fs-Make-minimum-size-estimates-more-reliable.patch in 1.45.5 (bsc#1154295) Fix libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch in 1.45.4 (bsc#1152101 CVE-2019-5094) Fix libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch in 1.44.3 (bsc#1145716) Fix e2fsck-check-and-fix-tails-of-all-bitmaps.patch in 1.45.1 (bsc#1128383) Fix libext2fs-Fix-fsync-2-detection.patch in 1.44.0 (bsc#1038194) Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch in 1.42.12 (bsc#1009532) Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch in 1.42.13 (bsc#918346 CVE-2015-1572) Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch in 1.42.12 (bsc#915402 CVE-2015-0247) Got specfile fix through Factory (bsc#960273) Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194) ++++ haproxy: - Update to version 2.4.7+git0.b5e51a5e2: * [RELEASE] Released version 2.4.7 * BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - Update to version 2.4.6+git0.d83fd76a1: * [RELEASE] Released version 2.4.6 * BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release ++++ iproute2: - follow-up fixes backported from upstream (bsc#1160242): ss-fix-end-of-line-printing-in-misc-ss.c.patch xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch bridge-Fix-typo.patch bridge-Fix-output-with-empty-vlan-lists.patch tc-action-fix-time-values-output-in-JSON-format.patch Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch bpf-Fixes-a-snprintf-truncation-warning.patch tipc-fixed-a-compile-warning-in-tipc-link.c.patch ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch ip-link-Fix-indenting-in-help-text.patch ip-iplink_ipoib.c-Remove-extra-spaces.patch devlink-fix-uninitialized-warning.patch bridge-fix-string-length-warning.patch f_u32-fix-compiler-gcc-10-compiler-warning.patch rdma-Fix-statistics-bind-unbing-argument-handling.patch lib-namespace-fix-ip-all-netns-return-code.patch lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch lib-fs-avoid-double-call-to-mkdir-on-make_path.patch q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch ip-xfrm-limit-the-length-of-the-security-context-nam.patch erspan-fix-JSON-output.patch devlink-always-check-strslashrsplit-return-value.patch nexthop-fix-memory-leak-in-add_nh_group_attr.patch rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch rdma-stat-fix-return-code.patch lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch lib-bpf_legacy-fix-missing-socket-close-when-connect.patch ip-drop-2-char-command-assumption.patch man-fix-syntax-for-ip-link-property.patch lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch libnetlink-check-error-handler-is-present-before-a-c.patch ipmonitor-Fix-recvmsg-with-ancillary-data.patch tc-u32-Fix-key-folding-in-sample-option.patch man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch ss-fix-fallback-to-procfs-for-raw-sockets.patch iptuntap-fix-multi-queue-flag-display.patch tc-f_flower-fix-port-range-parsing.patch lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch - refresh: ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch ++++ kernel-default: - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). Update patch metadata only. - commit fafcc7b - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115 CVE-2021-3759). - commit c04a838 - sched/fair: Null terminate buffer when updating tunable_scaling (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (git fixes (sched)). - commit 543c3ae - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - commit cdeb3a8 - interconnect: qcom: sdm660: Correct NOC_QOS_PRIORITY shift and mask (git-fixes). - interconnect: qcom: sdm660: Fix id of slv_cnoc_mnoc_cfg (git-fixes). - net: mdiobus: Set FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD for mdiobus parents (git-fixes). - driver core: fw_devlink: Add support for FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD (git-fixes). - driver core: fw_devlink: Improve handling of cyclic dependencies (git-fixes). - commit aa09d6c - net: introduce and use lock_sock_fast_nested() (git-fixes). - commit b1f25e6 - net: core: Correct the sock::sk_lock.owned lockdep annotations (bsc#1189998). - Documentation: core-api/cpuhotplug: Rewrite the API section (bsc#1189998). - tracing: Add migrate-disabled counter to tracing output (bsc#1189998). - docs/core-api: Modify document layout (bsc#1189998). - debugobjects: Make them PREEMPT_RT aware (bsc#1189998). - eventfd: Make signal recursion protection a task bit (bsc#1189998). - commit 866a31a ++++ Mesa: - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ++++ lz4: - version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438] ++++ libzypp: - Downloader does not respect checkExistsOnly flag (bsc#1190712) A missing check causes zyppng::Downloader to always download full files even if the checkExistsOnly flag is set. This patch adds the missing logic. - Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815) The kernel-*-livepatch packages are supposed to serve as a stable handle for the ephemeral kernel livepatch packages. See FATE#320268 for details. As part of the kernel live patching ecosystem, kernel-*-livepatch packages should not block the purge-kernels step. - version 17.28.5 (22) ++++ opensc: - Update to OpenSC 0.22.0: * Removed changes in opensc-gcc11.patch already present in upstream. - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda * Removed some false positives from the openrc-rpmlintrc file. * Use standard paths for file cache on Linux (#2148) and OSX (#2214) * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) * Add threading test to `pkcs11-tool` (#2067) * Add support to generate generic secret keys (#2140) * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195) * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179). * Support for gcc11 and its new strict aliasing rules (#2241, #2260) * Initial support for building with OpenSSL 3.0 (#2343) * pkcs15-tool: Write data objects in binary mode (#2324) * Avoid limited size of log messages (#2352) * Support for ECDSA verification (#2211) * Support for ECDSA with different SHA hashes (#2190) * Prevent issues in p11-kit by not returning unexpected return codes (#2207) * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293) * Standardize the version 2 on 2.20 in the code (#2096) * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176) * Copy arguments of C_Initialize (#2350) * Fix RSA-PSS signing (#2234) * Fix DO deletion (#2215) * Add support for (X)EdDSA keys (#1960) * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205) * Add support for applet version 4 (#2332) * New configuration option for opensc.conf to disable pkcs1_padding (#2193) * Add support for ECDSA with different hashes (#2190) * Enable more mechanisms (#2178) * Fixed asking for a user pin when formatting a card (#1737) * Added support for French CPx Healthcare cards (#2217) * Added ATR for new CardOS 5.4 version (#2296) * Fixes security issues: * tcos: use after return (bsc#1192005, CVE-2021-42780) * oberthur: use after free (bsc#1191992, CVE-2021-42779) * oberthur: multiple heap buffer overflows (bsc#1192000, CVE-2021-42781) * multiple stack buffer overflow issues (bsc#1191957, CVE-2021-42782) ++++ salt: - Do not break master_tops for minion with version lower to 3003 - Support querying for JSON data in external sql pillar - Added: * do-not-break-master_tops-for-minion-with-version-low.patch * 3003.3-postgresql-json-support-in-pillar-423.patch - Update to Salt release version 3003.3 (jsc#SLE-22204) * See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Added: * do-not-break-master_tops-for-minion-with-version-low.patch * support-transactional-systems-microos.patch * allow-vendor-change-option-with-zypper.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * virt-enhancements.patch - Modified: * return-the-expected-powerpc-os-arch-bsc-1117995.patch * include-aliases-in-the-fqdns-grains.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * improvements-on-ansiblegate-module-354.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * fixes-56144-to-enable-hotadd-profile-support.patch * use-adler32-algorithm-to-compute-string-checksums.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * implementation-of-held-unheld-functions-for-state-pk.patch * x509-fixes-111.patch * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * add-migrated-state-and-gpg-key-management-functions-.patch * figure-out-python-interpreter-to-use-inside-containe.patch * implementation-of-suse_ip-execution-module-bsc-10999.patch * templates-move-the-globals-up-to-the-environment-jin.patch * debian-info_installed-compatibility-50453.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * fix-bsc-1065792.patch * adding-preliminary-support-for-rocky.-59682-391.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * async-batch-implementation.patch * make-aptpkg.list_repos-compatible-on-enabled-disable.patch * adds-explicit-type-cast-for-port.patch * restore-default-behaviour-of-pkg-list-return.patch * add-custom-suse-capabilities-as-grains.patch * temporary-fix-extend-the-whitelist-of-allowed-comman.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * early-feature-support-config.patch - Removed: * virt-pass-emulator-when-getting-domain-capabilities-.patch * fix-virt.update-with-cpu-defined-263.patch * fix-unit-tests-for-batch-async-after-refactor.patch * opensuse-3000.3-spacewalk-runner-parse-command-250.patch * python3.8-compatibility-pr-s-235.patch * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch * do-not-break-repo-files-with-multiple-line-values-on.patch * fix-failing-unit-tests-for-batch-async.patch * prevent-command-injection-in-the-snapper-module-bsc-.patch * accumulated-changes-from-yomi-167.patch * add-docker-logout-237.patch * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch * get-os_arch-also-without-rpm-package-installed.patch * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch * add-hold-unhold-functions.patch * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch * improve-batch_async-to-release-consumed-memory-bsc-1.patch * support-config-non-root-permission-issues-fixes-u-50.patch * virt-use-dev-kvm-to-detect-kvm-383.patch * fix-unit-test-for-grains-core.patch * do-not-make-ansiblegate-to-crash-on-python3-minions.patch * open-suse-3002.2-xen-grub-316.patch * transactional_update-detect-recursion-in-the-executo.patch * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch * grains-master-can-read-grains.patch * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch * fix-batch_async-obsolete-test.patch * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch * backport-thread.is_alive-fix-390.patch * backport-virt-patches-from-3001-256.patch * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch * loop-fix-variable-names-for-until_no_eval.patch * add-saltssh-multi-version-support-across-python-inte.patch * do-not-raise-streamclosederror-traceback-but-only-lo.patch * add-new-custom-suse-capability-for-saltutil-state-mo.patch * exclude-the-full-path-of-a-download-url-to-prevent-i.patch * zypperpkg-filter-patterns-that-start-with-dot-244.patch * virt._get_domain-don-t-raise-an-exception-if-there-i.patch * add-batch_presence_ping_timeout-and-batch_presence_p.patch * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch * opensuse-3000-virt-defined-states-222.patch * changed-imports-to-vendored-tornado.patch * add-virt.all_capabilities.patch * fix-for-some-cves-bsc1181550.patch * fix-grains.test_core-unit-test-277.patch * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch * implement-network.fqdns-module-function-bsc-1134860-.patch * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch * do-not-crash-when-there-are-ipv6-established-connect.patch * grains.extra-support-old-non-intel-kernels-bsc-11806.patch * fall-back-to-pymysql.patch * virt-uefi-fix-backport-312.patch * reintroducing-reverted-changes.patch * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch * batch_async-avoid-using-fnmatch-to-match-event-217.patch * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch * make-profiles-a-package.patch * handle-master-tops-data-when-states-are-applied-by-t.patch * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * sanitize-grains-loaded-from-roster_grains.json.patch * pkgrepo-support-python-2.7-function-call-295.patch * integration-of-msi-authentication-with-azurearm-clou.patch * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch * opensuse-3000-libvirt-engine-fixes-251.patch * revert-add-patch-support-for-allow-vendor-change-opt.patch * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch * prevent-import-errors-when-running-test_btrfs-unit-t.patch * transactional_update-unify-with-chroot.call.patch * batch-async-catch-exceptions-and-safety-unregister-a.patch * fix-novendorchange-option-284.patch * fix-async-batch-race-conditions.patch * regression-fix-of-salt-ssh-on-processing-targets-353.patch * move-vendor-change-logic-to-zypper-class-355.patch * fixes-cve-2018-15750-cve-2018-15751.patch * virt.network_update-handle-missing-ipv4-netmask-attr.patch * add-supportconfig-module-for-remote-calls-and-saltss.patch * use-current-ioloop-for-the-localclient-instance-of-b.patch * prevent-systemd-run-description-issue-when-running-a.patch * backport-a-few-virt-prs-272.patch * fix-issue-parsing-errors-in-ansiblegate-state-module.patch * fix-__mount_device-wrapper-254.patch * provide-the-missing-features-required-for-yomi-yet-o.patch * move-server_id-deprecation-warning-to-reduce-log-spa.patch * strip-trailing-from-repo.uri-when-comparing-repos-in.patch * xfs-do-not-fails-if-type-is-not-present.patch * add-cpe_name-for-osversion-grain-parsing-u-49946.patch * avoid-traceback-when-http.query-request-cannot-be-pe.patch * fix-a-wrong-rebase-in-test_core.py-180.patch * remove-vendored-backports-abc-from-requirements.patch * remove-deprecated-warning-that-breaks-miniion-execut.patch * re-adding-function-to-test-for-root.patch * fix-async-batch-multiple-done-events.patch * 3002-set-distro-requirement-to-oldest-supported-vers.patch * backport-of-upstream-pr59492-to-3002.2-404.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * accumulated-changes-required-for-yomi-165.patch * add-pkg.services_need_restart-302.patch * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch * add-all_versions-parameter-to-include-all-installed-.patch * prevent-test_mod_del_repo_multiline_values-to-fail.patch * fix-for-temp-folder-definition-in-loader-unit-test.patch * opensuse-3000.2-virt-backports-236-257.patch * drop-wrong-mock-from-chroot-unit-test.patch * option-to-en-disable-force-refresh-in-zypper-215.patch * fix-failing-unit-tests-for-systemd.patch * fix-the-removed-six.itermitems-and-six.-_type-262.patch * fixing-streamclosed-issue.patch * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch * invalidate-file-list-cache-when-cache-file-modified-.patch * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * allow-vendor-change-option-with-zypper-313.patch * xen-disk-fixes-264.patch * fix-git_pillar-merging-across-multiple-__env__-repos.patch * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch * do-noop-for-services-states-when-running-systemd-in-.patch * open-suse-3002.2-bigvm-310.patch * fix-for-log-checking-in-x509-test.patch * open-suse-3002.2-virt-network-311.patch * async-batch-implementation-fix-320.patch * apply-patch-from-upstream-to-support-python-3.8.patch * add-multi-file-support-and-globbing-to-the-filetree-.patch * add-patch-support-for-allow-vendor-change-option-wit.patch * fix-ipv6-scope-bsc-1108557.patch * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch * fix-aptpkg-systemd-call-bsc-1143301.patch * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch * support-transactional-systems-microos-271.patch - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Added: * exclude-the-full-path-of-a-download-url-to-prevent-i.patch ++++ rsync: - Update to 3.2.3 in SLE-15-SP4 [jsc#SLE-21252] * Rebase rsync-no-libattr.patch ++++ supportutils: - Installing to /usr/sbin instead of /sbin (bsc#1191096) - Added shared memory as a log directory for emergency use (bsc#1190943) ++++ suse-module-tools: - Update to version 15.4.5: * inkmp-script(postun): don't pass existing files to weak-modules2 (boo#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (boo#1191260) ++++ virt-manager: - jsc#SLE-20856 Dev: KVM: Enable vfio-ccw and vfio-ap in virt-* tools 965480e8-virt-install-add-mediated-device.patch ++++ yast2-trans: - Update to version 84.87.20210929.6d3a97ea50: * New POT for text domain 'nfs'. * New POT for text domain 'network'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'cluster'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'network'. * Translated using Weblate (Greek) * Translated using Weblate (Greek) * New POT for text domain 'add-on'. * Translated using Weblate (Czech) * New POT for text domain 'base'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) ------------------------------------------------------------------ ------------------ 2021-10-3 - Oct 3 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller (git-fixes). - hwmon: (occ) Fix P10 VRM temp sensors (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - hwmon: (tmp421) handle I2C errors (git-fixes). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - drm/i915: Remove warning from the rps worker (git-fixes). - drm/i915/request: fix early tracepoints (git-fixes). - drm/i915/gvt: fix the usage of ww lock in gvt scheduler (git-fixes). - commit 303323b ------------------------------------------------------------------ ------------------ 2021-10-2 - Oct 2 2021 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added CAs: + HARICA Client ECC Root CA 2021 + HARICA Client RSA Root CA 2021 + HARICA TLS ECC Root CA 2021 + HARICA TLS RSA Root CA 2021 + TunTrust Root CA ++++ libsoup2: - Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840) ++++ xkeyboard-config: - U_Fix-media-keys-lag-on-ABNT2-keyboard.patch * fixes wrong keyboard mapping causing input delays with ABNT2 keyboards (bsc#1191242) ------------------------------------------------------------------ ------------------ 2021-10-1 - Oct 1 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Install systemd service file as well (fixes bsc#1190826) ++++ haproxy: - Update to version 2.4.5+git0.e74a1b34b: * [RELEASE] Released version 2.4.5 * MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue() * BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input * BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing * MINOR: arg: Be able to forbid unresolved args when building an argument list * BUG/MAJOR: lua: use task_wakeup() to properly run a task once * BUG/MEDIUM: lua: fix wakeup condition from sleep() * MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options * DOC: peers: fix doc "enable" statement on "peers" sections * BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" * MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf * BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary * MINOR: htx: Add a function to know if the free space wraps * MINOR: htx: Add an HTX flag to know when a message is fragmented * MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv() * BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM * BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data * BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer * BUG/MINOR: stats: use refcount to protect dynamic server on dump * MINOR: server: return the next srv instance on free_server * BUG/MINOR: server: do not use refcount in free_server in stopping mode * MINOR: global: define MODE_STOPPING * MINOR: server: implement a refcount for dynamic servers * BUG/MINOR: http-ana: increment internal_errors counter on response error * BUG/MINOR: h1-htx: Fix a typo when request parser is reset * BUG/MEDIUM: leastconn: fix rare possibility of divide by zero * BUG/MINOR: server: allow 'enable health' only if check configured * BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl * BUILD: halog: fix a -Wundef warning on non-glibc systems * BUILD: compiler: fixed a missing test on defined(__GNUC__) * BUILD: fix dragonfly build again on __read_mostly * BUG/MINOR: vars: do not talk about global section in CLI errors for set-var * BUG/MINOR: vars: truncate the variable name in error reports about scope. * BUG/MINOR: vars: properly set the argument parsing context in the expression * MINOR: sample: add missing ARGC_ entries * BUG/MINOR: vars: improve accuracy of the rules used to check expression validity * BUILD: tools: properly guard __GLIBC__ with defined() * BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL * BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER * BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef * IMPORT: slz: silence a build warning with -Wundef * BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef * BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef * BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING * MINOR: proc: setting the process to produce a core dump on FreeBSD. * MINOR: tools: add FreeBSD support to get_exec_path() * BUILD: tools: get the absolute path of the current binary on NetBSD. * BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set * BUG/MINOR: cli/payload: do not search for args inside payload * BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc * BUG/MINOR: connection: prevent null deref on mux cleanup task allocation * DOC: management: certificate files must be sanitized before injection * BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check * BUG/MAJOR: mux-h1: Don't eval input data if an error was reported * MINOR: pools: use mallinfo2() when available instead of mallinfo() * MINOR: pools: automatically disable malloc_trim() with external allocators * CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools() * BUG/MINOR: compat: make sure __WORDSIZE is always defined * BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached * CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload * MINOR: htx: Skip headers with no value when adding a header list to a message * BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload * BUG/MINOR: systemd: ExecStartPre must use -Ws * BUG/MINOR: filters: Set right FLT_END analyser depending on channel * BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set * BUG/MEDIUM: http-ana: Reset channels analysers when returning an error * BUG/MINOR: stream: Don't release a stream if FLT_END is still registered * BUG/MINOR: lua: Don't yield in channel.append() and channel.set() * BUG/MINOR: lua: Yield in channel functions only if lua context can yield * MINOR: lua: Add a flag on lua context to know the yield capability at run time ++++ hwinfo: - merge gh#openSUSE/hwinfo#105 - Use license file from gnu.org - Fix spelling - Add missing final newline - Trim excess whitespace - Simple maintenance improvements - 21.77 ++++ iproute2: - follow-up fixes backported from upstream (bsc#1160242): ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch ++++ kernel-default: - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - commit 5a1c665 - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - commit d4c4fe4 - ALSA: usb-audio: Restrict rates for the shared clocks (bsc#1190418). - commit 0df1eba - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (bsc#1190759). - commit 5e6a3d3 - bnxt_en: Clean up completion ring page arrays completely (bsc#1190759). - commit 67e479d - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (bsc#1190759). - commit 037de41 - bnxt_en: Fix error recovery regression (bsc#1190759). - commit 0614932 - Update config files: sync with 5.14.9 Inherit CONFIG_DMA_RESTRICTED_POOL=n for armv7hl/lpae - commit 991b5fa - crypto: ccp - Add support for new CCP/PSP device ID (bsc#1189584). - commit f0c9101 - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - Revert "mac80211: do not use low data rates for data frames with no ack flag" (git-fixes). - ALSA: rawmidi: introduce SNDRV_RAWMIDI_IOCTL_USER_PVERSION (git-fixes). - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ASoC: fsl_xcvr: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_esai: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_sai: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - mmc: renesas_sdhi: fix regression with hard reset on old SDHIs (git-fixes). - media: s5p-jpeg: rename JPEG marker constants to prevent build warnings (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: hantro: Fix check for single irq (git-fixes). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - ax88796: export ax_NS8390_init() hook (git-fixes). - commit 956c6bd - io_uring: ensure symmetry in handling iter types in loop_rw_iter() (bsc#1190664 CVE-2021-41073). - commit 1db2bac - cxl: Move cxl_core to new directory (stable-5.14.8). - commit 3d98823 - Drop the reverted xhci-mtk patch (git-fixes) Delete patches.suse/usb-xhci-mtk-Do-not-use-xhci-s-virt_dev-in-drop_endp.patch Update blacklist.conf - commit 974fa57 - Linux 5.14.9 (stable-5.14.9). - commit 0ae0ccf - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (stable-5.14.9). - x86/setup: Call early_reserve_memory() earlier (stable-5.14.9). - irqchip/armada-370-xp: Fix ack/eoi breakage (stable-5.14.9). - xen/balloon: fix balloon kthread freezing (stable-5.14.9). - software node: balance refcount for managed software nodes (stable-5.14.9). - arm64: add MTE supported check to thread switching and syscall entry/exit (stable-5.14.9). - qnx4: work around gcc false positive warning bug (stable-5.14.9). - nvmet: fix a width vs precision bug in nvmet_subsys_attr_serial_show() (stable-5.14.9). - commit 7e63b4d - Revert drm/vc4 hdmi runtime PM changes (stable-5.14.9 bsc#1012628 bsc#1190469). - Delete patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch. - commit 418827a - libperf evsel: Make use of FD robust (stable-5.14.9). - spi: Fix tegra20 build with CONFIG_PM=n (stable-5.14.9). - net: 6pack: Fix tx timeout and slot time (stable-5.14.9). - commit 210d72b - cpufreq: intel_pstate: Override parameters if HWP forced by BIOS (stable-5.14.9). - sparc32: page align size in arch_dma_alloc (stable-5.14.9). - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (stable-5.14.9). - block: flush the integrity workqueue in blk_integrity_unregister (stable-5.14.9). - block: check if a profile is actually registered in blk_integrity_unregister (stable-5.14.9). - arm64: Mark __stack_chk_guard as __ro_after_init (stable-5.14.9). - xen/balloon: use a kernel thread instead a workqueue (stable-5.14.9). - amd/display: enable panel orientation quirks (stable-5.14.9). - drm/amd/display: Link training retry fix for abort case (stable-5.14.9). - drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo (stable-5.14.9). - drm/amdkfd: make needs_pcie_atomics FW-version dependent (stable-5.14.9). - amd/display: downgrade validation failure log level (stable-5.14.9). - bpf: Add oversize check before call kvcalloc() (stable-5.14.9). - alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile (stable-5.14.9). - parisc: Use absolute_pointer() to define PAGE0 (stable-5.14.9). - qnx4: avoid stringop-overread errors (stable-5.14.9). - sparc: avoid stringop-overread errors (stable-5.14.9). - net: i825xx: Use absolute_pointer for memcpy from fixed memory location (stable-5.14.9). - compiler.h: Introduce absolute_pointer macro (stable-5.14.9). - drm/ttm: fix type mismatch error on sparc64 (stable-5.14.9). - commit 8aef947 - irqchip/gic-v3-its: Fix potential VPE leak on error (stable-5.14.9). - irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build (stable-5.14.9). - scsi: qla2xxx: Restore initiator in dual mode (stable-5.14.9). - scsi: ufs: core: Unbreak the reset handler (stable-5.14.9). - scsi: sd_zbc: Support disks with more than 2**32 logical blocks (stable-5.14.9). - io_uring: don't punt files update to io-wq unconditionally (stable-5.14.9). - io_uring: put provided buffer meta data under memcg accounting (stable-5.14.9). - io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow (stable-5.14.9). - io_uring: fix race between poll completion and cancel_hash insertion (stable-5.14.9). - blktrace: Fix uaf in blk_trace access after removing by sysfs (stable-5.14.9). - md: fix a lock order reversal in md_alloc (stable-5.14.9). - dma-debug: prevent an error message from causing runtime problems (stable-5.14.9). - blk-mq: avoid to iterate over stale request (stable-5.14.9). - ipv6: delay fib6_sernum increase in fib6_add (stable-5.14.9). - net: stmmac: allow CSR clock of 300MHz (stable-5.14.9). - net: macb: fix use after free on rmmod (stable-5.14.9). - net: phylink: Update SFP selected interface on advertising changes (stable-5.14.9). - m68k: Double cast io functions to unsigned long (stable-5.14.9). - scsi: ufs: Retry aborted SCSI commands instead of completing these successfully (stable-5.14.9). - scsi: ufs: Revert "Utilize Transfer Request List Completion Notification Register" (stable-5.14.9). - commit ddbbf24 - nvme: keep ctrl->namespaces ordered (stable-5.14.9). - commit 76532bc - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (stable-5.14.9). - scsi: target: Fix the pgr/alua_support_store functions (stable-5.14.9). - scsi: iscsi: Adjust iface sysfs attr detection (stable-5.14.9). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (stable-5.14.9). - cifs: fix a sign extension bug (stable-5.14.9). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (stable-5.14.9). - fpga: machxo2-spi: Return an error on failure (stable-5.14.9). - tty: synclink_gt: rename a conflicting function name (stable-5.14.9). - gpio: uniphier: Fix void functions to remove return value (stable-5.14.9). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (stable-5.14.9). - drm/amdkfd: fix dma mapping leaking warning (stable-5.14.9). - atlantic: Fix issue in the pm resume flow (stable-5.14.9). - net: mscc: ocelot: fix forwarding from BLOCKING ports remaining enabled (stable-5.14.9). - net: ethernet: mtk_eth_soc: avoid creating duplicate offload entries (stable-5.14.9). - nfc: st-nci: Add SPI ID matching DT compatible (stable-5.14.9). - nexthop: Fix memory leaks in nexthop notification chain listeners (stable-5.14.9). - mptcp: ensure tx skbs always have the MPTCP ext (stable-5.14.9). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (stable-5.14.9). - drm/amdkfd: map SVM range with correct access permission (stable-5.14.9). - commit 71a64f5 - kselftest/arm64: signal: Skip tests if required features are missing (stable-5.14.9). - net: dsa: realtek: register the MDIO bus under devres (stable-5.14.9). - net: dsa: don't allocate the slave_mii_bus using devres (stable-5.14.9). - net: dsa: fix dsa_tree_setup error path (stable-5.14.9). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (stable-5.14.9). - net/smc: add missing error check in smc_clc_prfx_set() (stable-5.14.9). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (stable-5.14.9). - napi: fix race inside napi_enable (stable-5.14.9). - net: bgmac-bcma: handle deferred probe error due to mac-address (stable-5.14.9). - net: dsa: tear down devlink port regions when tearing down the devlink port on error (stable-5.14.9). - enetc: Fix uninitialized struct dim_sample field usage (stable-5.14.9). - enetc: Fix illegal access when reading affinity_hint (stable-5.14.9). - virtio-net: fix pages leaking when building skb in big mode (stable-5.14.9). - spi: Revert modalias changes (stable-5.14.9). - NLM: Fix svcxdr_encode_owner() (stable-5.14.9). - platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR() (stable-5.14.9). - afs: Fix updating of i_blocks on file/dir extension (stable-5.14.9). - afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server (stable-5.14.9). - regulator: max14577: Revert "regulator: max14577: Add proper module aliases strings" (stable-5.14.9). - kselftest/arm64: signal: Add SVE to the set of features we can check for (stable-5.14.9). - commit a1d6db7 - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (stable-5.14.9). - comedi: Fix memory leak in compat_insnlist() (stable-5.14.9). - misc: bcm-vk: fix tty registration race (stable-5.14.9). - mcb: fix error handling in mcb_alloc_bus() (stable-5.14.9). - misc: genwqe: Fixes DMA mask setting (stable-5.14.9). - serial: mvebu-uart: fix driver's tx_empty callback (stable-5.14.9). - serial: 8250: 8250_omap: Fix RX_LVL register offset (stable-5.14.9). - USB: serial: option: add device id for Foxconn T99W265 (stable-5.14.9). - xhci: Set HCD flag to defer primary roothub registration (stable-5.14.9). - arm64: Restore forced disabling of KPTI on ThunderX (stable-5.14.9). - arm64: Mitigate MTE issues with str{n}cmp() (stable-5.14.9). - drm/amd/pm: Update intermediate power state for SI (stable-5.14.9). - btrfs: prevent __btrfs_dump_space_info() to underflow its free space (stable-5.14.9). - KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest (stable-5.14.9). - nexthop: Fix division by zero while replacing a resilient group (stable-5.14.9). - net: hso: fix muxed tty registration (stable-5.14.9). - platform/x86: amd-pmc: Increase the response register timeout (stable-5.14.9). - afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation (stable-5.14.9). - afs: Fix page leak (stable-5.14.9). - regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name (stable-5.14.9). - commit b27b123 - mm: fix uninitialized use in overcommit_policy_handler (stable-5.14.9). - mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN (stable-5.14.9). - ocfs2: drop acl cache for directories too (stable-5.14.9). - mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable() (stable-5.14.9). - xen/x86: fix PV trap handling on secondary processors (stable-5.14.9). - cifs: fix incorrect check for null pointer in header_assemble (stable-5.14.9). - binder: make sure fd closes complete (stable-5.14.9). - binder: fix freeze race (stable-5.14.9). - staging: greybus: uart: fix tty use after free (stable-5.14.9). - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (stable-5.14.9). - USB: serial: option: add Telit LN920 compositions (stable-5.14.9). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (stable-5.14.9). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (stable-5.14.9). - usb: core: hcd: Add support for deferring roothub registration (stable-5.14.9). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (stable-5.14.9). - usb: gadget: u_audio: EP-OUT bInterval in fback frequency (stable-5.14.9). - cifs: Not to defer close on file when lock is set (stable-5.14.9). - cifs: Fix soft lockup during fsstress (stable-5.14.9). - usb: isp1760: do not sleep in field register poll (stable-5.14.9). - commit 5fcd542 - Update patch references for stable-5.14.9 - commit dcab111 - Linux 5.14.8 (stable-5.14.8). - commit f8422cd - selinux,smack: fix subjective/objective credential use mixups (stable-5.14.8). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (stable-5.14.8). - cifs: properly invalidate cached root handle when closing it (stable-5.14.8). - io_uring: fix off-by-one in BUILD_BUG_ON check of __REQ_F_LAST_BIT (stable-5.14.8). - rtc: rx8010: select REGMAP_I2C (stable-5.14.8). - commit c36baa4 - blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for multiple_queues (stable-5.14.8). - nvmet: fixup buffer overrun in nvmet_subsys_attr_serial() (stable-5.14.8). - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() (stable-5.14.8). - block: genhd: don't call blkdev_show() with major_names_lock held (stable-5.14.8). - pwm: stm32-lp: Don't modify HW state in .remove() callback (stable-5.14.8). - pwm: rockchip: Don't modify HW state in .remove() callback (stable-5.14.8). - pwm: img: Don't modify HW state in .remove() callback (stable-5.14.8). - thermal/drivers/rcar_gen3_thermal: Store TSC id as unsigned int (stable-5.14.8). - habanalabs: cannot sleep while holding spinlock (stable-5.14.8). - habanalabs: add "in device creation" status (stable-5.14.8). - habanalabs: fix mmu node address resolution in debugfs (stable-5.14.8). - habanalabs: add validity check for event ID received from F/W (stable-5.14.8). - habanalabs: fix nullifying of destroyed mmu pgt pool (stable-5.14.8). - drm/amdgpu: fix fdinfo race with process exit (stable-5.14.8). - drm/amd/display: Fix memory leak reported by coverity (stable-5.14.8). - drm/amdgpu: Fixes to returning VBIOS RAS EEPROM address (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group (stable-5.14.8). - commit 2584d78 - btrfs: fix lockdep warning while mounting sprout fs (stable-5.14.8). - btrfs: delay blkdev_put until after the device remove (stable-5.14.8). - btrfs: update the bdev time directly when closing (stable-5.14.8). - s390: add kmemleak annotation in stack_alloc() (stable-5.14.8). - ACPI: PM: s2idle: Run both AMD and Microsoft methods if both are supported (stable-5.14.8). - ceph: lockdep annotations for try_nonblocking_invalidate (stable-5.14.8). - ceph: remove the capsnaps when removing caps (stable-5.14.8). - ceph: request Fw caps before updating the mtime in ceph_write_iter (stable-5.14.8). - nilfs2: fix NULL pointer in nilfs_##name##_attr_release (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_create_device_group (stable-5.14.8). - commit 334bd6c - riscv: dts: microchip: mpfs-icicle: Fix serial console (stable-5.14.8). - arm64: mm: limit linear region to 51 bits for KVM in nVHE mode (stable-5.14.8). - iommu/vt-d: Fix a deadlock in intel_svm_drain_prq() (stable-5.14.8). - iommu/vt-d: Fix PASID leak in intel_svm_unbind_mm() (stable-5.14.8). - cxl/pci: Introduce cdevm_file_operations (stable-5.14.8). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (stable-5.14.8). - dmaengine: ioat: depends on !UML (stable-5.14.8). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (stable-5.14.8). - dmaengine: idxd: depends on !UML (stable-5.14.8). - commit 56c090b - perf tools: Allow build-id with trailing zeros (stable-5.14.8). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (stable-5.14.8). - n64cart: fix return value check in n64cart_probe() (stable-5.14.8). - iommu/amd: Relocate GAMSup check to early_enable_iommus (stable-5.14.8). - um: fix stub location calculation (stable-5.14.8). - um: virtio_uml: fix memory leak on init failures (stable-5.14.8). - tools/bootconfig: Fix tracing_on option checking in ftrace2bconf.sh (stable-5.14.8). - s390/entry: make oklabel within CHKSTG macro local (stable-5.14.8). - platform/chrome: cros_ec_trace: Fix format warnings (stable-5.14.8). - platform/chrome: sensorhub: Add trace events for sample (stable-5.14.8). - 9p/trans_virtio: Remove sysfs file on probe failure (stable-5.14.8). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (stable-5.14.8). - prctl: allow to setup brk for et_dyn executables (stable-5.14.8). - coredump: fix memleak in dump_vma_snapshot() (stable-5.14.8). - nilfs2: use refcount_dec_and_lock() to fix potential UAF (stable-5.14.8). - init: move usermodehelper_enable() to populate_rootfs() (stable-5.14.8). - math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead of selecting it (stable-5.14.8). - profiling: fix shift-out-of-bounds bugs (stable-5.14.8). - console: consume APC, DM, DCS (stable-5.14.8). - commit 62f2d62 - Update patch references for stable-5.14.8 - commit 9dc95d5 - Linux 5.14.7 (stable-5.14.7). - commit f76fd66 - net: dsa: bcm_sf2: Fix array overrun in bcm_sf2_num_active_ports() (stable-5.14.7). - commit 5fb540e - s390/bpf: Fix optimizing out zero-extensions (stable-5.14.7). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (stable-5.14.7). - s390/bpf: Fix branch shortening during codegen pass (stable-5.14.7). - bnxt_en: Fix error recovery regression (stable-5.14.7). - net: renesas: sh_eth: Fix freeing wrong tx descriptor (stable-5.14.7). - cxgb3: fix oops on module removal (stable-5.14.7). - ip6_gre: Revert "ip6_gre: add validation for csum_start" (stable-5.14.7). - net: dsa: b53: Fix IMP port setup on BCM5301x (stable-5.14.7). - ip_gre: validate csum_start only on pull (stable-5.14.7). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (stable-5.14.7). - fq_codel: reject silly quantum parameters (stable-5.14.7). - netfilter: socket: icmp6: fix use-after-scope (stable-5.14.7). - mptcp: Only send extra TCP acks in eligible socket states (stable-5.14.7). - net: dsa: b53: Set correct number of ports in the DSA struct (stable-5.14.7). - net: dsa: b53: Fix calculating number of switch ports (stable-5.14.7). - net: hso: add failure handler for add_net_device (stable-5.14.7). - selftests: mptcp: clean tmp files in simult_flows (stable-5.14.7). - mptcp: fix possible divide by zero (stable-5.14.7). - net: dsa: tag_rtl4_a: Fix egress tags (stable-5.14.7). - io_uring: retry in case of short read on block device (stable-5.14.7). - tools build: Fix feature detect clean for out of source builds (stable-5.14.7). - ARC: export clear_user_page() for modules (stable-5.14.7). - commit c150c07 - PCI: j721e: Add PCIe support for AM64 (stable-5.14.7). - PCI: j721e: Add PCIe support for J7200 (stable-5.14.7). - PCI: Add ACS quirks for Cavium multi-function devices (stable-5.14.7). - PCI: ibmphp: Fix double unmap of io_mem (stable-5.14.7). - net: phylink: add suspend/resume support (stable-5.14.7). - stmmac: dwmac-loongson:Fix missing return value (stable-5.14.7). - ethtool: Fix an error code in cxgb2.c (stable-5.14.7). - netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex (stable-5.14.7). - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (stable-5.14.7). - flow: fix object-size-mismatch warning in flowi{4,6}_to_flowi_common() (stable-5.14.7). - Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (stable-5.14.7). - octeontx2-af: Add additional register check to rvu_poll_reg() (stable-5.14.7). - watchdog: Start watchdog in watchdog_set_last_hw_keepalive only if appropriate (stable-5.14.7). - KVM: arm64: Handle PSCI resets before userspace touches vCPU state (stable-5.14.7). - KVM: arm64: Fix read-side race on updates to vcpu reset state (stable-5.14.7). - KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and 16K page size (stable-5.14.7). - NTB: perf: Fix an error code in perf_setup_inbuf() (stable-5.14.7). - NTB: Fix an error code in ntb_msit_probe() (stable-5.14.7). - loop: reduce the loop_ctl_mutex scope (stable-5.14.7). - block, bfq: honor already-setup queue merges (stable-5.14.7). - commit 05c7f1d - blkcg: fix memory leak in blk_iolatency_init (stable-5.14.7). - mlxbf_gige: clear valid_polarity upon open (stable-5.14.7). - net: dsa: flush switchdev workqueue before tearing down CPU/DSA ports (stable-5.14.7). - net: dsa: lantiq_gswip: Add 200ms assert delay (stable-5.14.7). - net: dsa: qca8k: fix kernel panic with legacy mdio mapping (stable-5.14.7). - PCI: tegra194: Fix MSI-X programming (stable-5.14.7). - PCI: tegra194: Fix handling BME_CHGED event (stable-5.14.7). - PCI: tegra: Fix OF node reference leak (stable-5.14.7). - PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe() (stable-5.14.7). - PCI: cadence: Add quirk flag to set minimum delay in LTSSM Detect.Quiet state (stable-5.14.7). - PCI: cadence: Use bitfield for *quirk_retrain_flag* instead of bool (stable-5.14.7). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (stable-5.14.7). - KVM: arm64: Make hyp_panic() more robust when protected mode is enabled (stable-5.14.7). - remoteproc: qcom: wcnss: Fix race with iris probe (stable-5.14.7). - mfd: Don't use irq_create_mapping() to resolve a mapping (stable-5.14.7). - mfd: db8500-prcmu: Adjust map to reality (stable-5.14.7). - fuse: fix use after free in fuse_read_interrupt() (stable-5.14.7). - tracing/probes: Reject events which have the same name of existing one (stable-5.14.7). - riscv: fix the global name pfn_base confliction error (stable-5.14.7). - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation (stable-5.14.7). - commit db28dfb - events: Reuse value read using READ_ONCE instead of re-reading it (stable-5.14.7). - powerpc/mce: Fix access error in mce handler (stable-5.14.7). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (stable-5.14.7). - powerpc/64s: system call rfscv workaround for TM bugs (stable-5.14.7). - powerpc/64s: system call scv tabort fix for corrupt irq soft-mask state (stable-5.14.7). - gen_compile_commands: fix missing 'sys' package (stable-5.14.7). - perf machine: Initialize srcline string member in add_location struct (stable-5.14.7). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (stable-5.14.7). - dt-bindings: arm: Fix Toradex compatible typo (stable-5.14.7). - net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup (stable-5.14.7). - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() (stable-5.14.7). - tipc: increase timeout in tipc_sk_enqueue() (stable-5.14.7). - udp_tunnel: Fix udp_tunnel_nic work-queue type (stable-5.14.7). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (stable-5.14.7). - selftest: net: fix typo in altname test (stable-5.14.7). - net: stmmac: platform: fix build warning when with !CONFIG_PM_SLEEP (stable-5.14.7). - net/af_unix: fix a data-race in unix_dgram_poll (stable-5.14.7). - vhost_net: fix OoB on sendmsg() failure (stable-5.14.7). - net: stmmac: fix system hang caused by eee_ctrl_timer during suspend/resume (stable-5.14.7). - net: ipa: initialize all filter table slots (stable-5.14.7). - commit 91ad14c - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (stable-5.14.7). - s390/sclp: fix Secure-IPL facility detection (stable-5.14.7). - io_uring: allow retry for O_NONBLOCK if async is supported (stable-5.14.7). - drm/radeon: pass drm dev radeon_agp_head_init directly (stable-5.14.7). - drm/etnaviv: add missing MMU context put when reaping MMU mapping (stable-5.14.7). - drm/etnaviv: reference MMU context when setting up hardware state (stable-5.14.7). - drm/etnaviv: fix MMU context leak on GPU reset (stable-5.14.7). - drm/etnaviv: exec and MMU state is lost when resetting the GPU (stable-5.14.7). - drm/etnaviv: keep MMU context across runtime suspend/resume (stable-5.14.7). - drm/etnaviv: stop abusing mmu_context as FE running marker (stable-5.14.7). - drm/etnaviv: put submit prev MMU context when it exists (stable-5.14.7). - drm/etnaviv: return context from etnaviv_iommu_context_get (stable-5.14.7). - ptp: dp83640: don't define PAGE0 (stable-5.14.7). - net-caif: avoid user-triggerable WARN_ON(1) (stable-5.14.7). - r6040: Restore MDIO clock frequency after MAC reset (stable-5.14.7). - net/l2tp: Fix reference count leak in l2tp_udp_recv_core (stable-5.14.7). - dccp: don't duplicate ccid when cloning dccp sock (stable-5.14.7). - net: remove the unnecessary check in cipso_v4_doi_free (stable-5.14.7). - ethtool: Fix rxnfc copy to user buffer overflow (stable-5.14.7). - tipc: fix an use-after-free issue in tipc_recvmsg (stable-5.14.7). - commit aff07e4 - PCI: Add AMD GPU multi-function power dependencies (stable-5.14.7). - io_uring: ensure symmetry in handling iter types in loop_rw_iter() (stable-5.14.7). - arm64/sve: Use correct size when reinitialising SVE state (stable-5.14.7). - swiotlb-xen: fix late init retry (stable-5.14.7). - swiotlb-xen: avoid double free (stable-5.14.7). - xen: fix usage of pmd_populate in mremap for pv guests (stable-5.14.7). - xen: reset legacy rtc flag for PV domU (stable-5.14.7). - PM: base: power: don't try to use non-existing RTC for storing data (stable-5.14.7). - drm/amd/pm: fix runpm hang when amdgpu loaded prior to sound driver (stable-5.14.7). - drm/amdgpu: move iommu_resume before ip init/resume (stable-5.14.7). - drm/amdgpu: add amdgpu_amdkfd_resume_iommu (stable-5.14.7). - drm/amdkfd: separate kfd_iommu_resume from kfd_resume (stable-5.14.7). - drm/amd/display: dsc mst 2 4K displays go dark with 2 lane HBR3 (stable-5.14.7). - drm/amd/display: Get backlight from PWM if DMCU is not initialized (stable-5.14.7). - drm/amdgpu: use IS_ERR for debugfs APIs (stable-5.14.7). - drm/amd/pm: fix the issue of uploading powerplay table (stable-5.14.7). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (stable-5.14.7). - bnx2x: Fix enabling network interfaces without VFs (stable-5.14.7). - net: stmmac: fix MAC not working when system resume back with WoL active (stable-5.14.7). - commit 4f1492a - Update patch references for stable-5.14.7 - commit b078c9d - Linux 5.14.6 (stable-5.14.6). - commit 640a3f2 - drm/panfrost: Clamp lock region to Bifrost minimum (stable-5.14.6). - drm/amd/display: setup system context for APUs (stable-5.14.6). - drm/amdgpu: Enable S/G for Yellow Carp (stable-5.14.6). - s390/topology: fix topology information when calling cpu hotplug notifiers (stable-5.14.6). - libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind (stable-5.14.6). - mm/hugetlb: initialize hugetlb_usage in mm_init (stable-5.14.6). - mm/hmm: bypass devmap pte when all pfn requested flags are fulfilled (stable-5.14.6). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (stable-5.14.6). - net: stmmac: Fix overall budget calculation for rxtx_napi (stable-5.14.6). - net: dsa: lantiq_gswip: fix maximum frame length (stable-5.14.6). - cpufreq: powernv: Fix init_chip_info initialization in numa=off (stable-5.14.6). - mm: fix panic caused by __page_handle_poison() (stable-5.14.6). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (stable-5.14.6). - scsi: qla2xxx: Changes to support kdump kernel (stable-5.14.6). - scsi: BusLogic: Fix missing pr_cont() use (stable-5.14.6). - parisc: fix crash with signals and alloca (stable-5.14.6). - parisc: Fix compile failure when building 64-bit kernel natively (stable-5.14.6). - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() (stable-5.14.6). - drm/amd/display: Update bounding box states (v2) (stable-5.14.6). - drm/amd/display: Update number of DCN3 clock states (stable-5.14.6). - drm/amdgpu: Fix BUG_ON assert (stable-5.14.6). - net: w5100: check return value after calling platform_get_resource() (stable-5.14.6). - fix array-index-out-of-bounds in taprio_change (stable-5.14.6). - net: fix NULL pointer reference in cipso_v4_doi_free (stable-5.14.6). - ath9k: fix sleeping in atomic context (stable-5.14.6). - ath9k: fix OOB read ar9300_eeprom_restore_internal (stable-5.14.6). - commit b17799d - drm/amdkfd: Account for SH/SE count when setting up cu masks (stable-5.14.6). - usb: isp1760: otg control register access (stable-5.14.6). - usb: isp1760: use the right irq status bit (stable-5.14.6). - usb: isp1760: write to status and address register (stable-5.14.6). - usb: isp1760: fix qtd fill length (stable-5.14.6). - usb: isp1760: fix memory pool initialization (stable-5.14.6). - parport: remove non-zero check on count (stable-5.14.6). - selftests/bpf: Fix potential unreleased lock (stable-5.14.6). - iwlwifi: mvm: Fix scan channel flags settings (stable-5.14.6). - iwlwifi: mvm: don't schedule the roc_done_wk if it is already running (stable-5.14.6). - iwlwifi: fw: correctly limit to monitor dump (stable-5.14.6). - iwlwifi: mvm: fix access to BSS elements (stable-5.14.6). - iwlwifi: mvm: Fix umac scan request probe parameters (stable-5.14.6). - iwlwifi: mvm: avoid static queue number aliasing (stable-5.14.6). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (stable-5.14.6). - iwlwifi: mvm: Do not use full SSIDs in 6GHz scan (stable-5.14.6). - iwlwifi: pcie: free RBs during configure (stable-5.14.6). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (stable-5.14.6). - nfsd: fix crash on LOCKT on reexported NFSv3 (stable-5.14.6). - nfs: don't atempt blocking locks on nfs reexports (stable-5.14.6). - commit e7bd511 - ASoC: soc-pcm: protect BE dailink state changes in trigger (stable-5.14.6). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (stable-5.14.6). - ASoC: rockchip: i2s: Fix regmap_ops hang (stable-5.14.6). - usb: xhci-mtk: fix use-after-free of mtk->hcd (stable-5.14.6). - usbip:vhci_hcd USB port can get stuck in the disabled state (stable-5.14.6). - usbip: give back URBs for unsent unlink requests during cleanup (stable-5.14.6). - usb: musb: musb_dsps: request_irq() after initializing musb (stable-5.14.6). - usb: dwc3: imx8mp: request irq after initializing dwc3 (stable-5.14.6). - usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint (stable-5.14.6). - selftests/bpf: Enlarge select() timeout for test_maps (stable-5.14.6). - samples: pktgen: fix to print when terminated normally (stable-5.14.6). - octeontx2-pf: cleanup transmit link deriving logic (stable-5.14.6). - mmc: core: Return correct emmc response in case of ioctl error (stable-5.14.6). - mmc: rtsx_pci: Fix long reads when clock is prescaled (stable-5.14.6). - mmc: core: Avoid hogging the CPU while polling for busy after I/O writes (stable-5.14.6). - mmc: core: Avoid hogging the CPU while polling for busy for mmc ioctls (stable-5.14.6). - mmc: core: Avoid hogging the CPU while polling for busy in the I/O err path (stable-5.14.6). - mmc: sdhci-of-arasan: Check return value of non-void funtions (stable-5.14.6). - mmc: sdhci-of-arasan: Modified SD default speed to 19MHz for ZynqMP (stable-5.14.6). - cifs: fix wrong release in sess_alloc_buffer() failed path (stable-5.14.6). - commit d8d2da1 - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS (stable-5.14.6). - m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch (stable-5.14.6). - kselftest/arm64: pac: Fix skipping of tests on systems without PAC (stable-5.14.6). - kselftest/arm64: mte: Fix misleading output when skipping tests (stable-5.14.6). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (stable-5.14.6). - ASoC: Intel: Skylake: Fix passing loadable flag for module (stable-5.14.6). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (stable-5.14.6). - ASoC: rsnd: adg: clearly handle clock error / NULL case (stable-5.14.6). - usb: chipidea: host: fix port index underflow and UBSAN complains (stable-5.14.6). - soundwire: intel: fix potential race condition during power down (stable-5.14.6). - rtw88: wow: fix size access error of probe request (stable-5.14.6). - rtw88: wow: build wow function only if CONFIG_PM is on (stable-5.14.6). - rtw88: use read_poll_timeout instead of fixed sleep (stable-5.14.6). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (stable-5.14.6). - octeontx2-pf: Fix NIX1_RX interface backpressure (stable-5.14.6). - net: Fix offloading indirect devices dependency on qdisc order creation (stable-5.14.6). - lockd: lockd server-side shouldn't set fl_ops (stable-5.14.6). - gfs2: Don't call dlm after protocol is unmounted (stable-5.14.6). - btrfs: tree-log: check btrfs_lookup_data_extent return value (stable-5.14.6). - btrfs: remove racy and unnecessary inode transaction update when using no-holes (stable-5.14.6). - commit 0fa86f9 - arm64: dts: ls1046a: fix eeprom entries (stable-5.14.6). - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (stable-5.14.6). - arm64: dts: imx8mm-venice-gw700x: fix invalid pmic pin config (stable-5.14.6). - arm64: dts: imx8mm-venice-gw700x: fix mp5416 pmic config (stable-5.14.6). - arm64: tegra: Fix compatible string for Tegra132 CPUs (stable-5.14.6). - ARM: tegra: tamonten: Fix UART pad setting (stable-5.14.6). - ARM: tegra: acer-a500: Remove bogus USB VBUS regulators (stable-5.14.6). - serial: sh-sci: fix break handling for sysrq (stable-5.14.6). - staging: rts5208: Fix get_ms_information() heap buffer size (stable-5.14.6). - selftests/bpf: Fix flaky send_signal test (stable-5.14.6). - selftests/bpf: Correctly display subtest skip status (stable-5.14.6). - Bluetooth: Fix race condition in handling NOP command (stable-5.14.6). - Bluetooth: Fix handling of LE Enhanced Connection Complete (stable-5.14.6). - selftests: nci: Fix the wrong condition (stable-5.14.6). - selftests: nci: Fix the code for next nlattr offset (stable-5.14.6). - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD (stable-5.14.6). - hwmon: (pmbus/ibm-cffps) Fix write bits for LED control (stable-5.14.6). - opp: Don't print an error if required-opps is missing (stable-5.14.6). - iomap: pass writeback errors to the mapping (stable-5.14.6). - rpc: fix gss_svc_init cleanup on failure (stable-5.14.6). - commit cdc2c57 - arm64: dts: qcom: sm8250: Fix epss_l3 unit address (stable-5.14.6). - ARM: dts: ixp4xx: Fix up bad interrupt flags (stable-5.14.6). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (stable-5.14.6). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (stable-5.14.6). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (stable-5.14.6). - drm/amd/display: fix missing writeback disablement if plane is removed (stable-5.14.6). - drm/msm/dp: do not end dp link training until video is ready (stable-5.14.6). - drm/msm/dp: return correct edid checksum after corrupted edid checksum read (stable-5.14.6). - drm/msm/dp: reset aux controller after dp_aux_cmd_fifo_tx() failed (stable-5.14.6). - drm/msm/dp: reduce link rate if failed at link training 1 (stable-5.14.6). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (stable-5.14.6). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (stable-5.14.6). - drm/vmwgfx: fix potential UAF in vmwgfx_surface.c (stable-5.14.6). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (stable-5.14.6). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (stable-5.14.6). - staging: rtl8723bs: fix right side of condition (stable-5.14.6). - nvmem: qfprom: Fix up qfprom_disable_fuse_blowing() ordering (stable-5.14.6). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (stable-5.14.6). - selftests/bpf: Fix xdp_tx.c prog section name (stable-5.14.6). - net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() (stable-5.14.6). - commit 6c83488 - arm64: dts: qcom: msm8996: don't use underscore in node name (stable-5.14.6). - arm64: dts: qcom: msm8994: don't use underscore in node name (stable-5.14.6). - arm64: dts: qcom: sdm630: don't use underscore in node name (stable-5.14.6). - arm64: dts: qcom: ipq6018: drop '0x' from unit address (stable-5.14.6). - arm64: dts: qcom: sdm660: use reg value for memory node (stable-5.14.6). - arm64: dts: qcom: ipq8074: fix pci node reg property (stable-5.14.6). - arm64: dts: qcom: sdm630: Fix TLMM node and pinctrl configuration (stable-5.14.6). - arm64: dts: qcom: sdm630: Rewrite memory map (stable-5.14.6). - media: tegra-cec: Handle errors of clk_prepare_enable() (stable-5.14.6). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (stable-5.14.6). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (stable-5.14.6). - media: imx: imx7-media-csi: Fix buffer return upon stream start failure (stable-5.14.6). - media: imx258: Limit the max analogue gain to 480 (stable-5.14.6). - media: imx258: Rectify mismatch of VTS value (stable-5.14.6). - serial: 8250_omap: Handle optional overrun-throttle-ms property (stable-5.14.6). - ARM: dts: imx53-ppd: Fix ACHC entry (stable-5.14.6). - misc: sram: Only map reserved areas in Tegra SYSRAM (stable-5.14.6). - net: ipa: fix IPA v4.9 interconnects (stable-5.14.6). - dpaa2-switch: do not enable the DPSW at probe time (stable-5.14.6). - gfs2: Fix glock recursion in freeze_go_xmote_bh (stable-5.14.6). - commit 5fdcfa8 - ARM: dts: stm32: Update AV96 adv7513 node per dtbs_check (stable-5.14.6). - ARM: dts: stm32: Set {bitclock,frame}-master phandles on ST DKx (stable-5.14.6). - ARM: dts: stm32: Set {bitclock,frame}-master phandles on DHCOM SoM (stable-5.14.6). - ARM: dts: at91: use the right property for shutdown controller (stable-5.14.6). - drm/msm/a6xx: Fix llcc configuration for a660 gpu (stable-5.14.6). - drm/amd/display: Fix PSR command version (stable-5.14.6). - drm: rcar-du: Shutdown the display on system shutdown (stable-5.14.6). - ASoC: Intel: update sof_pcm512x quirks (stable-5.14.6). - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output (stable-5.14.6). - vt: keyboard.c: make console an unsigned int (stable-5.14.6). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (stable-5.14.6). - hvsi: don't panic on tty_register_driver failure (stable-5.14.6). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (stable-5.14.6). - Bluetooth: Fix not generating RPA when required (stable-5.14.6). - Bluetooth: skip invalid hci_sync_conn_complete_evt (stable-5.14.6). - netfilter: nft_compat: use nfnetlink_unicast() (stable-5.14.6). - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() (stable-5.14.6). - libbpf: Fix race when pinning maps in parallel (stable-5.14.6). - samples: bpf: Fix tracex7 error raised on the missing argument (stable-5.14.6). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (stable-5.14.6). - commit d1fb25d - ethtool: improve compat ioctl handling (stable-5.14.6). - Refresh patches.suse/ethtool-extend-coalesce-setting-uAPI-with-CQE-mode.patch. - commit 65d28b7 - arm64: dts: allwinner: h6: tanix-tx6: Fix regulator node names (stable-5.14.6). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (stable-5.14.6). - drm/amdgpu: Fix a printing message (stable-5.14.6). - drm/amd/display: Fixed hardware power down bypass during headless boot (stable-5.14.6). - video: fbdev: riva: Error out if 'pixclock' equals zero (stable-5.14.6). - video: fbdev: kyro: Error out if 'pixclock' equals zero (stable-5.14.6). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (stable-5.14.6). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (stable-5.14.6). - xtensa: ISS: don't panic in rs_init (stable-5.14.6). - serial: max310x: Use clock-names property matching to recognize EXTCLK (stable-5.14.6). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (stable-5.14.6). - bpf/tests: Do not PASS tests without actually testing the result (stable-5.14.6). - bpf/tests: Fix copy-and-paste error in double word test (stable-5.14.6). - flow_dissector: Fix out-of-bounds warnings (stable-5.14.6). - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() (stable-5.14.6). - net: ipa: always validate filter and route tables (stable-5.14.6). - net: ipa: fix ipa_cmd_table_valid() (stable-5.14.6). - s390: make PCI mio support a machine flag (stable-5.14.6). - s390/jump_label: print real address in a case of a jump label bug (stable-5.14.6). - commit 36d2210 - drm/amd/display: Fix timer_per_pixel unit error (stable-5.14.6). - drm: protect drm_master pointers in drm_lease.c (stable-5.14.6). - media: atomisp: pci: fix error return code in atomisp_pci_probe() (stable-5.14.6). - media: atomisp: Fix runtime PM imbalance in atomisp_pci_probe (stable-5.14.6). - media: platform: stm32: unprepare clocks at handling errors in probe (stable-5.14.6). - media: hantro: vp8: Move noisy WARN_ON to vpu_debug (stable-5.14.6). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (stable-5.14.6). - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (stable-5.14.6). - usb: gadget: u_ether: fix a potential null pointer dereference (stable-5.14.6). - usb: host: fotg210: fix the actual_length of an iso packet (stable-5.14.6). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (stable-5.14.6). - tty: serial: jsm: hold port lock when reporting modem line changes (stable-5.14.6). - staging: hisilicon,hi6421-spmi-pmic.yaml: fix patternProperties (stable-5.14.6). - staging: board: Fix uninitialized spinlock when attaching genpd (stable-5.14.6). - selftests: firmware: Fix ignored return val of asprintf() warn (stable-5.14.6). - misc/pvpanic-pci: Allow automatic loading (stable-5.14.6). - bus: fsl-mc: fix mmio base address for child DPRCs (stable-5.14.6). - bus: fsl-mc: fix arg in call to dprc_scan_objects() (stable-5.14.6). - nfp: fix return statement in nfp_net_parse_meta() (stable-5.14.6). - rcu: Fix macro name CONFIG_TASKS_RCU_TRACE (stable-5.14.6). - commit 95cbbcb - arm64: dts: qcom: Fix usb entries for SA8155p adp board (stable-5.14.6). - ARM: dts: qcom: apq8064: correct clock names (stable-5.14.6). - drm: serialize drm_file.master with a new spinlock (stable-5.14.6). - drm: avoid blocking in drm_clients_info's rcu section (stable-5.14.6). - drm/ast: Disable fast reset after DRAM initial (stable-5.14.6). - video: fbdev: kyro: fix a DoS bug by restricting user input (stable-5.14.6). - drm/vkms: Let shadow-plane helpers prepare the plane's FB (stable-5.14.6). - media: ti-vpe: cal: fix queuing of the initial buffer (stable-5.14.6). - media: ti-vpe: cal: fix error handling in cal_camerarx_create (stable-5.14.6). - media: dib8000: rewrite the init prbs logic (stable-5.14.6). - ASoC: ti: davinci-mcasp: Fix DIT mode support (stable-5.14.6). - ASoC: atmel: ATMEL drivers don't need HAS_DMA (stable-5.14.6). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (stable-5.14.6). - net: ipa: fix IPA v4.11 interconnect data (stable-5.14.6). - netlink: Deal with ESRCH error in nlmsg_notify() (stable-5.14.6). - net: phy: Fix data type in DP83822 dp8382x_disable_wol() (stable-5.14.6). - tipc: keep the skb in rcv queue until the whole data is read (stable-5.14.6). - libbpf: Fix reuse of pinned map on older kernel (stable-5.14.6). - Smack: Fix wrong semantics in smk_access_entry() (stable-5.14.6). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (stable-5.14.6). - commit 36873c2 - f2fs: should put a page beyond EOF when preparing a write (stable-5.14.6). - f2fs: deallocate compressed pages when error happens (stable-5.14.6). - f2fs: fix to unmap pages from userspace process in punch_hole() (stable-5.14.6). - f2fs: fix unexpected ENOENT comes from f2fs_map_blocks() (stable-5.14.6). - f2fs: fix to account missing .skipped_gc_rwsem (stable-5.14.6). - kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y (stable-5.14.6). - KVM: PPC: Fix clearing never mapped TCEs in realmode (stable-5.14.6). - MIPS: Malta: fix alignment of the devicetree buffer (stable-5.14.6). - userfaultfd: prevent concurrent API initialization (stable-5.14.6). - fscache: Fix cookie key hashing (stable-5.14.6). - drm/amdgpu: Fix koops when accessing RAS EEPROM (stable-5.14.6). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (stable-5.14.6). - drm/panel: Fix up DT bindings for Samsung lms397kf04 (stable-5.14.6). - dma-buf: fix dma_resv_test_signaled test_all handling v2 (stable-5.14.6). - drm: vc4: Fix pixel-wrap issue with DVP teardown (stable-5.14.6). - drm/omap: Follow implicit fencing in prepare_fb (stable-5.14.6). - drm/ttm: Fix multihop assert on eviction (stable-5.14.6). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (stable-5.14.6). - drm/vmwgfx: Fix some static checker warnings (stable-5.14.6). - drm/vmwgfx: Fix subresource updates with new contexts (stable-5.14.6). - commit 2eb74d8 - f2fs: fix to keep compatibility of fault injection interface (stable-5.14.6). - sunrpc: Fix return value of get_srcport() (stable-5.14.6). - SUNRPC/xprtrdma: Fix reconnection locking (stable-5.14.6). - NFSv4/pnfs: The layout barrier indicate a minimal value for the seqid (stable-5.14.6). - NFSv4/pNFS: Always allow update of a zero valued layout barrier (stable-5.14.6). - powerpc/smp: Update cpu_core_map on all PowerPc systems (stable-5.14.6). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (stable-5.14.6). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (stable-5.14.6). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (stable-5.14.6). - powerpc/perf: Fix the check for SIAR value (stable-5.14.6). - powerpc/config: Renable MTD_PHYSMAP_OF (stable-5.14.6). - powerpc/config: Fix IPV6 warning in mpc855_ads (stable-5.14.6). - iommu/vt-d: Update the virtual command related registers (stable-5.14.6). - scsi: ufs: ufs-exynos: Fix static checker warning (stable-5.14.6). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (stable-5.14.6). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (stable-5.14.6). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (stable-5.14.6). - scsi: fdomain: Fix error return code in fdomain_probe() (stable-5.14.6). - scsi: ufshcd: Fix device links when BOOT WLUN fails to probe (stable-5.14.6). - scsi: ufs: Fix unsigned int compared with less than zero (stable-5.14.6). - commit 907f956 - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (stable-5.14.6). - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (stable-5.14.6). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (stable-5.14.6). - f2fs: fix to do sanity check for sb/cp fields correctly (stable-5.14.6). - f2fs: reduce the scope of setting fsck tag when de->name_len is zero (stable-5.14.6). - f2fs: fix wrong checkpoint_changed value in f2fs_remount() (stable-5.14.6). - f2fs: turn back remapped address in compressed page endio (stable-5.14.6). - f2fs: do not submit NEW_ADDR to read node block (stable-5.14.6). - f2fs: quota: fix potential deadlock (stable-5.14.6). - f2fs: let's keep writing IOs on SBI_NEED_FSCK (stable-5.14.6). - f2fs: compress: fix to set zstd compress level correctly (stable-5.14.6). - xprtrdma: Put rpcrdma_reps before waking the tear-down completion (stable-5.14.6). - cpuidle: pseries: Mark pseries_idle_proble() as __init (stable-5.14.6). - openrisc: don't printk() unconditionally (stable-5.14.6). - scsi: ufs: Fix the SCSI abort handler (stable-5.14.6). - scsi: ufs: Use DECLARE_COMPLETION_ONSTACK() where appropriate (stable-5.14.6). - scsi: ufs: Fix memory corruption by ufshcd_read_desc_param() (stable-5.14.6). - scsi: BusLogic: Use %X for u32 sized integer rather than %lX (stable-5.14.6). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (stable-5.14.6). - dma-debug: fix debugfs initialization order (stable-5.14.6). - commit 49345c5 - tools/thermal/tmon: Add cross compiling support (stable-5.14.6). - Input: elan_i2c - reduce the resume time for controller in Whitebox (stable-5.14.6). - ARM: 9105/1: atags_to_fdt: don't warn about stack size (stable-5.14.6). - 9p/xen: Fix end of loop tests for list_for_each_entry (stable-5.14.6). - arm64: Move .hyp.rodata outside of the _sdata.._edata range (stable-5.14.6). - selftests/ftrace: Fix requirement check of README file (stable-5.14.6). - powerpc/perf/hv-gpci: Fix counter value parsing (stable-5.14.6). - xen: fix setting of max_pfn in shared_info (stable-5.14.6). - arm64: Do not trap PMSNEVFR_EL1 (stable-5.14.6). - arm64: head: avoid over-mapping in map_memory (stable-5.14.6). - arm64: mm: Fix TLBI vs ASID rollover (stable-5.14.6). - media: rc-loopback: return number of emitters rather than error (stable-5.14.6). - media: uvc: don't do DMA on stack (stable-5.14.6). - nvmem: core: fix error handling while validating keepout regions (stable-5.14.6). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (stable-5.14.6). - block: bfq: fix bfq_set_next_ioprio_data() (stable-5.14.6). - s390/qdio: cancel the ESTABLISH ccw after timeout (stable-5.14.6). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (stable-5.14.6). - crypto: public_key: fix overflow during implicit conversion (stable-5.14.6). - spi: fsi: Reduce max transfer size to 8 bytes (stable-5.14.6). - commit 9f9c9db - rtc: tps65910: Correct driver module alias (stable-5.14.6). - btrfs: zoned: fix double counting of split ordered extent (stable-5.14.6). - btrfs: fix upper limit for max_inline for page size 64K (stable-5.14.6). - Makefile: use -Wno-main in the full kernel tree (stable-5.14.6). - io-wq: fix race between adding work and activating a free worker (stable-5.14.6). - btrfs: reset replace target device to allocation state on close (stable-5.14.6). - btrfs: do not do preemptive flushing if the majority is global rsv (stable-5.14.6). - btrfs: reduce the preemptive flushing threshold to 90% (stable-5.14.6). - btrfs: zoned: fix block group alloc_offset calculation (stable-5.14.6). - btrfs: zoned: suppress reclaim error message on EAGAIN (stable-5.14.6). - btrfs: wait on async extents when flushing delalloc (stable-5.14.6). - btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (stable-5.14.6). - btrfs: wake up async_delalloc_pages waiters after submit (stable-5.14.6). - io-wq: fix wakeup race when adding new work (stable-5.14.6). - io_uring: fix io_try_cancel_userdata race for iowq (stable-5.14.6). - io_uring: add ->splice_fd_in checks (stable-5.14.6). - io_uring: place fixed tables under memcg limits (stable-5.14.6). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (stable-5.14.6). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (stable-5.14.6). - commit 926292c - Update patch references for stable-5.14.6 - commit 4fca6a0 ++++ kernel-default-base: - Add nls_utf8 module (boo#1190797) ++++ libvirt: - Update to libvirt 7.8.0 - jsc#SLE-18260 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: b75a16ae-libxl-improve-die-id.patch, 65fab900-libxl-fix-driver-reload.patch, 51eb680b-libxl-dont-autostart-on-reload.patch ++++ podman: - Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). * Misc - Updated Buildah to v1.23.0 - Updated the containers/storage library to v1.36.0 - Updated the containers/image library to v5.16.0 - Updated the containers/common library to v0.44.0 ++++ python-libvirt-python: - Update to 7.8.0 - Add all new APIs and constants in libvirt 7.8.0 - jsc#SLE-18260 ++++ suse-module-tools: - Update to version 15.4.4: * Import kernel scriptlets from kernel-source (bsc#1189841, bsc#1190598) * Provide "suse-kernel-rpm-scriptlets" ++++ wicked: - version 0.6.67 - dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750) - logging: log reaped sub-process command and as debug, not error - ifstatus: Don't show link as "up" without RUNNING flag set - firewalld: Make the zone assignment permanent (boo#1189560) - fsm: cleanup and improve ifconfig and ifpolicy access utils - dbus: cleanup the dbus-service.h file and unused property makros - cleanup: applied code-spell run typo corrections - dracut: initial fixes and improved option handling (boo#1182227) ------------------------------------------------------------------ ------------------ 2021-9-30 - Sep 30 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library. This is done with the patches * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch before the changed patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch rename it to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch and also add the patches * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch ++++ blog: - Move to /usr for UsrMerge (boo#1191057) ++++ dracut: - Update to version 055+suse.119.g6c4187af: * fix(suse-initrd): handle cases with zero modprobe.d files (bsc#1189895) ++++ e2fsprogs: - quota-Add-support-to-version-0-quota-format.patch: quota: Add support to version 0 quota format (jsc#SLE-17360) quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360) quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360) tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota files (jsc#SLE-17360) e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not trash user limits when processing orphan list (jsc#SLE-17360) debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota commands (jsc#SLE-17360) quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360) - add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships with them ++++ open-iscsi: - Update to latest from upstream, fixing: * Moving the executables from /sbin to /usr/sbin (bsc#1191054) * Remove default dependencies from iscsi-init.service (bsc#1187190) ++++ kernel-default: - arm64: Update config files. (bsc#1185927) Set PINCTRL_ZYNQMP to build-in. - commit 3c3ff54 ++++ kernel-firmware: - Update to version 20210928 (git commit 7a30050592e2): * brcm: Add 43455 based AP6255 NVRAM for the ACEPC T8 Mini PC * linux-firmware: Update firmware file for Intel Bluetooth 9462 * amdgpu: update VCN firmware for dimgrey cavefish * amdgpu: update VCN firmware for navy flounder * amdgpu: update VCN firmware for sienna cichlid * amdgpu: update VCN firmware for vangogh * amdgpu: update VCN firmware for renoir * amdgpu: update VCN firmware for picasso * amdgpu: update VCN firmware for raven2 * amdgpu: update VCN firmware for raven * amdgpu: Add initial firmware for Beige Goby * cxgb4: Update firmware to revision 1.26.2.0 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * qed: Add firmware 8.59.1.0 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * iwlwifi: add FWs for new So device types with multiple RF modules * amdgpu: add initial firmware for Yellow Carp * i915: Update ADLP DMC v2.12 * linux-firmware: add frimware for mediatek bluetooth chip (MT7922) * linux-firmware: Update AMD SEV firmware (bsc#1186938) * Revert "iwlwifi: add FW for new So/Gf device type" - Update aliases ++++ fuse3: - Update fuse3 to the version >= 3.9.1 (jsc#SLE-21826) ++++ Mesa: - update to 21.2.3 * third bugfix release ++++ samba: - Adjust spec to use pam macros; (bsc#1191046). ++++ selinux-policy: - Fix auditd service start with systemd hardening directives (bsc#1190918) * add fix_auditd.patch ++++ u-boot-rpiarm64: Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222). Enable BTRFS for Risc-V. Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches added: 0013-riscv-enable-CMD_BTRFS.patch 0014-Disable-timer-check-in-file-loading.patch ------------------------------------------------------------------ ------------------ 2021-9-29 - Sep 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18121). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18121). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18121). - commit c13c871 - EDAC/i10nm: Retrieve and print retry_rd_err_log registers (jsc#SLE-21874). - commit 6ea02d1 - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - commit ae6623e - Refresh patches.suse/ibmvnic-check-failover_pending-in-login-response.patch. - Refresh patches.suse/nvme-avoid-race-in-shutdown-namespace-removal.patch. - Refresh patches.suse/nvme-multipath-fix-ANA-state-updates-when-a-namespac.patch. - Refresh patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch. - Refresh patches.suse/nvme-tcp-fix-io_work-priority-inversion.patch. - Refresh patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch. - Refresh patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch. - Refresh patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch. - Refresh patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch. - Refresh patches.suse/scsi-lpfc-Remove-unneeded-variable.patch. - Refresh patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch. Update metadata - commit d26e910 - dt-bindings: clock: qcom: Update license for GCC SC7280 (git-fixes). - commit 112906f - SUNRPC: Simplify socket shutdown when not reusing TCP ports (git-fixes). - SUNRPC: Fix potential memory corruption (git-fixes). - NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes). - commit 54a3b6b ++++ libjpeg-turbo: - previous version updates fixes following bugs: CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541 (bsc#1128712, bsc#1186764, bsc#807183, bsc#906761) ++++ libsoup2: - Add Provides: libsoup2 to the library, so that the lang package is installable. - Remove the left-over provides/obsoltes for libsoup (which is now libsoup 3). ++++ systemd: - Predictable network interface names: fix slot based network names on s390 (backward incompatible change) (jsc#SLE-18514) The default predictable naming scheme used by SLE ("v238") have been improved with the two following changes: o PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation of the function_id device attribute. This attribute is now used to build the ID_NET_NAME_SLOT. Before that, all slot names were parsed as decimal numbers, which could either result in an incorrect value of the ID_NET_NAME_SLOT property or none at all. o Some firmware and hypervisor implementations report unreasonable high numbers for the onboard index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381 (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account for that, the limit is increased to now 65535. To reflect these backward incompatible changes, the naming scheme version has been renamed "sle15-sp4". - Import commit 2f8e2ef85dfbe8e10a21e0e1bd5e356ff8ed6c5a 4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514) 78466e4464 meson: drop the list of valid net naming schemes b9a2098f9d netif-naming: inline one iterator variable d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme ++++ samba: - Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded. ------------------------------------------------------------------ ------------------ 2021-9-28 - Sep 28 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Avoid race confition with ca-certificates (bsc#1189362) + Make the service run after ca-sertificates is done + Attempt multiple times to update the trust chain ++++ lvm2-device-mapper: - vgextend crash when extending VG with missing PV (bsc#1191019) + bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch ++++ jitterentropy: - Trim conjecture from descriptions. ++++ kernel-default: - x86/fault: Fix wrong signal when vsyscall fails with pkey (bsc#1190497). - commit f05d0ae - ethtool: add two link extended substates of bad signal integrity (bsc#1190336). - page_pool: add frag page recycling support in page pool (bsc#1190336). - page_pool: add interface to manipulate frag count in page pool (bsc#1190336). - page_pool: keep pp info as long as page pool owns the page (bsc#1190336). - commit 296b073 - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1190497). - commit e2f2c95 - ethernet: fix PTP_1588_CLOCK dependencies (jsc#SLE-19253). - Update config files. - commit 174a183 - scsi: core: Introduce scsi_get_sector() (jsc#SLE-19249). - Refresh patches.suse/scsi-core-Add-helper-to-return-number-of-logical-blo.patch. - commit 240f3ea - net/mlx5: Lag, Create shared FDB when in switchdev mode (jsc#SLE-19253). - Refresh patches.suse/net-mlx5-Lag-fix-multipath-lag-activation.patch. - commit 62f89bb - net/mlx4_en: Don't allow aRFS for encapsulated packets (jsc#SLE-19256). - qed: rdma - don't wait for resources under hw error recovery flow (jsc#SLE-19001). - net: hns3: fix a return value error in hclge_get_reset_status() (bsc#1190336). - net: hns3: check vlan id before using it (bsc#1190336). - net: hns3: check queue id range before using (bsc#1190336). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1190336). - net: hns3: fix inconsistent vf id print (bsc#1190336). - net: hns3: fix change RSS 'hfunc' ineffective issue (bsc#1190336). - net/mlx4_en: Resolve bad operstate value (jsc#SLE-19256). - igc: fix tunnel offloading (jsc#SLE-18377). - net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert (jsc#SLE-19253). - net: hns3: fix the timing issue of VF clearing interrupt sources (bsc#1190336). - net: hns3: fix the exception when query imp info (bsc#1190336). - net: hns3: disable mac in flr process (bsc#1190336). - net: hns3: change affinity_mask to numa node range (bsc#1190336). - net: hns3: pad the short tunnel frame before sending to hardware (bsc#1190336). - net: hns3: add option to turn off page pool feature (bsc#1190336). - qed: Handle management FW error (jsc#SLE-19001). - ice: Correctly deal with PFs that do not support RDMA (jsc#SLE-18375). - net/mlx5e: Fix condition when retrieving PTP-rqn (jsc#SLE-19253). - net/mlx5e: Fix mutual exclusion between CQE compression and HW TS (jsc#SLE-19253). - net/mlx5: Fix potential sleeping in atomic context (jsc#SLE-19253). - net/mlx5: FWTrace, cancel work on alloc pd error flow (jsc#SLE-19253). - net/mlx5: Lag, don't update lag if lag isn't supported (jsc#SLE-19253). - net/mlx5: Fix rdma aux device on devlink reload (jsc#SLE-19253). - net/mlx5: Bridge, fix uninitialized variable usage (jsc#SLE-19253). - IB/hfi1: make hist static (jsc#SLE-19242). - RDMA/bnxt_re: Prefer kcalloc over open coded arithmetic (jsc#SLE-18977). - IB/qib: Fix null pointer subtraction compiler warning (jsc#SLE-19249). - RDMA/mlx5: Fix xlt_chunk_align calculation (jsc#SLE-19250). - net: hns3: make hclgevf_cmd_caps_bit_map0 and hclge_cmd_caps_bit_map0 static (bsc#1190336). - ionic: fix a sleeping in atomic bug (jsc#SLE-19282). - ionic: fix double use of queue-lock (jsc#SLE-19282). - scsi: RDMA/srp: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19249). - scsi: RDMA/iser: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19249). - scsi: iser: Use scsi_get_sector() instead of scsi_get_lba() (jsc#SLE-19249). - RDMA: Use the sg_table directly and remove the opencoded version from umem (jsc#SLE-19249). - lib/scatterlist: Fix wrong update of orig_nents (jsc#SLE-19249). - lib/scatterlist: Provide a dedicated function to support table append (jsc#SLE-19249). - RDMA/mlx5: Relax DCS QP creation checks (jsc#SLE-19250). - RDMA/hns: Delete unnecessary blank lines (bsc#1190336). - RDMA/hns: Encapsulate the qp db as a function (bsc#1190336). - RDMA/hns: Adjust the order in which irq are requested and enabled (bsc#1190336). - RDMA/hns: Remove RST2RST error prints for hw v1 (bsc#1190336). - RDMA/hns: Remove dqpn filling when modify qp from Init to Init (bsc#1190336). - RDMA/hns: Fix QP's resp incomplete assignment (bsc#1190336). - RDMA/hns: Fix query destination qpn (bsc#1190336). - RDMA/hfi1: Convert to SPDX identifier (jsc#SLE-19242). - IB/rdmavt: Convert to SPDX identifier (jsc#SLE-19242). - RDMA/hns: Bugfix for incorrect association between dip_idx and dgid (bsc#1190336). - RDMA/hns: Bugfix for the missing assignment for dip_idx (bsc#1190336). - RDMA/hns: Bugfix for data type of dip_idx (bsc#1190336). - RDMA/hns: Fix incorrect lsn field (bsc#1190336). - RDMA/irdma: Remove the repeated declaration (jsc#SLE-18383). - RDMA/core/sa_query: Retry SA queries (jsc#SLE-19249). - RDMA/hns: Delete unused hns bitmap interface (bsc#1190336). - RDMA/hns: Use IDA interface to manage srq index (bsc#1190336). - RDMA/hns: Use IDA interface to manage uar index (bsc#1190336). - RDMA/hns: Ownerbit mode add control field (bsc#1190336). - RDMA/hns: Enable stash feature of HIP09 (bsc#1190336). - RDMA/hns: Remove unsupport cmdq mode (bsc#1190336). - RDMA: switch from 'pci_' to 'dma_' API (jsc#SLE-19249). - IB/core: Remove deprecated current_seq comments (jsc#SLE-19249). - RDMA/efa: Rename vector field in efa_irq struct to irqn (jsc#SLE-19249). - RDMA/efa: Remove unused cpu field from irq struct (jsc#SLE-19249). - RDMA/rtrs: Remove (void) casting for functions (jsc#SLE-19249). - RDMA/rtrs-clt: Fix counting inflight IO (jsc#SLE-19249). - RDMA/rtrs: Remove all likely and unlikely (jsc#SLE-19249). - RDMA/rtrs: Remove unused functions (jsc#SLE-19249). - RDMA/rtrs-clt: During add_path change for_new_clt according to path_num (jsc#SLE-19249). - RDMA/core/sa_query: Remove unused function (jsc#SLE-19249). - RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (jsc#SLE-18998). - RDMA/hfi1: Stop using seq_get_buf in _driver_stats_seq_show (jsc#SLE-19242). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-19249). - RDMA/hns: Fix return in hns_roce_rereg_user_mr() (bsc#1190336). - RDMA/core: Create clean QP creations interface for uverbs (jsc#SLE-19249). - RDMA/core: Properly increment and decrement QP usecnts (jsc#SLE-19249). - RDMA/core: Configure selinux QP during creation (jsc#SLE-19249). - RDMA/core: Reorganize create QP low-level functions (jsc#SLE-19249). - RDMA/core: Remove protection from wrong in-kernel API usage (jsc#SLE-19249). - RDMA/core: Delete duplicated and unreachable code (jsc#SLE-19249). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-19250). - RDMA/mlx5: Drop in-driver verbs object creations (jsc#SLE-19250). - RDMA: Globally allocate and release QP memory (jsc#SLE-19249). - RDMA/rdmavt: Decouple QP and SGE lists allocations (jsc#SLE-19249). - RDMA/mlx5: Rework custom driver QP type creation (jsc#SLE-19250). - RDMA/mlx5: Delete device resource mutex that didn't protect anything (jsc#SLE-19250). - RDMA/mlx5: Cancel pkey work before destroying device resources (jsc#SLE-19250). - RDMA/efa: Remove double QP type assignment (jsc#SLE-19249). - RDMA/hns: Don't overwrite supplied QP attributes (bsc#1190336). - RDMA/hns: Don't skip IB creation flow for regular RC QP (bsc#1190336). - RDMA/qedr: Improve error logs for rdma_alloc_tid error return (jsc#SLE-18998). - RDMA/qed: Use accurate error num in qed_cxt_dynamic_ilt_alloc (jsc#SLE-19001). - RDMA/hfi1: Fix typo in comments (jsc#SLE-19242). - RDMA/iwpm: Rely on the rdma_nl_register() to ensure that requests are valid (jsc#SLE-19249). - RDMA/iwpm: Remove not-needed reference counting (jsc#SLE-19249). - RDMA/iwcm: Release resources if iw_cm module initialization fails (jsc#SLE-19249). - RDMA/hfi1: Convert from atomic_t to refcount_t on hfi1_devdata->user_refcount (jsc#SLE-19242). - IB/hfi1: Adjust pkey entry in index 0 (jsc#SLE-19242). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-19242). - RDMA/mlx5: Add DCS offload support (jsc#SLE-19250). - RDMA/mlx5: Separate DCI QP creation logic (jsc#SLE-19250). - RDMA/rxe: Fix types in rxe_icrc.c (jsc#SLE-19249). - RDMA/rxe: Add kernel-doc comments to rxe_icrc.c (jsc#SLE-19249). - RDMA/rxe: Move crc32 init code to rxe_icrc.c (jsc#SLE-19249). - RDMA/rxe: Fixup rxe_icrc_hdr (jsc#SLE-19249). - RDMA/rxe: Move rxe_crc32 to a subroutine (jsc#SLE-19249). - RDMA/rxe: Move ICRC generation to a subroutine (jsc#SLE-19249). - RDMA/rxe: Fixup rxe_send and rxe_loopback (jsc#SLE-19249). - RDMA/rxe: Move rxe_xmit_packet to a subroutine (jsc#SLE-19249). - RDMA/rxe: Move ICRC checking to a subroutine (jsc#SLE-19249). - IB/core: Read subnet_prefix in ib_query_port via cache (jsc#SLE-19249). - IB/core: Shifting initialization of device->cache_lock (jsc#SLE-19249). - IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (jsc#SLE-19249). - RDMA/efa: Split hardware stats to device and port stats (jsc#SLE-19249). - RDMA/rxe: Remove the repeated 'mr->umem = umem' (jsc#SLE-19249). - RDMA/siw: Convert siw_tx_hdt() to kmap_local_page() (jsc#SLE-19249). - RDMA/siw: Remove kmap() (jsc#SLE-19249). - RDMA/rtrs: Move sq_wr_avail to rtrs_con (jsc#SLE-19249). - RDMA/rtrs: Remove unused flags parameter (jsc#SLE-19249). - RDMA/rtrs: Make rtrs_post_rdma_write_imm_empty static (jsc#SLE-19249). - RDMA/rtrs: Enable the same selective signal for heartbeat and IO (jsc#SLE-19249). - RDMA/rtrs: move wr_cnt from rtrs_srv_con to rtrs_con (jsc#SLE-19249). - RDMA/rtrs: Add error messages for failed operations (jsc#SLE-19249). - ice: remove dead code for allocating pin_config (jsc#SLE-18375). - net/mlx5: DR, fix a potential use-after-free bug (jsc#SLE-19253). - net: hns3: remove unnecessary spaces (bsc#1190336). - net: hns3: add some required spaces (bsc#1190336). - net: hns3: clean up a type mismatch warning (bsc#1190336). - net: hns3: refine function hns3_set_default_feature() (bsc#1190336). - net: hns3: uniform parameter name of hclge_ptp_clean_tx_hwts() (bsc#1190336). - net: hnss3: use max() to simplify code (bsc#1190336). - net: hns3: modify a print format of hns3_dbg_queue_map() (bsc#1190336). - net: hns3: refine function hclge_dbg_dump_tm_pri() (bsc#1190336). - net: hns3: reconstruct function hclge_ets_validate() (bsc#1190336). - net: hns3: reconstruct function hns3_self_test (bsc#1190336). - net: hns3: initialize each member of structure array on a separate line (bsc#1190336). - igc: Add support for CBS offloading (jsc#SLE-18377). - igc: Simplify TSN flags handling (jsc#SLE-18377). - igc: Use default cycle 'start' and 'end' values for queues (jsc#SLE-18377). - ionic: recreate hwstamp queues on ifup (jsc#SLE-19282). - ionic: pull hwstamp queue_lock up a level (jsc#SLE-19282). - ionic: add queue lock around open and stop (jsc#SLE-19282). - ionic: fill mac addr earlier in add_addr (jsc#SLE-19282). - ionic: squelch unnecessary fw halted message (jsc#SLE-19282). - ionic: fire watchdog again after fw_down (jsc#SLE-19282). - net: hns3: add required space in comment (bsc#1190336). - net: hns3: remove unnecessary "static" of local variables in function (bsc#1190336). - net: hns3: don't config TM DWRR twice when set ETS (bsc#1190336). - net: hns3: add new function hclge_get_speed_bit() (bsc#1190336). - net: hns3: refactor function hclgevf_parse_capability() (bsc#1190336). - net: hns3: refactor function hclge_parse_capability() (bsc#1190336). - net: hns3: add trace event in hclge_gen_resp_to_vf() (bsc#1190336). - net: hns3: uniform type of function parameter cmd (bsc#1190336). - net: hns3: merge some repetitive macros (bsc#1190336). - net: hns3: package new functions to simplify hclgevf_mbx_handler code (bsc#1190336). - net: hns3: remove redundant param to simplify code (bsc#1190336). - net: hns3: use memcpy to simplify code (bsc#1190336). - net: hns3: remove redundant param mbx_event_pending (bsc#1190336). - net: hns3: add hns3_state_init() to do state initialization (bsc#1190336). - net: hns3: add macros for mac speeds of firmware command (bsc#1190336). - net/mlx5: DR, Add support for update FTE (jsc#SLE-19253). - net/mlx5: DR, Improve rule tracking memory consumption (jsc#SLE-19253). - net/mlx5: DR, Remove rehash ctrl struct from dr_htbl (jsc#SLE-19253). - net/mlx5: DR, Remove HW specific STE type from nic domain (jsc#SLE-19253). - net/mlx5: DR, Merge DR_STE_SIZE enums (jsc#SLE-19253). - net/mlx5: DR, Skip source port matching on FDB RX domain (jsc#SLE-19253). - net/mlx5: DR, Add ignore_flow_level support for multi-dest flow tables (jsc#SLE-19253). - net/mlx5: DR, Use FW API when updating FW-owned flow table (jsc#SLE-19253). - net/mlx5: DR, replace uintN_t with kernel-style types (jsc#SLE-19253). - net/mlx5: DR, Support IPv6 matching on flow label for STEv0 (jsc#SLE-19253). - net/mlx5: DR, Reduce print level for FT chaining level check (jsc#SLE-19253). - net/mlx5: DR, Warn and ignore SW steering rule insertion on QP err (jsc#SLE-19253). - net/mlx5: DR, Improve error flow in actions_build_ste_arr (jsc#SLE-19253). - net/mlx5: DR, Enable QP retransmission (jsc#SLE-19253). - net/mlx5: DR, Enable VLAN pop on TX and VLAN push on RX (jsc#SLE-19253). - net/mlx5: DR, Split modify VLAN state to separate pop/push states (jsc#SLE-19253). - net/mlx5: DR, Added support for REMOVE_HEADER packet reformat (jsc#SLE-19253). - ionic: handle mac filter overflow (jsc#SLE-19282). - ionic: refactor ionic_lif_addr to remove a layer (jsc#SLE-19282). - ionic: sync the filters in the work task (jsc#SLE-19282). - ionic: flatten calls to set-rx-mode (jsc#SLE-19282). - ionic: remove old work task types (jsc#SLE-19282). - igc: Add support for PTP getcrosststamp() (jsc#SLE-18377). - igc: Enable PCIe PTM (jsc#SLE-18377). - PCI: Add pcie_ptm_enabled() (jsc#SLE-18377). - Revert "PCI: Make pci_enable_ptm() private" (jsc#SLE-18377). - net: hns3: add ethtool support for CQE/EQE mode configuration (bsc#1190336). - net: hns3: add support for EQE/CQE mode configuration (bsc#1190336). - ethtool: extend coalesce setting uAPI with CQE mode (jsc#SLE-19253). - ethtool: add two coalesce attributes for CQE mode (jsc#SLE-19253). - net/mellanox: switch from 'pci_' to 'dma_' API (jsc#SLE-19253). - net/mlx5: E-switch, Add QoS tracepoints (jsc#SLE-19253). - net/mlx5: E-switch, Allow to add vports to rate groups (jsc#SLE-19253). - net/mlx5: E-switch, Allow setting share/max tx rate limits of rate groups (jsc#SLE-19253). - net/mlx5: E-switch, Introduce rate limiting groups API (jsc#SLE-19253). - net/mlx5: E-switch, Enable devlink port tx_{share|max} rate control (jsc#SLE-19253). - net/mlx5: E-switch, Move QoS related code to dedicated file (jsc#SLE-19253). - net/mlx5e: TC, Support sample offload action for tunneled traffic (jsc#SLE-19253). - net/mlx5e: TC, Restore tunnel info for sample offload (jsc#SLE-19253). - net/mlx5e: TC, Remove CONFIG_NET_TC_SKB_EXT dependency when restoring tunnel (jsc#SLE-19253). - net/mlx5e: Refactor ct to use post action infrastructure (jsc#SLE-19253). - net/mlx5e: Introduce post action infrastructure (jsc#SLE-19253). - net/mlx5e: CT, Use xarray to manage fte ids (jsc#SLE-19253). - net/mlx5e: Move sample attribute to flow attribute (jsc#SLE-19253). - net/mlx5e: Move esw/sample to en/tc/sample (jsc#SLE-19253). - net/mlx5e: Remove mlx5e dependency from E-Switch sample (jsc#SLE-19253). - net: hns3: make array spec_opcode static const, makes object smaller (bsc#1190336). - net/mlx4: Use ARRAY_SIZE to get an array's size (jsc#SLE-19256). - i40e: Fix spelling mistake "dissable" -> "disable" (jsc#SLE-18378). - iavf: use mutexes for locking of critical sections (jsc#SLE-18385). - net/mlx5: Bridge, support LAG (jsc#SLE-19253). - net/mlx5: Bridge, allow merged eswitch connectivity (jsc#SLE-19253). - net/mlx5: Bridge, extract FDB delete notification to function (jsc#SLE-19253). - net/mlx5: Bridge, identify port by vport_num+esw_owner_vhca_id pair (jsc#SLE-19253). - net/mlx5: Bridge, obtain core device from eswitch instead of priv (jsc#SLE-19253). - net/mlx5: Bridge, release bridge in same function where it is taken (jsc#SLE-19253). - net/mlx5e: Support MQPRIO channel mode (jsc#SLE-19253). - net/mlx5e: Handle errors of netdev_set_num_tc() (jsc#SLE-19253). - net/mlx5e: Maintain MQPRIO mode parameter (jsc#SLE-19253). - net/mlx5e: Abstract MQPRIO params (jsc#SLE-19253). - net/mlx5e: Support flow classification into RSS contexts (jsc#SLE-19253). - net/mlx5e: Support multiple RSS contexts (jsc#SLE-19253). - net/mlx5e: Dynamically allocate TIRs in RSS contexts (jsc#SLE-19253). - net/mlx5e: Convert RSS to a dedicated object (jsc#SLE-19253). - net/mlx5e: Introduce abstraction of RSS context (jsc#SLE-19253). - net/mlx5e: Introduce TIR create/destroy API in rx_res (jsc#SLE-19253). - net/mlx5e: Do not try enable RSS when resetting indir table (jsc#SLE-19253). - net: hns3: add support ethtool extended link state (bsc#1190336). - net: hns3: add header file hns3_ethtoo.h (bsc#1190336). - net: hns3: remove always exist devlink pointer check (bsc#1190336). - net/mlx5e: Make use of netdev_warn() (jsc#SLE-19253). - net/mlx5: Fix variable type to match 64bit (jsc#SLE-19253). - net/mlx5: Initialize numa node for all core devices (jsc#SLE-19253). - net/mlx5: Allocate individual capability (jsc#SLE-19253). - net/mlx5: Reorganize current and maximal capabilities to be per-type (jsc#SLE-19253). - net/mlx5: SF, use recent sysfs api (jsc#SLE-19253). - net/mlx5: Refcount mlx5_irq with integer (jsc#SLE-19253). - net/mlx5: Change SF missing dedicated MSI-X err message to dbg (jsc#SLE-19253). - net/mlx5: Align mlx5_irq structure (jsc#SLE-19253). - net/mlx5: Delete impossible dev->state checks (jsc#SLE-19253). - net/mlx5: Fix inner TTC table creation (jsc#SLE-19253). - net/mlx5: Fix typo in comments (jsc#SLE-19253). - net: hns3: add support for triggering reset by ethtool (bsc#1190336). - net/mlx5: Support enable_vnet devlink dev param (jsc#SLE-19253). - net/mlx5: Support enable_rdma devlink dev param (jsc#SLE-19253). - net/mlx5: Support enable_eth devlink dev param (jsc#SLE-19253). - devlink: Add APIs to publish, unpublish individual parameter (jsc#SLE-19253). - devlink: Add API to register and unregister single parameter (jsc#SLE-19253). - devlink: Create a helper function for one parameter registration (jsc#SLE-19253). - devlink: Add new "enable_vnet" generic device param (jsc#SLE-19253). - devlink: Add new "enable_rdma" generic device param (jsc#SLE-19253). - devlink: Add new "enable_eth" generic device param (jsc#SLE-19253). - net/mlx5: E-Switch, add logic to enable shared FDB (jsc#SLE-19253). - net/mlx5: Lag, move lag destruction to a workqueue (jsc#SLE-19253). - net/mlx5: Lag, properly lock eswitch if needed (jsc#SLE-19253). - net/mlx5: Add send to vport rules on paired device (jsc#SLE-19253). - net/mlx5: E-Switch, Add event callback for representors (jsc#SLE-19253). - net/mlx5e: Use shared mappings for restoring from metadata (jsc#SLE-19253). - net/mlx5e: Add an option to create a shared mapping (jsc#SLE-19253). - net/mlx5: E-Switch, set flow source for send to uplink rule (jsc#SLE-19253). - RDMA/mlx5: Add shared FDB support (jsc#SLE-19250). - {net, RDMA}/mlx5: Extend send to vport rules (jsc#SLE-19253). - RDMA/mlx5: Fill port info based on the relevant eswitch (jsc#SLE-19250). - net/mlx5: Lag, add initial logic for shared FDB (jsc#SLE-19253). - net/mlx5: Return mdev from eswitch (jsc#SLE-19253). - IB/mlx5: Rename is_apu_thread_cq function to is_apu_cq (jsc#SLE-19253). - net/mlx5: Add DCS caps & fields support (jsc#SLE-19250). - net: hns3: support skb's frag page recycling based on page pool (bsc#1190336). - devlink: Simplify devlink port API calls (jsc#SLE-19253). - qed: Remove duplicated include of kernel.h (jsc#SLE-19001). - qed: Remove redundant prints from the iWARP SYN handling (jsc#SLE-19001). - qed: Skip DORQ attention handling during recovery (jsc#SLE-19001). - qed: Avoid db_recovery during recovery (jsc#SLE-19001). - net/mlx5e: Return -EOPNOTSUPP if more relevant when parsing tc actions (jsc#SLE-19253). - net/mlx5e: Remove redundant assignment of counter to null (jsc#SLE-19253). - net/mlx5e: Remove redundant parse_attr arg (jsc#SLE-19253). - net/mlx5e: Remove redundant cap check for flow counter (jsc#SLE-19253). - net/mlx5e: Remove redundant filter_dev arg from parse_tc_fdb_actions() (jsc#SLE-19253). - net/mlx5e: Remove redundant tc act includes (jsc#SLE-19253). - net/mlx5: Embed mlx5_ttc_table (jsc#SLE-19253). - net/mlx5: Move TTC logic to fs_ttc (jsc#SLE-19253). - net/mlx5e: Decouple TTC logic from mlx5e (jsc#SLE-19253). - net/mlx5e: Rename some related TTC args and functions (jsc#SLE-19253). - net/mlx5e: Rename traffic type enums (jsc#SLE-19253). - net/mlx5e: Allocate the array of channels according to the real max_nch (jsc#SLE-19253). - net/mlx5e: Hide all implementation details of mlx5e_rx_res (jsc#SLE-19253). - net/mlx5e: Introduce mlx5e_channels API to get RQNs (jsc#SLE-19253). - net/mlx5e: Use a new initializer to build uniform indir table (jsc#SLE-19253). - net/mlx4: make the array states static const, makes object smaller (jsc#SLE-19256). - qede: Remove the qede module version (jsc#SLE-19001). - qed: Remove the qed module version (jsc#SLE-19001). - net/mlx5: Don't rely on always true registered field (jsc#SLE-19253). - ionic: add function tag to debug string (jsc#SLE-19282). - ionic: enable rxhash only with multiple queues (jsc#SLE-19282). - ionic: block some ethtool operations when fw in reset (jsc#SLE-19282). - ionic: remove unneeded comp union fields (jsc#SLE-19282). - ionic: increment num-vfs before configure (jsc#SLE-19282). - ionic: use fewer inits on the buf_info struct (jsc#SLE-19282). - ionic: init reconfig err to 0 (jsc#SLE-19282). - ionic: print firmware version on identify (jsc#SLE-19282). - ionic: monitor fw status generation (jsc#SLE-19282). - ionic: minimize resources when under kdump (jsc#SLE-19282). - net: qed: remove unneeded return variables (jsc#SLE-19001). - net/mlx5e: Use the new TIR API for kTLS (jsc#SLE-19253). - net/mlx5e: Move management of indir traffic types to rx_res (jsc#SLE-19253). - net/mlx5e: Convert TIR to a dedicated object (jsc#SLE-19253). - net/mlx5e: Create struct mlx5e_rss_params_hash (jsc#SLE-19253). - net/mlx5e: Remove mdev from mlx5e_build_indir_tir_ctx_common() (jsc#SLE-19253). - net/mlx5e: Remove lro_param from mlx5e_build_indir_tir_ctx_common() (jsc#SLE-19253). - net/mlx5e: Remove mlx5e_priv usage from mlx5e_build_*tir_ctx*() (jsc#SLE-19253). - net/mlx5e: Use mlx5e_rqt_get_rqtn to access RQT hardware id (jsc#SLE-19253). - net/mlx5e: Take RQT out of TIR and group RX resources (jsc#SLE-19253). - net/mlx5e: Move RX resources to a separate struct (jsc#SLE-19253). - net/mlx5e: Move mlx5e_build_rss_params() call to init_rx (jsc#SLE-19253). - net/mlx5e: Convert RQT to a dedicated object (jsc#SLE-19253). - net/mlx5e: Check if inner FT is supported outside of create/destroy functions (jsc#SLE-19253). - net/mlx5: Take TIR destruction out of the TIR list lock (jsc#SLE-19253). - net: hns3: add devlink reload support for VF (bsc#1190336). - net: hns3: add devlink reload support for PF (bsc#1190336). - net: hns3: add support for devlink get info for VF (bsc#1190336). - net: hns3: add support for devlink get info for PF (bsc#1190336). - net: hns3: add support for registering devlink for VF (bsc#1190336). - net: hns3: add support for registering devlink for PF (bsc#1190336). - ionic: drop useless check of PCI driver data validity (jsc#SLE-19282). - i40e: add support for PTP external synchronization clock (jsc#SLE-18378). - igc: Increase timeout value for Speed 100/1000/2500 (jsc#SLE-18377). - igc: Set QBVCYCLET_S to 0 for TSN Basic Scheduling (jsc#SLE-18377). - igc: Remove phy->type checking (jsc#SLE-18377). - igc: Remove _I_PHY_ID checking (jsc#SLE-18377). - igc: Check if num of q_vectors is smaller than max before array access (jsc#SLE-18377). - iavf: fix locking of critical sections (jsc#SLE-18385). - iavf: do not override the adapter state in the watchdog task (jsc#SLE-18385). - igc: Make flex filter more flexible (jsc#SLE-18377). - igc: Allow for Flex Filters to be installed (jsc#SLE-18377). - igc: Integrate flex filter into ethtool ops (jsc#SLE-18377). - igc: Add possibility to add flex filter (jsc#SLE-18377). - commit 965eeec - usb: mtu3: return successful suspend status (git-fixes). - commit dda04d7 - perf tools: Fix hybrid config terms list corruption (git-fixes). - commit f3f3684 - perf symbol: Look for ImageBase in PE file to compute .text offset (git-fixes). - commit 5059767 - perf test: Fix bpf test sample mismatch reporting (git-fixes). - commit 7313cb0 - perf bench inject-buildid: Handle writen() errors (git-fixes). - commit 2106974 - perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64} (git-fixes). - commit bd9b092 - perf config: Fix caching and memory leak in perf_home_perfconfig() (git-fixes). - commit deeda41 - perf script: Fix --list-dlfilters documentation (git-fixes). - commit 96f4c7b - x86/pat: Pass valid address to sanitize_phys() (git-fixes). - commit b8bf633 - x86/uaccess: Fix 32-bit __get_user_asm_u64() when CC_HAS_ASM_GOTO_OUTPUT=y (git-fixes). - commit 2c793c4 - arm64: pmu: update config for CCI and CCN drivers References: bsc#1191026 - commit 8a848d9 - iwlwifi: pnvm: Fix a memory leak in 'iwl_pnvm_get_from_fs()' (git-fixes). - commit 6af3083 - iwlwifi: move get pnvm file name to a separate function (git-fixes). - commit 9e06ce6 - arm64: pmu: enable support for cmn-600 driver References: jsc#SLE-19035 - commit f95bbc2 - platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build error (git-fixes). - commit e623b17 - usb: gadget: u_audio: add bi-directional volume and mute support (git-fixes). - commit f29fe94 - arm64: tegra: enable quad spi controller driver References: jsc#SLE-20497 - commit 8fbdd0b - arm64: tegra194: p2888: Correct interrupt trigger type of temperature sensor (jsc#SLE-20498). - arm64: tegra: Fix Tegra194 PCIe EP compatible string (jsc#SLE-20498). - commit 0b16cd5 - usb: audio-v2: add ability to define feature unit descriptor (git-fixes). - commit 468bd08 - arm64: tegra: Add missing interconnects property for USB on Tegra186 (jsc#SLE-20498). - arm64: tegra: Add PWM nodes on Tegra186 (jsc#SLE-20498). - commit c75528c ++++ libcap: - update to 2.59: * Fixed a potential libcap memory leak by adding a destructor * Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now * Added libcap cap_proc_root() API function * Added color support to captree * Fixed contrib/sucap/su to correctly handle the Inheritable flag * capsh enhancements * getcap -r / now generates readable output * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries * The module pam_cap.so now contains support for a default= module argument * Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions * Added capsh --current support * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su * Fix for a corner case infinite loop handling long strings * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs * Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree. ++++ lvm2: - vgextend crash when extending VG with missing PV (bsc#1191019) + bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch ++++ libpwquality: - Use %_pam_moduledir instead of hardcoding %{_lib}/security (boo#1191042). ++++ u-boot-rpiarm64: - Update to 2021.10-rc5 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped (upstreamed): 0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch - Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64 ------------------------------------------------------------------ ------------------ 2021-9-27 - Sep 27 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Deleted upstreamed patches for upgrade: - fate#325871 * 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch * 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch * 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch * 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch * 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - btrfs-progs: check: fixup_extent_flags needs to deal with non-skinny metadata (bsc#1131334). * btrfs-progs-check-fixup_extent_flags-needs-to-deal-with-non-skinny-metadata.patch - btrfs-progs: check: fix segfault with -Q (bsc#1158560) * btrfs-progs-check-initialize-qgroup_item_count-in-ea.patch - Enqueue feature to wait for exclusive operation to finish (JSC#SLE-15234) * 0001-btrfs-progs-add-get_fsid_fd-for-getting-fsid-using-f.patch * 0002-btrfs-progs-add-sysfs-file-reading-helpers.patch * 0003-btrfs-progs-add-helpers-for-parsing-filesystem-exclu.patch * 0004-btrfs-progs-check-for-exclusive-operation-before-iss.patch * 0005-btrfs-progs-add-helper-to-check-or-wait-for-exclusiv.patch * 0006-btrfs-progs-add-enqueue-parameter-for-exclusive-ops.patch - Correct check_running_fs_exclop() return value (bsc#1184481) * btrfs-progs-Correct-check_running_fs_exclop-return-v.patch ++++ keepalived: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_keepalived.service.patch ++++ kernel-default: - USB: serial: cp210x: fix dropped characters with CP2102 (git-fixes). - commit 2dc5263 - USB: serial: cp210x: determine fw version for CP2105 and CP2108 (git-fixes). - commit 8e35b9a - USB: serial: cp210x: clean up type detection (git-fixes). - commit a0ffe11 - USB: serial: cp210x: clean up set-chars request (git-fixes). - commit e54e383 - USB: serial: option: remove duplicate USB device ID (git-fixes). - commit b897cec - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - commit 29113f1 - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - commit 6145880 - usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval (git-fixes). - commit a48db15 - usb: gadget: f_uac2: Add missing companion descriptor for feedback EP (git-fixes). - commit fc73a75 - usb: gadget: f_uac2: remove redundant assignments to pointer i_feature (git-fixes). - commit 95d4917 - usb: gadget: f_uac2: add volume and mute support (git-fixes). - commit 88a1f08 - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - commit e2b14cb - usb: dwc3: core: balance phy init and exit (git-fixes). - commit 0faa08d - Revert "USB: bcma: Add a check for devm_gpiod_get" (git-fixes). - commit 631e099 - erofs: fix up erofs_lookup tracepoint (git-fixes). - commit 7b14405 - arm64: tegra: Update HDA card name on Jetson TX2 NX (jsc#SLE-20498). - arm64: tegra: Audio graph sound card for Jetson TX2 NX (jsc#SLE-20498). - ASoC: Fix warning related to 'sound-name-prefix' binding (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based Mixer driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based ADX driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based AMX driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based SFC driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based MVC driver (jsc#SLE-20498). - ASoC: tegra: Add routes for few AHUB modules (jsc#SLE-20498). - ASoC: dt-bindings: tegra: Few more Tegra210 AHUB modules (jsc#SLE-20498). - ASoC: audio-graph: Fixup CPU endpoint hw_params in a BE<->BE link (jsc#SLE-20498). - ASoC: simple-card-utils: Increase maximum DAI links limit to 512 (jsc#SLE-20498). - ASoC: soc-pcm: Don't reconnect an already active BE (jsc#SLE-20498). - ASoC: Remove name-prefix.txt (jsc#SLE-20498). - ASoC: Use schema reference for sound-name-prefix (jsc#SLE-20498). - ASoC: Add json-schema documentation for sound-name-prefix (jsc#SLE-20498). - ASoC: audio-graph: respawn Platform Support (jsc#SLE-20498). - arm64: tegra: Add NVIDIA Jetson TX2 NX Developer Kit support (jsc#SLE-20498). - commit 927034b - tracing/boot: Fix to loop on only subkeys (git-fixes). - commit 33a4689 - tracing/osnoise: Fix missed cpus_read_unlock() in start_per_cpu_kthreads() (git-fixes). - commit 357291e - arm64: tegra: enable audio support References: jsc#SLE-20498 - commit fdd0448 - cpufreq: intel_pstate: Revert upstream default governor selection for no-HWP, use "powersave" (bsc#1190923). - commit c8873b1 - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1190497). - commit e8257df - USB: cdc-acm: fix minor-number release (git-fixes). - commit 478fffd - usb: cdns3: fix race condition before setting doorbell (git-fixes). - commit 11af174 - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - commit 8f7d7ce - supported.conf: mark 'xxhash_generic' as supported (jsc#SLE-21213) The tcrypt.ko inserted as part of the FIPS boot-time testing now has a test for "xxhash64" and failing ->fips_allowed tests cause a kernel panic in FIPS mode. Make the xxhash_genric implementation universally available by marking it as supported. - commit 00fcd27 - EDAC/dmc520: Assign the proper type to dimm->edac_mode (bsc#1190497). - commit 27f4b5e - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - commit 6c24533 - pci: mobiveil: drop support for lx2160 rev1 References: jsc#SLE-17153 - Delete patches.suse/PCI-mobiveil-ls_pcie_g4-add-Workaround-for-A-011451.patch. - Delete patches.suse/PCI-mobiveil-ls_pcie_g4-add-Workaround-for-A-011577.patch. - Delete patches.suse/PCI-mobiveil-ls_pcie_g4-fix-SError-when-accessing-co.patch. - Delete patches.suse/revert-PCI-mobiveil-Remove-unused-readl-and-writel-functions.patch. - commit 04af26e - rpm/modules.fips: cleanup and update (jsc#SLE-21213,bsc#1191269) rpm/modules.fips serves as a basis for dracut's /etc/fipsmodules stored in initrds. The dracut FIPS handling code loads all the kernel modules from that list and runs a tcrypt afterwards. Update rpm/modules.fips: - Remove all crypto modules not registering any ->fips_allowed algorithm. The resp. algorithm implementations won't ever reach the CRYPTO_ALG_TESTED state in FIPS mode anyway and thus, won't be accesible. There's no point in loading the modules at boot. - Add all enabled kernel modules providing implementations of - >fips_allowed algorithms tuned for a specific CPU extension (neon, avx, etc) or instruction set. Note that in "normal" operation, i.e. without that explicit kernel module insertion as done by the dracut fips module, the kernel's crypto API would issue a request_module("crypto-") upon encountering a request for some crypto algorithm it hasn't got any implementation registered for yet. This would load *all* kernel modules providing a matching implementation and the one with the highest priority would henceforth serve all requests. Now, if we were to explicitly load only the resp. generic implementations at boot, the kernel would always find a suitable match and never issue such a request_module(). Thus, add all tuned implementations to modules.fips so that they are all being made available at boot. - Consistently list all enabled modules providing implementations of - >fips_allowed algorithms, independent of whether the corresponding Kconfig symbol is set to =y or =m. - Add the core cryptomgr, cryptd, crypto_simd, crypto_user and tcrypt kernel modules. The former three should not be needed, but are still being kept on the list for completeness and consistency. - cryptomgr is built-in. - cryptd as well as crypto_simd don't register any algorithms by themselves, but provide some common functionality to the other modules. These should get added to the initrd images as needed via kernel module dependencies already. - crypto_user is needed as a dependency of the libkcapi based fipscheck/sha512mac utility invoked at boot for kernel integrity verification. List it in modules.fips so that it will get included in the generated initrds. - List the required tcrypt kernel module so that dracut will add it to the generated initrds. The rationale for including e.g. compression algorithms or non-cryptographic hashes with associated ->fips_allowed tests to the list is that 1.) Some of them are required by tcrypt such as crc32, crc32c, xxhash64, deflate, lzo etc.. If not available, the system will panic. 2.) In FIPS mode any failing ->fips_allowed test will panic the system. Insmodding those modules early at boot will avoid surprises later on. - commit 8b85943 ++++ libdrm: - covers jira#SLE/SLE-18743 ++++ libepoxy: - needed for jira#SLE/SLE-19965, jira#SLE/SLE-19964, jira#SLE/SLE-18653 ++++ Mesa: - covers jira#SLE/SLE-18743 ++++ libglvnd: - covers jira#SLE/SLE-18743 ------------------------------------------------------------------ ------------------ 2021-9-26 - Sep 26 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Disable testsuite run on ix86 and arm. ++++ hivex: - move all ocaml libraries to devel package to align with our OCaml packaging ------------------------------------------------------------------ ------------------ 2021-9-25 - Sep 25 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/config.sh: Compress modules with zstd (jsc#SLE-21256). https://github.com/openSUSE/installation-images/issues/537 - rpm/config.sh: Compress modules with zstd (jsc#SLE-21256). - commit 33519d9 ++++ libsolv: - fix misparsing of '&' in attributes with libxml2 - choice rules: treat orphaned packages as newest [bsc#1190465] - fix compatibility with Python 3.10 - new SOLVER_EXCLUDEFROMWEAK job type - support for environments in comps parser - bump version to 0.7.20 ------------------------------------------------------------------ ------------------ 2021-9-24 - Sep 24 2021 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021. (bsc#1190858) ++++ conmon: - Update to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify ++++ crypto-policies: - Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch - Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version * update-crypto-policies: fix pregenerated + local.d * openssh: allow validation with pre-8.5 * .gitlab-ci.yml: run commit-range against upstream * openssh: Use the new name for PubkeyAcceptedKeyTypes * sha1_in_dnssec: deprecate * .gitlab-ci.yml: test commit ranges * FIPS:OSPP: sign = -*-SHA2-224 * scoped policies: documentation update * scoped policies: use new features to the fullest... * scoped policies: rewrite + minimal policy changes * scoped policies: rewrite preparations * nss: postponing the version check again, to 3.64 - Remove patches fixed upstream: crypto-policies-typos.patch - Rebase: crypto-policies-test_supported_modules_only.patch - Merge crypto-policies-asciidoc.patch into crypto-policies-no-build-manpages.patch ++++ kernel-default: - locking/rwbase: Take care of ordering guarantee for fastpath reader (bsc#1190137 bsc#1189998). - locking/rwbase: Extract __rwbase_write_trylock() (bsc#1190137 bsc#1189998). - locking/rwbase: Properly match set_and_save_state() to restore_state() (bsc#1190137 bsc#1189998). - commit ac55e1c - Restore missing CVE/bsc references from SLE15-SP3, that have already been fixed with the v5.14 kernel. (bsc#1190412, bsc#1181006, bsc#1135481, bsc#1171420, CVE-2020-12770, bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477, bsc#1189872, bsc#1190181, bsc#1190131, bsc#1190117, CVE-2021-38160, bsc#1188616, bsc#1189760, bsc#1187211, bsc#1187619, bsc#1189870, bsc#1189762, bsc#1175543, bsc#1188412, bsc#1188700, bsc#1135481). - commit 24dfde2 ++++ kmod: - Enable ZSTD on 15.4 (jsc#SLE-21256). ++++ systemd: - Enable support for Portable Services (jsc#SLE-21695) Will be released in Leap only. ------------------------------------------------------------------ ------------------ 2021-9-23 - Sep 23 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.79.1 in SLE-15-SP4 [jsc#SLE-21047] * Deleted patches fixed in the update: curl-CVE-2020-8284.patch curl-CVE-2020-8285.patch curl-CVE-2020-8286.patch curl-CVE-2020-8231.patch curl-CVE-2020-8177.patch curl-CVE-2020-8169.patch curl-CVE-2021-22947.patch curl-CVE-2021-22946.patch curl-CVE-2021-22898.patch curl-CVE-2021-22924.patch curl-CVE-2021-22925.patch curl-CVE-2021-22876.patch curl-CVE-2021-22890.patch curl-X509_V_FLAG_PARTIAL_CHAIN.patch * Rebased patches: curl-disabled-redirect-protocol-message.patch curl-secure-getenv.patch libcurl-ocloexec.patch ++++ dnsmasq: - jsc#SLE-17936: Sync this state from Factory to SLE-15-SP1. - SLE bugs that got fixed upstream between 2.79 and 2.86, but for which we need to keep references when syncing: * bsc#1176076: dnsmasq-servfail.patch * bsc#1156543: dnsmasq-siocgstamp.patch * bsc#1138743: dnsmasq-cache-size.patch * bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch * bsc#1180914: Open inotify socket only when used. * removed dnsmasq-dnspooq.patch - bsc#1173646, CVE-2020-14312: Set --local-service by default. ++++ transactional-update: - Version 3.5.6 - tukit: Add S/390 bootloader support [bsc#1189807] - t-u: support purge-kernels with t-u patch [bsc#1190788] ++++ kernel-default: - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - commit 74fb457 - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - commit ab4abcd - blacklist.conf: Append 'drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count' - commit 9136740 - drm/amd/display: Fix white screen page fault for gpuvm (bsc#1190786) - commit 5a5310f - drm/amdgpu: fix use after free during BO move (bsc#1190786) - commit 00873de - drm/i915/guc: drop guc_communication_enabled (bsc#1190497) - commit 0276532 - Update "drm/i915/dp: Use max params for panels < eDP 1.4" for mainline - commit fc431a0 - drm/i915/dp: return proper DPRX link training result (bsc#1190497) - commit 481953b - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (bsc#1190497) - commit 60860cd - blacklist.conf: Append 'drm/amd/display: Use DCN30 watermark calc for DCN301' - commit 16c2f09 - blacklist.conf: Append 'Revert "drm/amd/pm: fix workload mismatch on vega10"' - commit f2c08b6 - blacklist.conf: Append 'drm/amdgpu: handle VCN instances when harvesting (v2)' - commit 810d2a0 - blacklist.conf: Append 'drm/msm/dp: use dp_ctrl_off_link_stream during PHY compliance test run' - commit 35e02ff - blacklist.conf: Append 'drm/i915: Correct SFC_DONE register offset' - commit ae4ac24 - blacklist.conf: Append 'drm/i915/display: split DISPLAY_VER 9 and 10 in intel_setup_outputs()' - commit 622cb45 - blacklist.conf: Append 'drm/i915: fix not reading DSC disable fuse in GLK' - commit 58119c7 - blacklist.conf: Append 'drm/i915/bios: Fix ports mask' - commit 7b529fa - blacklist.conf: Append 'drm/i915: Call i915_globals_exit() if pci_register_device() fails' - commit 72f2dda - blacklist.conf: Append 'Revert "drm/i915: Propagate errors on awaiting already signaled fences"' - commit 4a3ec7f - blacklist.conf: Append 'drm/i915: Revert "drm/i915/gem: Asynchronous cmdparser"' - commit 665dea6 - blacklist.conf: Append 'drm/i915/gtt: drop the page table optimisation' - commit f86a67e - blacklist.conf: Append 'drm/i915/gt: Fix -EDEADLK handling regression' - commit c481288 - blacklist.conf: Append 'drm/i915: Reinstate the mmap ioctl for some platforms' - commit d268fa0 - blacklist.conf: Append 'drm/i915/selftests: Reorder tasklet_disable vs local_bh_disable' - commit 45e22b5 - blacklist.conf: Append 'drm/amd/pm: Fix a memory leak in an error handling path in 'vangogh_tables_init()'' - commit 397440b - blacklist.conf: Append 'drm/amdgpu: fix checking pmops when PM_SLEEP is not enabled' - commit cb9f3d9 - drm/bridge: ti-sn65dsi86: Add some 100 us delays (bsc#1190786) Backporting changes: * context changes - commit 2694241 - blacklist.conf: Append 'drm/amd/display: Fix 10bit 4K display on CIK GPUs' - commit bba53d5 - blacklist.conf: Append 'drm/amdkfd: Allow CPU access for all VRAM BOs' - commit 7b697e2 - blacklist.conf: Append 'drm/amdgpu: Return error if no RAS' - commit 5b9cb39 - drm/amdgpu: add license to umc_8_7_0_sh_mask.h (bsc#1190497) Backporting changes: * context changes - commit d555363 - blacklist.conf: Append 'drm/radeon: Fix NULL dereference when updating memory stats' - commit 8525d78 - blacklist.conf: Append 'drm/amdgpu: fix amdgpu_preempt_mgr_new()' - commit eb8e3ce ++++ python3-core: - Make python36 primary interpreter on SLE-15 - Make build working even on older SLEs. ++++ libvirt: - spec: Fix hangs during package update bsc#1177902, bsc#1190693 - spec: Don't add --timeout arg to /etc/sysconfig/libvirtd when running in traditional mode without socket activation bsc#1190695 ++++ python3: - Make python36 primary interpreter on SLE-15 - Make build working even on older SLEs. ++++ samba: - Add missing build dependency on bison when building with the embedded Heimdal Kerberos ------------------------------------------------------------------ ------------------ 2021-9-22 - Sep 22 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.12: + Fix wrong order of addresses when restarting NetworkManager. + Preserve the IPv6 ff00::/8 route added by kernel in the local table, necessary for multicast communication. + Fix emitting the signal for changed metered status of devices. + Fix applying the ethtool autonegotiation and speed settings. + initrd: fix crash parsing plain '=' without key. + cloud-setup: use suppress_prefixlength rule to honor non-default-routes in the main table. - Drop nm-add-CAP_CHOWN-capability.patch: This solution was denied by upstream maintainers. ++++ curl: - Update to 7.79.1: * Bugfixes: - Curl_http2_setup: don't change connection data on repeat invokes - curl_multi_fdset: make FD_SET() not operate on sockets out of range - dist: provide lib/.checksrc in the tarball - FAQ: add GOPHERS + curl works on data, not files - hsts: CURLSTS_FAIL from hsts read callback should fail transfer - hsts: handle unlimited expiry - http: fix the broken >3 digit response code detection - strerror: use sys_errlist instead of strerror on Windows - test1184: disable: https://github.com/curl/curl/issues/7725 - tests/sshserver.pl: make it work with openssh-8.7p1 ++++ grub2: - Improve support for SLE Micro 5.1 on s390x. (bsc#1190395) * amend grub2-s390x-04-grub2-install.patch * refresh grub2-s390x-11-secureboot.patch ++++ iputils: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_rdisc.service.patch ++++ kernel-default: - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).") - commit e082fbf - usb: mtu3: support suspend/resume for dual-role mode (git-fixes). - commit b1108c1 - usb: common: add helper to get role-switch-default-mode (git-fixes). - commit 58fa9a8 - blacklist.conf: Append 'drm/vmwgfx: Fix a bad merge in otable batch takedown' - commit 35d7947 - blacklist.conf: Append 'drm/vmwgfx: Fix a 64bit regression on svga3' - commit abdbf03 - blacklist.conf: Append 'drm/vmwgfx: Fix implicit declaration error' - commit dc9101c - blacklist.conf: Append 'drm/i915/display/dg1: Correctly map DPLLs during state readout' - commit 78f38ca - blacklist.conf: Append 'drm/i915/dsc: abstract helpers to get bigjoiner primary/secondary crtc' - commit ce4db17 - blacklist.conf: Append 'drm/i915/display: Do not zero past infoframes.vsc' - commit e28310d - PCI/VPD: Treat initial 0xff as missing EEPROM (jsc#SLE-19358). - commit a01d2f0 - net: mana: Prefer struct_size over open coded arithmetic (git-fixes). - x86/hyperv: remove on-stack cpumask from hv_send_ipi_mask_allbutself (git-fixes). - asm-generic/hyperv: provide cpumask_to_vpset_noself (git-fixes). - Drivers: hv: vmbus: Fix kernel crash upon unbinding a device from uio_hv_generic driver (git-fixes). - commit 57a85dd - PCI/VPD: Check Resource Item Names against those valid for type (jsc#SLE-19358). - commit db901ad - PCI/VPD: Correct diagnostic for VPD read failure (jsc#SLE-19358). - commit 91d294d - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - commit 439786d - PCI: Correct the pci_iomap.h header guard #endif comment (git-fixes). - commit df53f34 - usb: mtu3: fix random remote wakeup (git-fixes). - commit d8913af - usb: mtu3: support suspend/resume for device mode (git-fixes). - commit 30e43b1 - usb: mtu3: support property role-switch-default-mode (git-fixes). - commit d01a5c9 - usb: mtu3: add new helpers for host suspend/resume (git-fixes). - commit f78b62b - usb: mtu3: support option to disable usb2 ports (git-fixes). - commit 449cb7e - usb: mtu3: add helper to power on/down device (git-fixes). - commit c761898 - usb: mtu3: support runtime PM for host mode (git-fixes). - commit 856e4b0 - docs: Fix infiniband uverbs minor number (git-fixes). - commit f82742c - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - commit 5ff0106 ++++ systemd: - Import commit 48cec2f159dd8fd15d0baf9a1ffe2d762ecf769c 8d65ec4a66 test: wc is needed by test/units/testsuite-50.sh 1527bcc5dd test: make the installation of the debug tools optional in the image f4e6bf0b37 journalctl: never fail at flushing when the flushed flag is set (bsc#1188588) 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - Update the dependencies of the testsuite package The debug tools are optional thus no more required. OTOH strip(1) is needed when building the test image and nc(1) is needed by some tests. ++++ openssl: - Update to 1.1.1l release for SLE-15-SP4 ++++ sudo: - update to 1.9.8p2 * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. - update to 1.9.8p1 * Fixed support for passing a prompt (sudo -p) or a login class (sudo -l) on the command line. This is a regression introduced in sudo 1.9.8. Bug #993. * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. This is a regression introduced in sudo 1.9.8. Bug #994. * Fixed a compilation error when the --enable-static-sudoers configure option was specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash with the intercept and log server protobuf functions. * It is now possible to transparently intercepting sub-commands executed by the original command run via sudo. Intercept support is implemented using LD_PRELOAD (or the equivalent supported by the system) and so has some limitations. The two main limitations are that only dynamic executables are supported and only the execl, execle, execlp, execv, execve, execvp, and execvpe library functions are currently intercepted. Its main use case is to support restricting privileged shells run via sudo. To support this, there is a new "intercept" Defaults setting and an INTERCEPT command tag that can be used in sudoers. For example: Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh Defaults!SHELLS intercept would cause sudo to run the listed shells in intercept mode. This can also be set on a per-rule basis. For example: Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh chuck ALL = INTERCEPT: SHELLS would only apply intercept mode to user "chuck" when running one of the listed shells. In intercept mode, sudo will not prompt for a password before running a sub-command and will not allow a set-user-ID or set-group-ID program to be run by default. The new intercept_authenticate and intercept_allow_setid sudoers settings can be used to change this behavior. * The new "log_subcmds" sudoers setting can be used to log additional commands run in a privileged shell. It uses the same mechanism as the intercept support described above and has the same limitations. * The new "log_exit_status" sudoers setting can be used to log the exit status commands run via sudo. This is also a corresponding "log_exit" setting in the sudo_logsrvd.conf eventlog stanza. * Support for logging sudo_logsrvd errors via syslog or to a file. Previously, most sudo_logsrvd errors were only visible in the debug log. * Better diagnostics when there is a TLS certificate validation error. * Using the "+=" or "-=" operators in a Defaults setting that takes a string, not a list, now produces a warning from sudo and a syntax error from inside visudo. * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd had no effect when creating I/O log parent directories if the I/O log file name ended with the string "XXXXXX". * Fixed a bug in the sudoers custom prompt code where the size parameter that was passed to the strlcpy() function was incorrect. No overflow was possible since the correct amount of memory was already pre-allocated. * The mksigname and mksiglist helper programs are now built with the host compiler, not the target compiler, when cross-compiling. Bug #989. * Fixed compilation error when the --enable-static-sudoers configure option was specified. This was due to a typo introduced in sudo 1.9.7. GitHub PR #113. - pack /usr/libexec/sudo/sudo/sudo_intercept.so ------------------------------------------------------------------ ------------------ 2021-9-21 - Sep 21 2021 ------------------- ------------------------------------------------------------------ ++++ jitterentropy: - add a userspace jitter entropy generator library ++++ kernel-default: - blacklist.conf: a47f6a5806da drm/amdgpu: Fix build with missing pm_suspend_target_state module export - commit c31b76d - vmxnet3: update to version 6 (bsc#1190406). - commit 12c934a - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - commit 41711f1 - vmxnet3: set correct hash type based on rss information (bsc#1190406). - commit 50ba224 - x86/mce: Avoid infinite loop for copy from user recovery (bsc#1190497). - commit dad2a98 - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - commit bfd5a34 - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - commit c70fd90 - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - commit b67474b - vmxnet3: prepare for version 6 changes (bsc#1190406). - commit 9afdd26 ++++ multipath-tools: - Add a versioned dependency of multipath-tools on libmpath0 (bsc#1190622) ++++ Mesa: - update to 21.2.2 * second bugfix release: a ton of work went into panfrost, getting it closer to being conformant (it is conformant on 21.3!); fixes for ir3, croccus, nir, utils, llvmpipe, gallivm, zink, glsl, v3d, vc4, intel, mesa, aco, iris, radv, and even osmesa. ++++ libgcrypt: - FIPS: Provide a module name/identifier and version that can be mapped to the validation records. [bsc#1190706] * Add libgcrypt-FIPS-module-version.patch * Upstream task: https://dev.gnupg.org/T5600 - FIPS: Enable hardware support also in FIPS mode [bsc#1187110] * Add libgcrypt-FIPS-hw-optimizations.patch * Upstream task: https://dev.gnupg.org/T5508 ------------------------------------------------------------------ ------------------ 2021-9-20 - Sep 20 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix hardened auditd.service (bsc#1181400) * add fix-hardened-service.patch Make /etc/audit read-write from the service. Remove PrivateDevices=true to expose /dev/* to auditd.service. - Enable stop rules for audit.service (cf. bsc#1190227) * add enable-stop-rules.patch ++++ docker: - Add patch to return ENOSYS for clone3 to avoid breaking glibc again. bsc#1190670 + 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch ++++ kernel-default: - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - commit b81363d - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - commit 5302a17 - Refresh patches.suse/vfs-add-super_operations-get_inode_dev (bsc#1190661). - commit df194f3 - Refresh patches.suse/cpufreq-intel_pstate-Temporarily-boost-P-state-when-.patch. - commit 47a2292 - Refresh patches.suse/cpufreq-intel_pstate-Ramp-up-frequency-faster-when-u.patch. - commit d4fd8bd - Refresh patches.suse/cpufreq-intel_pstate-Revert-upstream-changes-to-iowa.patch. - commit b054935 - drm/vc4: hdmi: Fix HPD GPIO detection (bsc#1190469). - commit b20bd6a ++++ gcc11: - Enable the full cross compiler, cross-aarch64-gcc11 and cross-riscv64-gcc11 now provide a fully hosted C (and C++) cross compiler, not just a freestanding one. I.e. with a cross glibc. They don't yet support the sanitizer libraries. Part of [jsc#OBS-124]. ++++ open-lldp: - Update to version v1.1+44.0f781b4162d3: * agent: reset frame status on message delete * Avoiding null pointer dereference ++++ ceph: - Update to Version: 16.2.6.45+g8fda9838398: + rebased on top of upstream commit SHA1 dbc87327c37d0f305c2107e487cb98a072ae858b upstream 16.2.6 release https://ceph.io/releases/v16-2-6-pacific-released/ ++++ python-gobject: - Update to version 3.42.0: + meson: Bump minimum meson_version to 0.47.0. + Expose GObject.Object.run_dispose(). + docs: document Gtk.Template. + dev: Add poetry support. + meson: use main branch for glib subproject. + Fix some small memory leaks. ++++ samba: - Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed ------------------------------------------------------------------ ------------------ 2021-9-19 - Sep 19 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.42.0: + Set X root property when Xwayland starts on demand. + Several dbus introspection fixes. ++++ gsettings-desktop-schemas: - Update to version 41.0: + Updated translations. ------------------------------------------------------------------ ------------------ 2021-9-18 - Sep 18 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ++++ libapparmor: - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ++++ harfbuzz: - harfbuzz 3.0.0: + Unicode 14.0 support + hb-subset API and harfbuzz-subset ABI now declared stable + hb-style API is now stable ------------------------------------------------------------------ ------------------ 2021-9-17 - Sep 17 2021 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - Update to 2.86: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked to handle TCP DNS connections under heavy load. * Major rewrite of the DNS server and domain handling code. This should be largely transparent, but it drastically improves performance and reduces memory foot-print when configuring large numbers of domains. * Revise resource handling for number of concurrent DNS queries. * Improve efficiency of DNSSEC. * Connection track mark based DNS query filtering. * Allow smaller than 64 prefix lengths in synth-domain, with caveats. - -synth-domain=1234:4567::/56,example.com is now valid. * Make domains generated by --synth-domain appear in replies when in authoritative mode. * Ensure CAP_NET_ADMIN capability is available when conntrack is configured. * When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are given a directory as argument, define the order in which files within that directory are read (alphabetical order of filename). ++++ transactional-update: - Version 3.5.5 - t-u: Use tukit for SUSEConnect call [bsc#1190574] Correctly registers repositories ++++ drbd-utils: - bsc#1190591, fail to start due to lack of /usr/var/run/drbd ++++ librsvg: - Update to version 2.52.0: + The biggest user-visible change is that rsvg-convert has been ported to Rust. + rsvg-convert is now aware of physical units, and fixes a bug where PDFs were created at the wrong size. + Support for Accept-Language. + rsvg-convert's default DPI is now 96, to better match W3C standards. + SVG2/CSS3 features: - Transform property from SVG2; previously librsvg only supported the transform attribute from SVG1.1, which has different syntax. - context-fill and context-stroke for and elements. - markers now support orient="auto-start-reverse". - paint-order for text elements. - "auto" values for the width and height attributes of the , , and elements. - All the types from the Filter Effects Module Level 1 specification: blur(), brightness(), contrast(), drop-shadow(), grayscale(), hue-rotate(), invert(), opacity(), sepia(), saturate(). - The filter property now supports chains of uri() filters or shortcuts. - Support CSS selectors for attribute matching, like rect[attr^="prefix"] + New APIs: See the HTML documentation for details. - Drop -lang package: there are no translations available anymore. ++++ gobject-introspection: - Update to version 1.70.0: + Update the GIR data for GLib, GObject, and GIO. ++++ glib-networking: - Update to version 2.70.0: + Updated translations. ++++ glib2: - Update to version 2.70.0: + Bug fixed: ci: Replace FreeBSD 11 with FreeBSD 13. + Updated translations. ++++ kernel-default: - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - commit bdc323e - Revert "rpm/kernel-binary.spec: Use only non-empty certificates." This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d. - commit 413e05b - rpm/kernel-binary.spec: Use only non-empty certificates. - commit 30360ab ++++ krb5: - Update to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. - Changes from 1.19.1 * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. - Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the "password" and "verify" options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). - Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. - Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. - Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports "service@" as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. - Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with ".rcache2" by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an "enforce_ok_as_delegate" krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ("draft 9") variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for "dns_canonicalize_hostname=fallback", causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a "qualify_shortname" krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. - Changes from 1.17.1 * Fix a bug preventing "addprinc -randkey -kvno" from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. - Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Replace old $RPM_* shell vars - Removal of SuSEfirewall2 service since SuSEfirewall2 has been replaced by firewalld - Remove cruft to support distributions older than SLE 12 - Use macros where applicable - Switch to pkgconfig style dependencies - Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d notation: libexecdir is likely changing away from /usr/lib to /usr/libexec - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. - Removed patches: * 0007-krb5-1.12-ksu-path.patch * 0010-Add-recursion-limit-for-ASN.1-indefinite-lengths.patch * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch - Renamed patches: * 0001-krb5-1.12-pam.patch => 0001-ksu-pam-integration.patch * 0003-krb5-1.12-buildconf.patch => 0003-Adjust-build-configuration.patch * 0008-krb5-1.12-selinux-label.patch => 0007-SELinux-integration.patch * 0009-krb5-1.9-debuginfo.patch => 0008-krb5-1.9-debuginfo.patch * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch => 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ++++ libcontainers-common: - Update common to 0.44.0 0.42.3: * (*libimage.Image).HasDifferentDigest: add authentication 0.42.2: Backports for Podman 3.3.2 Fix the fallback runtime path Switch default Rootless Networking to "CNI" for OSX libimage: disk usage: catch corrupted images set GOPROXY=https://proxy.golang.org 0.44.0: Add HelperBinariesDir field to engine config Add space trimming check in sysctl.Validate Cirrus: Use fresher VM images Fix `pkg/sysctl` path typo Fix the fallback runtime path Switch default Rootless Networking to "CNI" for OSX Update pkg/sysctl/sysctl.go add some cni plugin paths build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0 build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0 build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0 build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 docs/containers.conf.5.md: Fix manpage section fix untag + v0.43.2 libimage: disk usage: catch corrupted images libimage: relax untag by digest checks path: dest paths inside container should always be treated as *nix type remove-image: Add optional `LookupManifest` to RemoveImagesOptions. runtime: Add ReturnManifestIfPresent to LookupImageOptions runtime: Add `ManifestList` to `LookupImageOptions` seccomp: allow memfd_secret 0.43.2: * libimage: relax untag by digest checks * path: dest paths inside container should always be treated as *nix type 0.43.1: Fix spelling mistakes Fix examples in containers.conf 0.43.0: Add documentation for Containerfile and Dockerfile Remove no_libsubid flag Add machine_image to containers.conf build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0 build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4 Add machine_image to containers.conf Switch default logdriver and eventslogger to journald, if root build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0 libimage: {un}tag: reject digests build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible style: complete containers#556 to-do list part 4 build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0 set GOPROXY=https://proxy.golang.org 0.42.1: * pull: fallthrough for registry parsing errors 0.42.0: * Remove --accept-repositories flag * pull policy: support camel cases * Use authfile in options to search image * vendor in containers/storage v1.33.0 * config: split arguments in DBUS_SESSION_BUS_ADDRESS * pkg/seccomp: avoid DefaultErrnoRet: null * Add and use libimage.Runtime.imageIDsForManifest() * Add libimage/manifests.LockerForImage() * Add support for path based registry in login/logout * libimage: pull: normalize docker-daemon * libimage: report all removed images * libruntime: layer tree: handle empty images * refine dangling filters * libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location * build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 * pull with custom platform: handle "localhost/" * User option to prepare container after creation for volume copy-up. Docker does this by default. * add config option for ChownCopiedFiles * build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6 * libimage: image tree: fix nil deref - Update podman to 3.3.1 3.3.1: [#]## Bugfixes - Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)). - Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances. - Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)). - Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)). [#]## API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. 3.3.0: [#]## Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. - The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)). - The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks. - Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots. - Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`. - Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)). - The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods. - The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint. - The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint. - The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images). - THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)). - The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container. - The `podman stats` command now provides two additional metrics: Average CPU, and CPU time. - The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace. - The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)). - The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated. - The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)). - The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers. - The `podman manifest remove` command now has a new alias, `podman manifest rm`. - The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored. - The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session. - The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes. - The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed. - The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)). - The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)). - The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)). - Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)). - A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag. - If an invalid subcommand is provided, similar commands to try will now be suggested in the error message. [#]## Changes - The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well. - The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function. - Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated. - The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it. - The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)). - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name. - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once. - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)). - Systemd unit files generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files. - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster. [#]## Bugfixes - Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)). - Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)). - Fixed a bug where the `podman play kube` command would only accept lowercase pull policies. - Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)). - Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)). - Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed. - Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)). - Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion. - Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up. - Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)). - Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)). - Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)). - Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given). - Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)). - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)). - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)). - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)). - Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows ([#11259](https://github.com/containers/podman/issues/11259)). - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest). - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)). - Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume ([#11214](https://github.com/containers/podman/issues/11214)). - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)). - Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)). - Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)). - Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)). - Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional. - Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)). - Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)). - Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)). - Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)). - Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)). - Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)). - Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)). - Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)). - Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)). - Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary. - Fixed a bug where rootless Podman containers joined to a CNI network would not have functional DNS when the host used systemd-resolved without the resolved stub resolver being enabled ([#11222](https://github.com/containers/podman/issues/11222)). - Fixed a bug where `podman network connect` and `podman network disconnect` of rootless containers could sometimes break port forwarding to the container ([#11248](https://github.com/containers/podman/issues/11248)). - Fixed a bug where joining a container to a CNI network by ID and adding network aliases to this network would cause the container to fail to start ([#11285](https://github.com/containers/podman/issues/11285)). [#]## API - Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck. - Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)). - Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred. - Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable). - Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)). - Fixed a bug where the Compat Build endpoint for Images was too strict when validating the `Content-Type` header, rejecting content that Docker would have accepted ([#11022](https://github.com/containers/podman/issues/11012)). - Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided. - Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected. - Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)). - Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)). - The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)). - The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters. - The Compat Pull endpoint for Images now supports the `platform` query parameter. [#]## Misc - Updated Buildah to v1.22.3 - Updated the containers/storage library to v1.34.1 - Updated the containers/image library to v5.15.2 - Updated the containers/common library to v0.42.1 3.3.0-RC3: This is the third release candidate of Podman v3.3.0 Preliminary release notes follow: [#]## Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. - The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)). - The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks. - Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots. - Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`. - Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)). - The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods. - The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint. - The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint. - The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images). - THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)). - The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container. - The `podman stats` command now provides two additional metrics: Average CPU, and CPU time. - The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace. - The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)). - The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated. - The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)). - The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers. - The `podman manifest remove` command now has a new alias, `podman manifest rm`. - The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored. - The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session. - The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes. - The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed. - The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)). - The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)). - The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)). - Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)). - A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag. - If an invalid subcommand is provided, similar commands to try will now be suggested in the error message. [#]## Changes - The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well. - The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function. - Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated. - The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it. - The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)). - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name. - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once. - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)). - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster. [#]## Bugfixes - Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)). - Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)). - Fixed a bug where the `podman play kube` command would only accept lowercase pull policies. - Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)). - Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)). - Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed. - Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)). - Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion. - Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up. - Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)). - Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)). - Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)). - Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given). - Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)). - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)). - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)). - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)). - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest). - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)). - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)). - Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)). - Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)). - Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)). - Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional. - Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)). - Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)). - Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)). - Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)). - Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)). - Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)). - Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)). - Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)). - Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)). - Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary. [#]## API - Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck. - Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)). - Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred. - Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable). - Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)). - Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided. - Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected. - Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)). - Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)). - The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)). - The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters. - The Compat Pull endpoint for Images now supports the `platform` query parameter. [#]## Misc - Updated Buildah to v1.22.0 - Updated the containers/storage library to v1.34.1 - Updated the containers/image library to v5.15.1 - Updated the containers/common library to v0.42.1 3.3.0-RC2: [#]## Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. - The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)). - The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks. - Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots. - Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`. - Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)). - The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods. - The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint. - The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint. - The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images). - THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)). - The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container. - The `podman stats` command now provides two additional metrics: Average CPU, and CPU time. - The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace. - The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)). - The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated. - The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)). - The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers. - The `podman manifest remove` command now has a new alias, `podman manifest rm`. - The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored. - The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session. - The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes. - The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed. - The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)). - The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)). - The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)). - Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)). - A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag. - If an invalid subcommand is provided, similar commands to try will now be suggested in the error message. [#]## Changes - The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well. - The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function. - Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated. - The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it. - The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)). - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name. - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once. - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)). - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster. [#]## Bugfixes - Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)). - Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)). - Fixed a bug where the `podman play kube` command would only accept lowercase pull policies. - Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)). - Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)). - Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed. - Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)). - Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion. - Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up. - Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)). - Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)). - Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)). - Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given). - Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)). - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)). - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)). - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)). - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest). - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)). - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)). - Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)). - Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)). - Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)). - Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional. - Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)). - Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)). - Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)). - Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)). - Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)). - Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)). - Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)). - Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)). - Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)). - Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary. [#]## API - Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck. - Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)). - Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred. - Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable). - Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)). - Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided. - Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected. - Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)). - Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)). - The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)). - The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters. - The Compat Pull endpoint for Images now supports the `platform` query parameter. [#]## Misc - Updated Buildah to v1.22.0 - Updated the containers/storage library to v1.33.1 - Updated the containers/image library to v5.15.0 - Updated the containers/common library to v0.42.1 - Update storage to 1.36.0 1.36.0: (*Store)Layer(): fix race when loading layers Add Inodes to OverlayOptionsConfig build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.8.22 build(deps): bump github.com/containerd/stargz-snapshotter/estargz build(deps): bump github.com/klauspost/compress from 1.13.4 to 1.13.5 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 chunked: cache all the files with the same digest chunked: do not store the digest if it is empty chunked: estargz support chunked: fix linkat for rootless chunked: restrict dedup with hard links 1.35.0: chunked: add new pull options use_hard_links and enable_partial_images build(deps): bump github.com/vbatts/tar-split from 0.11.1 to 0.11.2 build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 Update golang.org/x/sys Add LayerOptions.OriginalDigest and LayerOptions.UncompressedDigest Separate the IDMappingOptions logic from other LayerOptions work Reorganize uncompressedCounter Only compute {un,}compressedDigester.Digest() once Reorganize the "defragmented" reader construction a bit. Rename {un,}compressedDigest to {un,}compressedDigester Have NewReadCloserWrapper pass through io.WriterTo chunked: remove unused args chunked: fix fd leak on error chunked: remove unused argument missingDirsMode chunked: add new pull option use_hard_links chunked: allow to disable partial images feature 1.34.1: types: on error fallback to filepath.Clean() build(deps): bump github.com/klauspost/compress from 1.13.3 to 1.13.4 Add codespell fixes ApplyDiff: compress saved headers without concurrency build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 1.34.0: overlay: check for aufs-style whiteout at startup Invert libsubid tag 1.33.2: build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 Follow symlinks if they exists idtools: add support for libsubid Makefile: use buildtags for golangci-lint Cirrus: Use fresh VM & Container images build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 build(deps): bump github.com/klauspost/compress from 1.13.1 to 1.13.3 1.33.1: Fix handling of quota on volumes 1.33.0: Add inode support to quota Creating fifo files while non root should be supported Revert #952, we don't want to use /run/user on non systemd systems Split pkg/chunked.ZstdCompressor into a separate subpackage Update docs/containers-storage.conf.5.md build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 overlay: check if we can mknod() kernel whiteout - Update image to 5.16.0 v0.44.0: * Add HelperBinariesDir field to engine config * Add space trimming check in sysctl.Validate * Cirrus: Use fresher VM images * Fix `pkg/sysctl` path typo * Fix the fallback runtime path * Switch default Rootless Networking to "CNI" for OSX * Update pkg/sysctl/sysctl.go * add some cni plugin paths * build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0 * build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0 * build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0 * build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 * build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 * docs/containers.conf.5.md: Fix manpage section * fix untag + v0.43.2 * libimage: disk usage: catch corrupted images * libimage: relax untag by digest checks * path: dest paths inside container should always be treated as *nix type * remove-image: Add optional `LookupManifest` to RemoveImagesOptions. * runtime: Add ReturnManifestIfPresent to LookupImageOptions * runtime: Add `ManifestList` to `LookupImageOptions` * seccomp: allow memfd_secret v0.43.2: * libimage: relax untag by digest checks * path: dest paths inside container should always be treated as *nix type v0.43.1: * Fix spelling mistakes * Fix examples in containers.conf v0.43.0: * Add documentation for Containerfile and Dockerfile * Remove no_libsubid flag * Add machine_image to containers.conf * build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0 * build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4 * Add machine_image to containers.conf * Switch default logdriver and eventslogger to journald, if root * build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 * build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0 * libimage: {un}tag: reject digests * build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible * style: complete containers#556 to-do list part 4 * build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0 * set GOPROXY=https://proxy.golang.org v0.42.1: * pull: fallthrough for registry parsing errors v0.42.0: * Remove --accept-repositories flag * pull policy: support camel cases * Use authfile in options to search image * vendor in containers/storage v1.33.0 * config: split arguments in DBUS_SESSION_BUS_ADDRESS * pkg/seccomp: avoid DefaultErrnoRet: null * Add and use libimage.Runtime.imageIDsForManifest() * Add libimage/manifests.LockerForImage() * Add support for path based registry in login/logout * libimage: pull: normalize docker-daemon * libimage: report all removed images * libruntime: layer tree: handle empty images * refine dangling filters * libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location * build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 * pull with custom platform: handle "localhost/" * User option to prepare container after creation for volume copy-up. Docker does this by default. * add config option for ChownCopiedFiles * build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6 * libimage: image tree: fix nil deref - Comment out ostree_repo if it's blank [boo#1189893] ++++ ldb: - Update to version 2.4.0 + Improve calculate_popt_array_length() + Use C99 initializers for builtin_popt_options[] + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + pyldb: fix a typo + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests + Add missing break in switch statement ++++ talloc: - Update to 2.3.3 + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL;(bso#9931); ++++ tdb: - Update to version 1.4.4 + Fix a memory leak on error + python: remove all 'from __future__ import print_function' + Fix CID 1471761 String not null terminated + Use hex_byte() in parse_hex() + Use hex_byte() in read_data() + fix studio compiler build + Fix some signed/unsigned comparisons + also use __has_attribute macro to check for attribute support + Fix clang 9 missing-field-initializer warnings + pytdb tests: add test for storev() + pytdb: add python binding for storev() + tdbtorture: Use ARRAY_DEL_ELEMENT() + py3: Remove #define PyInt_FromLong PyLong_FromLong + py3: Remove #define PyInt_AsLong PyLong_AsLong + py3: Remove #define PyInt_Check PyLong_Check + tdb: Align integer types - Drop obsolete patch ignore-tdb1-run-transaction-expand.diff - Fix header file using undefined function visibility macro; Add patch 0001-tdb-Fix-invalid-syntax-in-tdb.h.patch; (bso#14762); - Update to version 0.11.0 + Other minor build fixes; (bso#14526); + Add custom tag to events + Add event trace api ++++ libzypp: - Make sure to keep states alives while transitioning (bsc#1190199) - May set techpreview variables for testing in /etc/zypp/zypp.conf. If environment variables are unhandy one may enable the desired techpreview in zypp.conf as well: [main] techpreview.ZYPP_SINGLE_RPMTRANS=1 techpreview.ZYPP_MEDIANETWORK=1 - version 17.28.4 (22) ++++ raspberrypi-firmware-dt: - Update to 2425833c7ff5 (2021-09-17) * Switch to 5.14 branch * Drop upstream-overlay-rpi-poe.patch ------------------------------------------------------------------ ------------------ 2021-9-16 - Sep 16 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Change default log_format from ENRICHED to RAW (bsc#1190500): * add change-default-log_format.patch (SUSE-specific patch) - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ++++ avahi: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ cryptsetup: - cryptsetup 2.4.1 * Fix compilation for libc implementations without dlvsym(). * Fix compilation and tests on systems with non-standard libraries * Try to workaround some issues on systems without udev support. * Fixes for OpenSSL3 crypto backend (including FIPS mode). * Print error message when assigning a token to an inactive keyslot. * Fix offset bug in LUKS2 encryption code if --offset option was used. * Do not allow LUKS2 decryption for devices with data offset. * Fix LUKS1 cryptsetup repair command for some specific problems. ++++ gdk-pixbuf: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ glib-networking: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ glib2: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ gsettings-desktop-schemas: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ gstreamer: - Stop building doc sub-package, we will in the future use upstreams own standalone doc package. Following this: Drop fdupes, gtk-doc and hotdoc BuildRequires, and fdupes call, no longer needed nor usefull. - Refresh patches with quilt. - Remove obsolete translation-update-upstream and gnome-patch-translation support (jsc#SLE-21105). ++++ gstreamer-plugins-base: - Stop building doc sub-package, we will in the future use upstreams own standalone doc package. Following this: Drop fdupes, gtk-doc and hotdoc BuildRequires, and fdupes call, no longer needed nor usefull. - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ gtk3: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ kernel-default: - Drop a time patch (stable-5.14.5) Stable 5.14.5 upstream reverted two commits that have been added in 5.14.4. One of them, the posix-cpu-timer patch, has been already backported for bsc#1190366, so we keep it, while dropping another one for time patch. Deleted: patches.suse/time-Handle-negative-seconds-correctly-in-timespec64.patch - commit 9b22453 - Linux 5.14.5 (stable-5.14.5). - commit 3b35843 - nvme-tcp: fix io_work priority inversion (bsc#1190569). - nvme-rdma: destroy cm id before destroy qp to avoid use after free (bsc#1190569). - nvme-multipath: fix ANA state updates when a namespace is not present (bsc#1190569). - nvme: avoid race in shutdown namespace removal (bsc#1190569 bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1190569 bsc#1188067). - nvme: update keep alive interval when kato is modified (bsc#1190569). - nvme-tcp: Do not reset transport on data digest errors (bsc#1190569 bsc#1188418). - nvme-multipath: set QUEUE_FLAG_NOWAIT (bsc#1190569). - nvme: remove nvm_ndev from ns (bsc#1190569). - nvme: Have NVME_FABRICS select NVME_CORE instead of transport drivers (bsc#1190569). - nvme-tcp: pair send_mutex init with destroy (bsc#1190569). - nvme: allow user toggling hmb usage (bsc#1190569). - nvme-pci: disable hmb on idle suspend (bsc#1190569). - nvme: add set feature tracing support (bsc#1190569). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (bsc#1190569). - nvme-pci: cmb sysfs: one file, one value (bsc#1190569). - nvme-pci: use attribute group for cmb sysfs (bsc#1190569). - remove the lightnvm subsystem (bsc#1190569). - nvme: use blk_mq_alloc_disk (bsc#1190569). - commit 778e572 - fsnotify: fix sb_connectors leak (git fixes (fsnotify)). - commit 3cf1b5e - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764). - commit a76d86f - PCI: hv: Turn on the host bridge probing on ARM64 (jsc#SLE-17855,bsc#1186071). - PCI: hv: Set up MSI domain at bridge probing time (jsc#SLE-17855,bsc#1186071). - PCI: hv: Set ->domain_nr of pci_host_bridge at probing time (jsc#SLE-17855,bsc#1186071). - PCI: hv: Generify PCI probing (jsc#SLE-17855,bsc#1186071). - PCI: Support populating MSI domains of root buses via bridges (jsc#SLE-17855,bsc#1186071). - PCI: Introduce domain_nr in pci_host_bridge (jsc#SLE-17855,bsc#1186071). - PCI: hv: Support for create interrupt v3 (jsc#SLE-17855,bsc#1186071). - PCI: Allow PASID on fake PCIe devices without TLP prefixes (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Enable Hyper-V code to be built on ARM64 (jsc#SLE-17855,bsc#1186071). - arm64: efi: Export screen_info (jsc#SLE-17855,bsc#1186071). - arm64: hyperv: Initialize hypervisor on boot (jsc#SLE-17855,bsc#1186071). - arm64: hyperv: Add panic handler (jsc#SLE-17855,bsc#1186071). - arm64: hyperv: Add Hyper-V hypercall and register access utilities (jsc#SLE-17855,bsc#1186071). - x86/hyperv: fix root partition faults when writing to VP assist page MSR (jsc#SLE-17855,bsc#1186071). - hv: hyperv.h: Remove unused inline functions (jsc#SLE-17855,bsc#1186071). - drivers: hv: Decouple Hyper-V clock/timer code from VMbus drivers (jsc#SLE-17855,bsc#1186071). - x86/hyperv: add comment describing TSC_INVARIANT_CONTROL MSR setting bit 0 (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Move Hyper-V misc functionality to arch-neutral code (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Add arch independent default functions for some Hyper-V handlers (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Make portions of Hyper-V init code be arch neutral (jsc#SLE-17855,bsc#1186071). - x86/hyperv: fix for unwanted manipulation of sched_clock when TSC marked unstable (jsc#SLE-17855,bsc#1186071). - asm-generic/hyperv: Add missing #include of nmi.h (jsc#SLE-17855,bsc#1186071). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-17900). - net: mana: Add support for EQ sharing (jsc#SLE-17900). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-17900). - commit f6cd12b - swiotlb: use depends on for DMA_RESTRICTED_POOL (git-fixes). - commit eafc3ac - s390/pv: fix the forcing of the swiotlb (git-fixes). - commit 4a90678 - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - commit e52f63e - rtc: cmos: Disable irq around direct invocation of cmos_interrupt() (git-fixes). - swiotlb: use depends on for DMA_RESTRICTED_POOL (git-fixes). - commit 70087fe ++++ less: - Add missing runtime dependency on which, which it is used by lessopen.sh. Fix bsc#1190552. ++++ atk: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ audit: - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ++++ json-glib: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#136 - report error if config file could not be updated (bsc#1188768) - 0.936 ++++ qemu: - Fix testsuite dependencies (bsc#1190573) * Patches added: modules-quick-fix-a-fundamental-error-in.patch ++++ shared-mime-info: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ u-boot-rpiarm64: - Add sifiveunmatched flavor ++++ yast2: - Fixed losing the current product and package selection during installation, caused by unnecessary reloading of repositories (bsc#1190228) - 4.4.20 ------------------------------------------------------------------ ------------------ 2021-9-15 - Sep 15 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Temporarily disable flaky test 1184 * See https://github.com/curl/curl/issues/7725 - Update to 7.79.0: [bsc#1190213, CVE-2021-22945] [bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947] * Changes: - bearssl: support CURLOPT_CAINFO_BLOB - http: consider cookies over localhost to be secure - secure transport: support CURLINFO_CERTINFO * Bugfixes: - CVE-2021-22945: clear the leftovers pointer when sending succeeds - CVE-2021-22946: do not ignore --ssl-reqd - CVE-2021-22947: reject STARTTLS server response pipelining - auth: do not append zero-terminator to authorisation id in kerberos - auth: properly handle byte order in kerberos security message - auth: use sasl authzid option in kerberos - auth: we do not support a security layer after kerberos authentication - c-hyper: deal with Expect: 100-continue combined with POSTFIELDS - c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection - c-hyper: initial step for 100-continue support - c-hyper: initial support for "dumping" 1xx HTTP responses - curl-openssl.m4: show correct output for OpenSSL v3 - docs/MQTT: update state of username/password support - docs: the security list is reached at security at curl.se now - getparameter: fix the --local-port number parser - hostip: Make Curl_ipv6works function independent of getaddrinfo - http_proxy: fix the User-Agent inclusion in CONNECT - http_proxy: fix user-agent and custom headers for CONNECT with hyper - http_proxy: only wait for writable socket while sending request - mailing lists: move from cool.haxx.se to lists.haxx.se - mbedtls: avoid using a large buffer on the stack - mbedTLS: initial 3.0.0 support - ngtcp2: remove the acked_crypto_offset struct field init - ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read - ngtcp2: reset the oustanding send buffer again when drained - ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream - ngtcp2: stop buffering crypto data - ngtcp2: utilize crypto API functions to simplify - openssl: when creating a new context, there cannot be an old one - scripts: invoke interpreters through /usr/bin/env - tests/runtests.pl: cleanup copy&paste mistakes and unused code - tests: be explicit about using 'python3' instead of 'python' - tool/tests: fix potential year 2038 issues - tool_operate: Fix --fail-early with parallel transfers - x509asn1: fix heap over-read when parsing x509 certificates * Rebase libcurl-ocloexec.patch ++++ e2fsprogs: - Update to 1.46.4: * Default to 256-byte inodes for all filesystems, not only larger ones * Bigalloc is considered supported now for small cluster sizes * E2fsck and e2image fixes for quota feature * Fix mke2fs creation of filesystem into non-existent file - libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer libreadline.so.8 to dlopen path (bsc#1189453) ++++ gstreamer: - Update to version 1.18.5: + aggregator: - Release the SRC lock while querying latency - Release pads' peeked buffer when removing the pad or finalizing it + basesink: Don't swap rstart/rstop when stepping + basesrc: Print segments with GST_SEGMENT_FORMAT and not GST_PTR_FORMAT + childproxy: init value in gst_child_proxy_get_property() if needed + clocksync: Fix providing system clock by default + concat: - Properly propagate seqnum of segment events - adjust running time offsets on downstream events - fix locking in SEGMENT event handler + downloadbuffer/sparsefile: several fixes for win32 + element: NULL the lists of contexts in dispose() + multiqueue: - Use running time of gap events for wakeups. - Ensure peer pad exists when iterating internal links + pad: - Keep IDLE probe hook alive during immediate callback - Ensure last flow return is set on sink pads in push mode - Don't spam the debug log at INFO level when default-chaining a buffer list - clear probes holding mutex + parse-launch: - Fix a critical when using the : operator. + Don't do delayed property setting for top-level properties. + plugin: load plugins with unknown license strings + ptpclock: Don't leak the GList + queue2: Refuse all serialized queries when posting buffering messages + systemclock: Update monotonic reference time when re-scheduling + High CPU usage in 1.18 (but not master) when pausing playback in gnome-music + Don't use volatile to mean atomic (fixes compiler warnings with gcc 11) ++++ gstreamer-plugins-base: - Update to version 1.18.5: + appsrc: Don't leak buffer list while wrongly unreffing buffer on EOS/flushing + audioaggregator: - Don't overwrite already written samples - Resync on the next buffer when dropping a buffer on discont resyncing + audiobasesink: Fix of double lock release + audiobasesrc: Fix divide by zero assertion + clockoverlay: Fix broken string formatting by strftime() on Windows + compositor: Fix NV12 blend operation + giosrc: Don't leak scheme string in gst_gio_src_query() + giobasesink: Handle incomplete writes in gst_gio_base_sink_render() + gl/wayland: - Use consistent wl_display when creating work queue for proxy wrapper - Provide a dummy global_remove function + gl: Fix build when Meson >= 0.58.0rc1 + playbin2: fix base_time selection when flush seeking live (such as with RTSP) + rtspconnection: - Add IPv6 support for tunneled mode - Consistently translate GIOError to GstRTSPResult (for rtspsrc) + rawbaseparse: check destination format correctly + uridecodebin: Don't force floating reference for future reusable decodebin + parsebin: Put stream flags in GstStream + splitmuxsink: always use factory property when set + video-converter: Set up matrix tables only once. + videoscale: Performance degradation from 1.16.2 -> 1.18.4 + videotestsrc: Fix a leak when computing alpha caps + audio/video-converter: Plug some minor leaks + audio,video-format: Make generate_raw_formats idempotent for assertions + Don't use volatile to mean atomic (fixes compiler warnings with gcc 11) + Fix build issue on MinGW64 - Drop 90903917.patch: Fixed upstream. ++++ libguestfs: - bsc#1190501 - virt-builder fails to install packages when building an image 9db0c98c-appliance-enable-bashs-Process-Substitution-feature.patch - Upstream bug fixes c0de4de9-appliance-add-reboot-and-netconfig-for-SUSE.patch f47e0bb6-appliance-reorder-mounting-of-special-filesystems-in-init.patch ++++ kernel-default: - Revert "rpm: Abolish scritplet templating (bsc#1189841)." This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f. This requires the update of suse-module-tools for external scripts but those aren't available yet, which breaks the builds on BS. Let's revert temporarily. It can be re-applied later on. - commit eebdae7 - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - commit 085f984 - swiotlb: Convert io_default_tlb_mem to static allocation (git-fixes). - commit fa8e4f7 - swiotlb: Update is_swiotlb_buffer to add a struct device argument (git-fixes). - commit 4ac85f1 - swiotlb: Add restricted DMA pool initialization (jsc#SLE-19358). - Update config files. - commit f52c750 - swiotlb: Add restricted DMA alloc/free support (git-fixes). - commit 3c5a096 - swiotlb: Refactor swiotlb_tbl_unmap_single (git-fixes). - commit 89af24c - swiotlb: Move alloc_size to swiotlb_find_slots (git-fixes). - commit 834e9fa - swiotlb: Refactor swiotlb_create_debugfs (git-fixes). - commit fcbe10c - swiotlb: Use is_swiotlb_force_bounce for swiotlb data bouncing (git-fixes). - commit 7aa7848 - swiotlb: Refactor swiotlb init functions (git-fixes). - commit becfe5a - net: qrtr: revert check in qrtr_endpoint_post() (git-fixes). - commit c715657 - Linux 5.14.4 (stable-5.14.4). - commit 49b16de - bootconfig: Fix missing return check of xbc_node_compose_key function (stable-5.14.4). - RDMA/mlx5: Fix number of allocated XLT entries (stable-5.14.4). - backlight: pwm_bl: Improve bootloader/kernel device handover (stable-5.14.4). - parisc: Fix unaligned-access crash in bootloader (stable-5.14.4). - devlink: Break parameter notification sequence to be before/after unload/load driver (stable-5.14.4). - commit efea9ae - fbmem: don't allow too huge resolutions (stable-5.14.4). - KVM: arm64: Unregister HYP sections from kmemleak in protected mode (stable-5.14.4). - KVM: arm64: vgic: Resample HW pending state on deactivation (stable-5.14.4). - fuse: wait for writepages in syncfs (stable-5.14.4). - fuse: flush extending writes (stable-5.14.4). - fuse: truncate pagecache on atomic_o_trunc (stable-5.14.4). - IMA: remove the dependency on CRYPTO_MD5 (stable-5.14.4). - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (stable-5.14.4). - io-wq: check max_worker limits if a worker transitions bound state (stable-5.14.4). - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (stable-5.14.4). - commit 4c736f8 - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (stable-5.14.4). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (stable-5.14.4). - Revert "KVM: x86: mmu: Add guest physical address check in translate_gpa()" (stable-5.14.4). - KVM: VMX: avoid running vmx_handle_exit_irqoff in case of emulation (stable-5.14.4). - KVM: x86: clamp host mapping level to max_level in kvm_mmu_max_mapping_level (stable-5.14.4). - KVM: x86/mmu: Avoid collision with !PRESENT SPTEs in TDP MMU lpage stats (stable-5.14.4). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (stable-5.14.4). - tty: Fix data race between tiocsti() and flush_to_ldisc() (stable-5.14.4). - smb3: fix posix extensions mount option (stable-5.14.4). - perf/x86/intel/uncore: Fix IIO cleanup mapping procedure for SNR/ICX (stable-5.14.4). - commit f923c2d - io_uring: fail links of cancelled timeouts (stable-5.14.4). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (stable-5.14.4). - io_uring: io_uring_complete() trace should take an integer (stable-5.14.4). - io_uring: IORING_OP_WRITE needs hash_reg_file set (stable-5.14.4). - f2fs: guarantee to write dirty data when enabling checkpoint back (stable-5.14.4). - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() (stable-5.14.4). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (stable-5.14.4). - io_uring: limit fixed table size by RLIMIT_NOFILE (stable-5.14.4). - raid1: ensure write behind bio has less than BIO_MAX_VECS sectors (stable-5.14.4). - bio: fix page leak bio_add_hw_page failure (stable-5.14.4). - commit e7826b9 - octeontx2-af: Set proper errorcode for IPv4 checksum errors (stable-5.14.4). - octeontx2-af: Fix static code analyzer reported issues (stable-5.14.4). - octeontx2-af: Fix mailbox errors in nix_rss_flowkey_cfg (stable-5.14.4). - octeontx2-af: Fix loop in free and unmap counter (stable-5.14.4). - net: qualcomm: fix QCA7000 checksum handling (stable-5.14.4). - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed (stable-5.14.4). - sch_htb: Fix inconsistency when leaf qdisc creation fails (stable-5.14.4). - net: qrtr: make checks in qrtr_endpoint_post() stricter (stable-5.14.4). - ipv4: make exception cache less predictible (stable-5.14.4). - ipv6: make exception cache less predictible (stable-5.14.4). - commit df64b63 - ice: Only lock to update netdev dev_addr (stable-5.14.4). - ice: restart periodic outputs around time changes (stable-5.14.4). - ice: add lock around Tx timestamp tracker flush (stable-5.14.4). - ice: fix Tx queue iteration for Tx timestamp enablement (stable-5.14.4). - net: phy: marvell10g: fix broken PHY interrupts for anyone after us in the driver probe list (stable-5.14.4). - net/mlx5e: Use correct eswitch for stack devices with lag (stable-5.14.4). - net/mlx5: E-Switch, Set vhca id valid flag when creating indir fwd group (stable-5.14.4). - net/mlx5e: Fix possible use-after-free deleting fdb rule (stable-5.14.4). - net/mlx5: Remove all auxiliary devices at the unregister event (stable-5.14.4). - net/mlx5: Lag, fix multipath lag activation (stable-5.14.4). - commit 3b3e2c6 - m68k: coldfire: return success for clk_enable(NULL) (stable-5.14.4). - hv_utils: Set the maximum packet size for VSS driver to the length of the receive buffer (stable-5.14.4). - bpf: Fix possible out of bound write in narrow load handling (stable-5.14.4). - octeontx2-pf: cn10k: Fix error return code in otx2_set_flowkey_cfg() (stable-5.14.4). - octeontx2-af: cn10k: Use FLIT0 register instead of FLIT1 (stable-5.14.4). - octeontx2-pf: Fix algorithm index in MCAM rules with RSS action (stable-5.14.4). - octeontx2-pf: Don't install VLAN offload rule if netdev is down (stable-5.14.4). - octeontx2-af: Check capability flag while freeing ipolicer memory (stable-5.14.4). - octeontx2-pf: send correct vlan priority mask to npc_install_flow_req (stable-5.14.4). - CIFS: Fix a potencially linear read overflow (stable-5.14.4). - commit 609b85e - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (stable-5.14.4). - lkdtm: replace SCSI_DISPATCH_CMD with SCSI_QUEUE_RQ (stable-5.14.4). - libbpf: Re-build libbpf.so when libbpf.map changes (stable-5.14.4). - octeontx2-af: cn10k: Fix SDP base channel number (stable-5.14.4). - hwmon: (pmbus/bpa-rs600) Don't use rated limits as warn limits (stable-5.14.4). - mm/swap: consider max pages in iomap_swapfile_add_extent (stable-5.14.4). - nfsd4: Fix forced-expiry locking (stable-5.14.4). - SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() (stable-5.14.4). - lockd: Fix invalid lockowner cast after vfs_test_lock (stable-5.14.4). - gfs2: init system threads before freeze lock (stable-5.14.4). - commit d2237ba - arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 (stable-5.14.4). - drm/msm/mdp4: move HW revision detection to earlier phase (stable-5.14.4). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (stable-5.14.4). - selftests/bpf: Fix test_core_autosize on big-endian machines (stable-5.14.4). - net: stmmac: fix INTR TBU status affecting irq count statistic (stable-5.14.4). - samples: pktgen: add missing IPv6 option to pktgen scripts (stable-5.14.4). - devlink: Clear whole devlink_flash_notify struct (stable-5.14.4). - net/mlx5: Fix unpublish devlink parameters (stable-5.14.4). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (stable-5.14.4). - net: dsa: don't disable multicast flooding to the CPU even without an IGMP querier (stable-5.14.4). - commit 02e5f3f - arm64: dts: qcom: sm8350: fix IPA interconnects (stable-5.14.4). - arm64: dts: qcom: sc7280: Fixup the cpufreq node (stable-5.14.4). - debugfs: Return error during {full/open}_proxy_open() on rmmod (stable-5.14.4). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (stable-5.14.4). - net: dsa: mt7530: remove the .port_set_mrouter implementation (stable-5.14.4). - net: dsa: stop syncing the bridge mcast_router attribute at join time (stable-5.14.4). - net: ti: am65-cpsw-nuss: fix RX IRQ state after .ndo_stop() (stable-5.14.4). - net: dsa: tag_sja1105: optionally build as module when switch driver is module if PTP is enabled (stable-5.14.4). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (stable-5.14.4). - net: dsa: build tag_8021q.c as part of DSA core (stable-5.14.4). - commit 3916715 - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (stable-5.14.4). - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (stable-5.14.4). - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (stable-5.14.4). - arm64: dts: renesas: hihope-rzg2-ex: Add EtherAVB internal rx delay (stable-5.14.4). - tools: Free BTF objects at various locations (stable-5.14.4). - libbpf: Return non-null error on failures in libbpf_find_prog_btf_id() (stable-5.14.4). - net: ti: am65-cpsw-nuss: fix wrong devlink release order (stable-5.14.4). - net: cipso: fix warnings in netlbl_cipsov4_add_std (stable-5.14.4). - net/mlx5e: Block LRO if firmware asks for tunneled LRO (stable-5.14.4). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (stable-5.14.4). - commit c4ed0bf - arm64: dts: qcom: sm8250: fix usb2 qmp phy node (stable-5.14.4). - arm64: dts: qcom: sc7180: Set adau wakeup delay to 80 ms (stable-5.14.4). - ARM: dts: meson8: Use a higher default GPU clock frequency (stable-5.14.4). - 6lowpan: iphc: Fix an off-by-one check of array index (stable-5.14.4). - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos (stable-5.14.4). - bpf, selftests: Fix test_maps now that sockmap supports UDP (stable-5.14.4). - libbpf: Fix removal of inner map in bpf_object__create_map (stable-5.14.4). - ionic: cleanly release devlink instance (stable-5.14.4). - gfs2: Fix memory leak of object lsi on error return path (stable-5.14.4). - commit 7d1d494 - ARM: dts: everest: Add phase corrections for eMMC (stable-5.14.4). - ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi (stable-5.14.4). - arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w properties (stable-5.14.4). - libbpf: Fix the possible memory leak on error (stable-5.14.4). - i40e: improve locking of mac_filter_hash (stable-5.14.4). - bpf: Fix potential memleak and UAF in the verifier (stable-5.14.4). - bpf: Fix a typo of reuseport map in bpf.h (stable-5.14.4). - blk-crypto: fix check for too-large dun_bytes (stable-5.14.4). - x86/mce: Defer processing of early errors (stable-5.14.4). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (stable-5.14.4). - commit 02d828d - block: nbd: add sanity check for first_minor (stable-5.14.4). - nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT (stable-5.14.4). - block: return ELEVATOR_DISCARD_MERGE if possible (stable-5.14.4). - genirq/timings: Fix error return code in irq_timings_test_irqs() (stable-5.14.4). - m68k: Fix asm register constraints for atomic ops (stable-5.14.4). - m68k: Fix invalid RMW_INSNS on CPUs that lack CAS (stable-5.14.4). - m68k: emu: Fix invalid free in nfeth_cleanup() (stable-5.14.4). - rcu: Fix stall-warning deadlock due to non-release of rcu_node - >lock (stable-5.14.4). - rcu: Fix to include first blocked task in stall warning (stable-5.14.4). - certs: Trigger creation of RSA module signing key if it's not an RSA key (stable-5.14.4). - commit a511576 - io-wq: remove GFP_ATOMIC allocation off schedule out path (stable-5.14.4). - s390/smp: enable DAT before CPU restart callback is called (stable-5.14.4). - s390/ap: fix state machine hang after failure to enable irq (stable-5.14.4). - s390/debug: fix debug area life cycle (stable-5.14.4). - s390/debug: keep debug data on resize (stable-5.14.4). - s390/pci: fix misleading rc in clp_set_pci_fn() (stable-5.14.4). - s390/kasan: fix large PMD pages address alignment check (stable-5.14.4). - fcntl: fix potential deadlock for &fasync_struct.fa_lock (stable-5.14.4). - fcntl: fix potential deadlocks for &fown_struct.lock (stable-5.14.4). - udf_get_extendedattr() had no boundary checks (stable-5.14.4). - commit ae103e9 - libata: fix ata_host_start() (stable-5.14.4). - crypto: tcrypt - Fix missing return value check (stable-5.14.4). - crypto: hisilicon/sec - modify the hardware endian configuration (stable-5.14.4). - crypto: hisilicon/sec - fix the abnormal exiting process (stable-5.14.4). - crypto: qat - do not export adf_iov_putmsg() (stable-5.14.4). - crypto: qat - fix naming for init/shutdown VF to PF notifications (stable-5.14.4). - crypto: qat - fix reuse of completion variable (stable-5.14.4). - crypto: qat - handle both source of interrupt in VF ISR (stable-5.14.4). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (stable-5.14.4). - crypto: omap - Fix inconsistent locking of device lists (stable-5.14.4). - commit d5ab179 - nvmet: pass back cntlid on successful completion (stable-5.14.4). - nvme-rdma: don't update queue count when failing to set io queues (stable-5.14.4). - nvme-tcp: don't update queue count when failing to set io queues (stable-5.14.4). - nbd: add the check to prevent overflow in __nbd_ioctl() (stable-5.14.4). - blk-throtl: optimize IOPS throttle for large IO scenarios (stable-5.14.4). - bcache: add proper error unwinding in bcache_device_init (stable-5.14.4). - s390/zcrypt: fix wrong offset index for APKA master key valid state (stable-5.14.4). - s390/cio: add dev_busid sysfs entry for each subchannel (stable-5.14.4). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (stable-5.14.4). - power: supply: smb347-charger: Add missing pin control activation (stable-5.14.4). - commit a330acc - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (stable-5.14.4). - crypto: mxs-dcp - Check for DMA mapping errors (stable-5.14.4). - rcu/tree: Handle VM stoppage in stall detection (stable-5.14.4). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (stable-5.14.4). - regulator: tps65910: Silence deferred probe error (stable-5.14.4). - regmap: fix the offset of register error log (stable-5.14.4). - isofs: joliet: Fix iocharset=utf8 mount option (stable-5.14.4). - udf: Fix iocharset=utf8 mount option (stable-5.14.4). - udf: Check LVID earlier (stable-5.14.4). - commit 238527c - Move already upstreamed patches into sorted section - commit caad71f - Update patch references for stable-5.14.4 - commit 7af61be - drm/i915/dp: Use max params for panels < eDP 1.4 (bsc#1190506). - commit 4fe7ae1 ++++ python3-core: - Update to 3.6.15: - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. Library - bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. Tests - bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma. - Remove upstreamed patches: - faulthandler_stack_overflow_on_GCC10.patch ++++ python3: - Update to 3.6.15: - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. Library - bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. Tests - bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma. - Remove upstreamed patches: - faulthandler_stack_overflow_on_GCC10.patch ++++ u-boot-rpiarm64: - Update to 2021.10-rc4 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped: 0014-btrfs-Use-default-subvolume-as-file.patch ++++ yast2: - Added infrastructure for installing missing UI extension plug-ins (jsc#SLE-20346, jsc#SLE-20462) - 4.4.19 - Add Y2Issues::WithIssues mixin to make easier to work with a list of issues (needed for jsc#SLE-20563). - 4.4.18 ------------------------------------------------------------------ ------------------ 2021-9-14 - Sep 14 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ dnsmasq: - Added hardening to systemd service(s) (bsc#1181400). ++++ e2fsprogs: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_e2scrub@.service.patch * harden_e2scrub_all.service.patch * harden_e2scrub_fail@.service.patch * harden_e2scrub_reap.service.patch ++++ kernel-default: - EDAC/i10nm: Fix NVDIMM detection (bsc#1190497). - commit 85a63fd - parisc: Move pci_dev_is_behind_card_dino to where it is used (git-fixes). - commit 49bc8a4 - dma-buf: DMABUF_DEBUG should depend on DMA_SHARED_BUFFER (git-fixes). - commit 50dc18d - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - commit b57b42f - Refresh patches.suse/sched-nohz-Avoid-disabling-the-tick-for-very-short-durations.patch. Explain why the patch is still disabled. - commit 7ae8115 - Refresh patches.suse/cpuidle-Poll-for-a-minimum-of-30ns-and-poll-for-a-tick-if-lower-c-states-are-disabled.patch. Explain why the patch is still disabled. - commit 847d537 - Refresh patches.suse/cpufreq-ondemand-set-default-up_threshold-to-30-on-multi-core-systems.patch. Explain why the patch is still disabled. - commit 1e928cb - SUNRPC: don't pause on incomplete allocation (git fixes (net/sunrpc)). - commit 3ed8811 - swiotlb: Set dev->dma_io_tlb_mem to the swiotlb pool used (jsc#SLE-19358). - commit 193178b - of: property: Disable fw_devlink DT support for X86 (git-fixes). - pwm: mxs: Don't modify HW state in .probe() after the PWM chip was registered (git-fixes). - thermal/drivers/qcom/spmi-adc-tm5: Don't abort probing if a sensor is not used (git-fixes). - thermal/core: Fix thermal_cooling_device_register() prototype (git-fixes). - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() (git-fixes). - clk: ralink: avoid to set 'CLK_IS_CRITICAL' flag for gates (git-fixes). - clk: renesas: rzg2l: Fix off-by-one check in rzg2l_cpg_clk_src_twocell_get() (git-fixes). - clk: renesas: rzg2l: Fix a double free on error (git-fixes). - clk: socfpga: agilex: add the bypass register for s2f_usr0 clock (git-fixes). - clk: socfpga: agilex: fix up s2f_user0_clk representation (git-fixes). - clk: socfpga: agilex: fix the parents of the psi_ref_clk (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - commit 9555884 - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: ab8500: Fix register offset calculation to not depend on probe order (git-fixes). - clk: zynqmp: fix kernel doc (git-fixes). - clk: imx8m: fix clock tree update of TF-A managed clocks (git-fixes). - clk: imx8mm: use correct mux type for clkout path (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: rockchip: drop GRF dependency for rk3328/rk3036 pll types (git-fixes). - IMA: remove -Wmissing-prototypes warning (git-fixes). - commit 3ddd71a ++++ libvirt: - libxl: Improve reporting of die_id in capabilities b75a16ae-libxl-improve-die-id.patch boo#1190493 - libxl: Fix driver reload 65fab900-libxl-fix-driver-reload.patch, 51eb680b-libxl-dont-autostart-on-reload.patch bsc#1190420 ++++ qemu: - Replace patch to fix hardcoded binfmt handler (bsc#1186256) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch * Patches added: qemu-binfmt-conf.sh-should-use-F-as-shor.patch - Stable fixes from upstream * Patches added: 9pfs-fix-crash-in-v9fs_walk.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-i386-add-missing-bits-to-CR4_RESE.patch virtio-balloon-don-t-start-free-page-hin.patch ++++ raspberrypi-firmware: - Update to b80f36b3fb (2021-09-13): * firmware: hdmi_2711: Use HDMI block REPEAT_PIXEL instead of PV See: https://forum.libreelec.tv/thread/24415-le-10-beta-for-i4-force-hdmi-resolution * firmware: DSI display autodetection for kms * firmware: arm_dt: Load overlays for detected cameras * firmware: Make more use of the user-warnings DT property * firmware: arm_loader: Consider required flags from GET_CLOCK_RATE See: #1598 * firmware: arm_loader: Make most arm clock requests required See: #1598 * firmware: firmware: Disable VLL loading from file system See: #1605 * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: video_decode: Correct support for YVU formats using ISP * firmware: arm_dt: Limit CMA to 256MB if total_mem < 2GB or gpu_mem > 256MB See: #1603 * firmware: hdmi_cec: Remove TX/RX SW_INIT on power_on See: Hexxeh/rpi-firmware#267 See: https://www.raspberrypi.org/forums/viewtopic.php?p=1895082#p1895082 * firmware: cec: Avoid sending messages with kms See: raspberrypi/linux#4460 * firmware: Revert: video_decode: Use the ISP instead of vc_image_convert * firmware: isp: Set the YUV420/YVU420 format stride to 64 byte * arm_loader: Add message to release firmware framebuffer * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: hdmi-2711: Wait for HDMI hardware scheduler to activate in HDMI mode * firmware: bcm_host: Recognise all Pi 4 variants, add BCM2711 See: raspberrypi/userland#695 * firmware: PoE+ HAT support See: raspberrypi/linux#4367 * firmware: arm_loader: Use Pi4 bootloader MAC_ADDRESS if set * firmware: platform: Apply ARM thermal throttling rules on BCM2711 * firmware: dt-blob.dts: Correct HDMI HPD and EMMC_ENABLE for CM4 See: https://www.raspberrypi.org/forums/viewtopic.php?f=29&p=1858516 * firmware: vcfw/hdmi: CUSTOM modes used for FKMS didn't set RGB quant range correctly See: #1580 * firmware: platform: Remove build-time constant for MICROVOLTS_PER_PIP * firmware: Pi400: Reduce MII clock freq when probing ethernet PHY * firmware: isp: Ensure the VRF is locked when setting up video colour denoise See: raspberrypi/libcamera-apps#19 * firmware: isp: Remove custom EV mappings from camera tunings * firmware: Add support for board-type=0xXX conditional filters in bootloader, bootcode and firmware * firmware: Two UART1 patches See: #1566 * firmware: arm_loader: kernel_old=1 should force kernel_address=0 See: #1561 * firmware: scalerlib: Fix offset applied to x coordinate of YUV10COL image See: https://forum.kodi.tv/showthread.php?tid=361164&pid=3024654#pid3024654 * firmware: vcfw/power: Add a new latch for power_pad_control See: #1552 * firmware: board-info: Fix memsize on 3B+ * firmware: Move core to PLLA and support accurate clk108 See: xbmc/xbmc#19263 * firmware: board_info: Separate memory size from OTP field encoding * firmware: power: Swap DA9090 ADC assignments to match XR77004 * firmware: vl805: Remove redundant log statement and fix warning * firmware: power: Fix DA9090 ADC1 register definition * firmware: arm_loader: Only report clocks arm has set, not siblings * firmware: arm_loader: Don't report clocks set as turbo side effect of arm clock * firmware: arm_loader: 2711: gpu clocks are not dependant * firmware: platform: Need to clear cached versions of get_max_clock_internal vars * firmware: video_decode: For VC1/WMV with no signalled header bytes, use start of 1st buffer See: raspberrypi/linux#4113 ++++ raspberrypi-firmware-config: - Update to b80f36b3fb (2021-09-13): * firmware: hdmi_2711: Use HDMI block REPEAT_PIXEL instead of PV See: https://forum.libreelec.tv/thread/24415-le-10-beta-for-i4-force-hdmi-resolution * firmware: DSI display autodetection for kms * firmware: arm_dt: Load overlays for detected cameras * firmware: Make more use of the user-warnings DT property * firmware: arm_loader: Consider required flags from GET_CLOCK_RATE See: #1598 * firmware: arm_loader: Make most arm clock requests required See: #1598 * firmware: firmware: Disable VLL loading from file system See: #1605 * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: video_decode: Correct support for YVU formats using ISP * firmware: arm_dt: Limit CMA to 256MB if total_mem < 2GB or gpu_mem > 256MB See: #1603 * firmware: hdmi_cec: Remove TX/RX SW_INIT on power_on See: Hexxeh/rpi-firmware#267 See: https://www.raspberrypi.org/forums/viewtopic.php?p=1895082#p1895082 * firmware: cec: Avoid sending messages with kms See: raspberrypi/linux#4460 * firmware: Revert: video_decode: Use the ISP instead of vc_image_convert * firmware: isp: Set the YUV420/YVU420 format stride to 64 byte * arm_loader: Add message to release firmware framebuffer * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: hdmi-2711: Wait for HDMI hardware scheduler to activate in HDMI mode * firmware: bcm_host: Recognise all Pi 4 variants, add BCM2711 See: raspberrypi/userland#695 * firmware: PoE+ HAT support See: raspberrypi/linux#4367 * firmware: arm_loader: Use Pi4 bootloader MAC_ADDRESS if set * firmware: platform: Apply ARM thermal throttling rules on BCM2711 * firmware: dt-blob.dts: Correct HDMI HPD and EMMC_ENABLE for CM4 See: https://www.raspberrypi.org/forums/viewtopic.php?f=29&p=1858516 * firmware: vcfw/hdmi: CUSTOM modes used for FKMS didn't set RGB quant range correctly See: #1580 * firmware: platform: Remove build-time constant for MICROVOLTS_PER_PIP * firmware: Pi400: Reduce MII clock freq when probing ethernet PHY * firmware: isp: Ensure the VRF is locked when setting up video colour denoise See: raspberrypi/libcamera-apps#19 * firmware: isp: Remove custom EV mappings from camera tunings * firmware: Add support for board-type=0xXX conditional filters in bootloader, bootcode and firmware * firmware: Two UART1 patches See: #1566 * firmware: arm_loader: kernel_old=1 should force kernel_address=0 See: #1561 * firmware: scalerlib: Fix offset applied to x coordinate of YUV10COL image See: https://forum.kodi.tv/showthread.php?tid=361164&pid=3024654#pid3024654 * firmware: vcfw/power: Add a new latch for power_pad_control See: #1552 * firmware: board-info: Fix memsize on 3B+ * firmware: Move core to PLLA and support accurate clk108 See: xbmc/xbmc#19263 * firmware: board_info: Separate memory size from OTP field encoding * firmware: power: Swap DA9090 ADC assignments to match XR77004 * firmware: vl805: Remove redundant log statement and fix warning * firmware: power: Fix DA9090 ADC1 register definition * firmware: arm_loader: Only report clocks arm has set, not siblings * firmware: arm_loader: Don't report clocks set as turbo side effect of arm clock * firmware: arm_loader: 2711: gpu clocks are not dependant * firmware: platform: Need to clear cached versions of get_max_clock_internal vars * firmware: video_decode: For VC1/WMV with no signalled header bytes, use start of 1st buffer See: raspberrypi/linux#4113 ++++ yast2-trans: - Update to version 84.87.20210914.a5d6b81b64: * New POT for text domain 'control-center'. * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * New POT for text domain 'installation'. * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'update'. * New POT for text domain 'kdump'. * New POT for text domain 'country'. * New POT for text domain 'services-manager'. * Translated using Weblate (Finnish) * New POT for text domain 'add-on'. ------------------------------------------------------------------ ------------------ 2021-9-13 - Sep 13 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1190374, CVE-2021-22947] * STARTTLS protocol injection via MITM * Add curl-CVE-2021-22947.patch - Security fix: [bsc#1190373, CVE-2021-22946] * Protocol downgrade required TLS bypassed * Add curl-CVE-2021-22946.patch ++++ drbd: - bsc#1190359, update to 9.0.30 * fix a crash when drbd-9 node gets connected to a drbd-8.4 node, the regression was introduced between 9.0.25 and 9.0.26 * A improved approach to serialize rsyncs from multiple sources; the previous one could cause wrong accounting for online verify * fix a race condition that could cause resync operations to stall when the completion of one resync allows another one to proceed * fix a race condition that could cause an online verify operation to not terminate under specific conditions (corking enabled no other IO) * fix locking of drbd_devices idr that caused (very rarely) create/remove minor to fail - Add patch convert_to_blk_alloc_disk.patch (kernel b647ad024) - Remove patch Revert-drbd-serialize-syncs-from-multiple-sources.patch Remove patch drbd-fix-race-condition-resetting-resync_next_bit.patch Remove patch drbd-Fix-a-possible-NULL-deref-found-with-gcc-11-fan.patch Remove patch drbd-change-to-L_VERIFY_S-after-peer-is-L_VERIFY_T.patch Remove patch drbd-fix-termination-of-verify-with-stop-sector.patch Remove patch drbd-remove-device_to_minor.patch Remove patch drbd-use-DEFINE_MUTEX-insteadm-of-mutex_init.patch Remove patch drbd-Fix-locking-for-the-drbd_devices-idr.patch Remove patch drbd-fix-protocol-compatibility-with-drbd-8.4-state.patch - Disable rt build for x86_64 temporarily due to not kernel-rt still in 5.3.18 ++++ libguestfs: - Newer cpio versions must be told to extract over symlinks libguestfs.test.simple.create-opensuse-guest-crypt-on-lvm.sh libguestfs.test.simple.create-opensuse-guest.sh libguestfs.test.simple.create-sles12-guest-crypt-on-lvm.sh libguestfs.test.simple.create-sles12-guest.sh - Allow the use busybox dhcp client appliance.patch netconfig.patch - Update to version 1.44.2 makefile-ocaml-find-guestfs.patch * Port libguestfs to use pcre2 instead of pcre * inspection: More reliable detection of Linux split /usr configurations * python: Relicense setup.py to LGPLv2+ (originally GPLv2+) * lib: qemu: Don't use -enable-fips option. * rust: Fix deprecated use of panic!(format!(...)) * point users to Libera Chat rather than FreeNode * python: Don't leak fields when creating Python structs * appliance: Add IBM850 iconv converter for syslinux * launch: board model for RISC-V * lib: Add osinfo information for Windows Server 2022 Datacenter * lib: Autodetect backing format for qemu-img create -b * appliance: Fix searching for shared libraries on usr-merged Debian systems * appliance: Add mount package for Debian * m4/guestfs-appliance.m4: Add support for Alma and Cloud Linux * daemon/luks.c: Ignore bogus GCC -fanalyzer double-free warning * daemon/xattr.c: Increase size of temporary buffer for %zu * daemon/utils.c: Fix potential unbounded stack usage * Various other bug fixes - Upstream bug fixes post 1.44.2 e26cfa44-daemon-Build-with--pthread.patch 489b14b7-ocaml-examples-Link-examples-to-gnulib.patch 68a02c2f-customize--resize--sparsify--sysprep-Link-explicitly-with-pthread.patch ++++ kernel-default: - futex: Remove unused variable 'vpid' in futex_proxy_trylock_atomic() (bsc#1190137 bsc#1189998). - futex: Avoid redundant task lookup (bsc#1190137 bsc#1189998). - futex: Clarify comment for requeue_pi_wake_futex() (bsc#1190137 bsc#1189998). - futex: Prevent inconsistent state and exit race (bsc#1190137 bsc#1189998). - futex: Return error code instead of assigning it without effect (bsc#1190137 bsc#1189998). - commit feb090a - locking/rtmutex: Fix ww_mutex deadlock check (bsc#1190137 bsc#1189998). - locking/rwsem: Add missing __init_rwsem() for PREEMPT_RT (bsc#1190137 bsc#1189998). - ipc: replace costly bailout check in sysvipc_find_ipc() (bsc#1190187). - clocksource: Make clocksource watchdog test safe for slow-HZ systems (bsc#1190366). - hrtimer: Unbreak hrtimer_force_reprogram() (bsc#1190366). - hrtimer: Use raw_cpu_ptr() in clock_was_set() (bsc#1190366). - hrtimer: Avoid more SMP function calls in clock_was_set() (bsc#1190366). - hrtimer: Avoid unnecessary SMP function calls in clock_was_set() (bsc#1190366). - hrtimer: Add bases argument to clock_was_set() (bsc#1190366). - time/timekeeping: Avoid invoking clock_was_set() twice (bsc#1190366). - timekeeping: Distangle resume and clock-was-set events (bsc#1190366). - timerfd: Provide timerfd_resume() (bsc#1190366). - hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case (bsc#1190366). - hrtimer: Ensure timerfd notification for HIGHRES=n (bsc#1190366). - hrtimer: Consolidate reprogramming code (bsc#1190366). - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() (bsc#1190366). - posix-cpu-timers: Recalc next expiration when timer_settime() ends up not queueing (bsc#1190366). - posix-cpu-timers: Consolidate timer base accessor (bsc#1190366). - posix-cpu-timers: Remove confusing return value override (bsc#1190366). - posix-cpu-timers: Force next expiration recalc after itimer reset (bsc#1190366). - posix-cpu-timers: Force next_expiration recalc after timer deletion (bsc#1190366). - posix-cpu-timers: Assert task sighand is locked while starting cputime counter (bsc#1190366). - posix-timers: Remove redundant initialization of variable ret (bsc#1190366). - commit 011c676 - ceph: fix dereference of null pointer cf (bsc#1190451). - ceph: cancel delayed work instead of flushing on mdsc teardown (bsc#1190450). - ceph: fix memory leak on decode error in ceph_handle_caps (bsc#1190449). - commit 88b4fb8 - sched: Prevent balance_push() on remote runqueues (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched/idle: Make the idle timer expire in hard interrupt context (bsc#1189998 (PREEMPT_RT prerequisite backports)). - locking/rtmutex: Fix ww_mutex deadlock check (bsc#1189998 (PREEMPT_RT prerequisite backports)). - commit 49ddff0 - KVM: SVM: Add 5-level page table support for SVM (jsc#SLE-19031). - commit 0f049f1 - KVM: x86/mmu: Support shadowing NPT when 5-level paging is enabled in host (jsc#SLE-19031). - commit e29bb21 - PCI: Refactor pci_ioremap_bar() and pci_ioremap_wc_bar() (jsc#SLE-19358). - commit ecdcb3d - PCI: Use pci_update_current_state() in pci_enable_device_flags() (jsc#SLE-19359). - commit a7e5f38 - swiotlb: Update is_swiotlb_active to add a struct device argument (jsc#SLE-19358). - commit 57a468f - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - commit 9143783 - KVM: x86: Allow CPU to force vendor-specific TDP level (jsc#SLE-19031). - commit 7c5fbaa - Update patch reference for a BT fix (bsc#1190424) - commit cbd9338 - HID: usbhid: Simplify code in hid_submit_ctrl() (git-fixes). - commit e2aa05b - auxdisplay: hd44780: Fix oops on module unloading (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks again (stable-5.14.1). - commit 4d90932 - fixup "rpm: support gz and zst compression methods" once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"") - commit 165378a - Linux 5.14.3 (stable-5.14.3). - commit 6323b14 - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (stable-5.14.3). - cxl/pci: Fix debug message in cxl_probe_regs() (stable-5.14.3). - cxl/pci: Fix lockdown level (stable-5.14.3). - cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports (stable-5.14.3). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (stable-5.14.3). - igmp: Add ip_mc_list lock in ip_check_mc_rcu (stable-5.14.3). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (stable-5.14.3). - Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM" (stable-5.14.3). - commit da9501b - Update patch reference for stable-5.14.3 - commit d3527b2 - fs: dlm: fix return -EINTR on recovery stopped (bsc#1190378). - commit a5b8aec ++++ libseccomp: - Skip 11-basic-basic_errors test on qemu linux-user emulation ++++ system-users: - system-user-tss.conf: Remove group entry, not needed and did contain syntax errors (bsc#1190401). ------------------------------------------------------------------ ------------------ 2021-9-12 - Sep 12 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.14 * convert: * new option --uuid to copy, generate or set a given uuid * improve output * mkfs: * allow to create degenerate raid0 (on 1 device) and raid10 (on 2 devices) * image: * improved error messages * fix some alignment of restored image * subvol delete: allow to delete by id when path is not resolvable * check: * require alignment of nodesize for 64k page systems * detect and fix invalid block groups * libbtrfs (deprecated): * remove most exported symbols, leave only a few that are used by snapper * no version change (still 0.1) * remove btrfs-list.h, btrfsck.h * fixes: * reset generation of space v1 if v2 is used * fi us: don't wrongly report missing device size when partition is not readable * other: * build: experimental features * build: better detection of 64bit timestamp support for ext4 * corrupt-block: block group items * new and updated tests * refactoring * experimental features: * new image dump format, with data ++++ kernel-default: - fixup "rpm: support gz and zst compression methods" once more Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"") - commit 34e68f4 - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - commit 05a7926 - fixup "rpm: support gz and zst compression methods" Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") - commit 23510fc ++++ harfbuzz: - harfbuzz 2.9.1: + Subsetter API close to stable + Various fuzzer-found bug fixes + hb_buffer_append() now handles the pre- and post-context which previously were left unchanged in the destination buffer + hb-view / hb-shape now accept following new arguments: - -unicodes: takes a list of hex numbers that represent Unicode codepoints. + Undeprecated API: hb_set_invert() - includes changes from 2.9.0: + Support multiple variation axes with same tag, aka HOI + The coretext testing shaper now passes font variations to CoreText + hb-shape/hb-view does not break line at new lines unless text is read from file + hb-view and hb-subset has a --batch now, similar to hb-shape + The --batch mode now uses ; as argument separator instead of : used previously + The --batch in hb-shape does not expect 0th argument anymore. That is, the lines read are interpreted as argv[1:], instead of argv[0:]. + The --batch option has been undocumented. We are ready to document it; send feedback if you find it useful + hb-subset got arguments revamps. Added much-requested - -gids-file, --glyphs, --glyphs-file, --unicodes-file, supporting ranges in --unicodes. + Various bug fixes ++++ openssl-1_1: - Update to openssl-1.1.1l ('L' as in 'Lima') for SUSE-SLE-15-SP4 * jsc#SLE-19640, jsc#PM-2816 - Changes in 1.1.1l: * [bsc#1189520, CVE-2021-3711] Fixed an SM2 Decryption Buffer Overflow. * [bsc#1189521, CVE-2021-3712] Fixed various read buffer overruns processing ASN.1 strings - Changes in 1.1.1k * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. ([CVE-2021-3450]) [bsc#1183851] * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. ([CVE-2021-3449]) [bsc#1183852] - Changes in 1.1.1j * Fixed the X509_issuer_and_serial_hash() function. It attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field [bsc#1182331, CVE-2021-23841] * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. * Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Previously they could overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call would be 1 (indicating success), but the output length value would be negative. This could cause applications to behave incorrectly or crash. [bsc#1182333, CVE-2021-23840] * Fixed SRP_Calc_client_key so that it runs in constant time. The previous implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. - Changes in 1.1.1i * Fixed NULL pointer deref in GENERAL_NAME_cmp * bsc#1179491, CVE-2020-1971 - Changes in 1.1.1h * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts - Changes in 1.1.1g * Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407) Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. * Added AES consttime code for no-asm configurations an optional constant time support for AES was added when building openssl for no-asm. - Changes in 1.1.1f * Revert the unexpected EOF reporting via SSL_ERROR_SSL - Changes in 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Dropped the following patches: * openssl-1_1-CVE-2019-1551.patch * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_fix_selftests_return_value.patch * openssl-CVE-2020-1967.patch * openssl-CVE-2020-1967-test1.patch * openssl-CVE-2020-1967-test2.patch * openssl-CVE-2020-1967-test3.patch * openssl-CVE-2020-1971.patch * openssl-CVE-2021-23840.patch * openssl-CVE-2021-23841.patch * openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch * openssl-1.1.1-fips_list_ciphers.patch * CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch * CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch * CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch * CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch * CVE-2021-3712-other-ASN1_STRING-issues.patch - Rebased the following patches: * 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch * 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.0-no-html.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.1-ssh-kdf.patch * openssl-DH.patch * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch * openssl-assembly-pack-accelerate-scalar-multiplication.patch * openssl-fips_selftest_upstream_drbg.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch * openssl-s390x-assembly-pack-accelerate-ECDSA.patch * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch ++++ pango: - Update to version 1.48.10: + Fix a crash in strikethrough drawing. + pango-view: - Support antialiasing freetype. - Use GraphicsMagick. ++++ supermin: - Restore ExclusiveArch, continue to follow libguestfs The 'almost' below is the reason. ------------------------------------------------------------------ ------------------ 2021-9-11 - Sep 11 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.5.4 - tukit: Fix resolved support [boo#1190383] ++++ kernel-default: - ACPI: PRM: Find PRMT table before parsing it (git-fixes). - PM: sleep: core: Avoid setting power.must_resume to false (git-fixes). - drm/ttm: Fix a deadlock if the target BO is not idle during swap (git-fixes). - drm/ttm: Fix ttm_bo_move_memcpy() for subclassed struct ttm_resource (git-fixes). - drm/panfrost: Use u64 for size in lock_region (git-fixes). - drm/panfrost: Simplify lock_region calculation (git-fixes). - drm/ttm: ttm_bo_device is now ttm_device (git-fixes). - drm/amdkfd: drop process ref count when xnack disable (git-fixes). - drm/amdgpu: Fix a deadlock if previous GEM object allocation fails (git-fixes). - drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform (git-fixes). - commit ffccbd5 ------------------------------------------------------------------ ------------------ 2021-9-10 - Sep 10 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).") - commit 8684de8 - atlantic: Fix driver resume flow (jsc#SLE-19855). - commit 78d21a0 - net: atlantic: switch from 'pci_' to 'dma_' API (jsc#SLE-19855). - commit 65338ab - qed: Enable automatic recovery on error condition (jsc#SLE-19875). - commit 635baf8 - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - commit 5d1f677 - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - commit d7d2e6e - dmaengine: idxd: make submit failure path consistent on desc freeing (git-fixes). - commit 8c1c92b - blacklist.conf: Add an already cherry-picked dmaengine/idxd entry - commit 6a92e25 - dmaengine: idxd: add missing percpu ref put on failure (git-fixes). - commit e15bd69 - dmaengine: idxd: Remove unused status variable in irq_process_work_list() (git-fixes). - dmaengine: idxd: remove fault processing code (git-fixes). - commit 9340fe2 - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ (git-fixes). - dmaengine: idxd: clear block on fault flag when clear wq (git-fixes). - dmaengine: dw: Remove error message from DT parsing code (git-fixes). - dmaengine: idxd: fix abort status check (git-fixes). - dmaengine: idxd: fix wq slot allocation index check (git-fixes). - dmaengine: idxd: have command status always set (git-fixes). - dmanegine: idxd: cleanup all device related bits after disabling device (git-fixes). - commit 3b93958 ++++ multipath-tools: - Update to version 0.8.7+14+suse.5a09bfa1: * Fix possible string overflows (bsc#1188148) - Upstream fixes / changes * better string handling * multipath: print warning if multipathd isn't running * mpathpersist: better error msg when no usable paths exist * fixes from 0.8.6+32+suse.f11c192 merged upstream ++++ systemd: - SLEtify This forward port most of the SLE stuff from SLE15-SP2 to this Factory snapshot making this version good enough for starting testing the version that will be shipped in SLE15-SP3. Add 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1181192 bsc#1184238 bsc#1184254 bsc#1184859 bsc#1185828) Add 1002-udev-add-option-to-generate-old-buggy-SCSI-serials.patch Add 1003-logind-store-a-timestamp-when-the-ACPI-power-button-.patch (bsc#981830 bsc#888612 bsc#1072933) Add 1004-udev-don-t-create-by-partlabel-primary-and-.-logical.patch (bsc#1178023 bsc#1183702) Add 1005-udev-optionally-disable-the-generation-of-the-partla.patch (bsc#1089761) Add 1006-logind-keep-backward-compatibility-with-UserTasksMax.patch Add 1007-Restore-support-for-halt.local.patch Add 1008-login-mark-again-framebuffer-devices-as-master-of-se.patch (bsc#1187154) merge compats/persistent-nic-names (bsc#1061883 bsc#1083158 bsc#1178561) merge compats/udev-compat-symlinks networkd is kept enabled as it's shipped in Leap distros (bsc#1071311) The following udev rules are no more kept by the systemd package 60-io-scheduler.rules (bsc#1165579 bsc#1164717 bsc#1134353 bsc#1177490 bsc#1184994 bsc#1188713) 80-acpi-container-hotplug.rules (bsc#1082485 bsc#1040800 bsc#1078358 bsc#1081170 bsc#1075743) 80-hotplug-cpu-mem.rules (bsc#1076696 bsc#1127557) 99-wakeup-from-idle.rules Move systemd-sysv-convert back from /usr/lib/systemd to /usr/sbin (bsc#1178156) Add conversion script for moving legacy collect based udev rules to chzdev based ones (bsc#1183984) SLE systemd default settings are hold by systemd-default-settings-branding-SLE (bsc#1065301 jsc#SLE-10123) Don't mount /tmp as tmpfs by default Set the version of the net naming scheme to 'v238' Set the default cgroup hierarchy to 'hybrid' Create /run/lock/subsys again (bsc#1187292) Restore "Provides/Obsoletes: systemd-bash-completion" - Drop git internal files from the testsuite sub-package - Adjust pam macros ------------------------------------------------------------------ ------------------ 2021-9-9 - Sep 9 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch. Update commit hash. - commit eab59ce - Refresh patches.suse/cpuidle-pseries-Fixup-CEDE0-latency-only-for-POWER10.patch Update patch metadata. - commit 28383a8 - bnxt_en: Fix possible unintended driver initiated error recovery (jsc#SLE-19704). - commit 63dcc3d - bnxt_en: Fix UDP tunnel logic (jsc#SLE-19704). - commit 4526d43 - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-19704). - commit e65f870 - bnxt_en: fix read of stored FW_PSID version on P5 devices (jsc#SLE-19704). - commit 8b9353d - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-19704). - commit 02da0ca - bnxt_en: fix kernel doc warnings in bnxt_hwrm.c (jsc#SLE-19704). - commit 4e81dc5 - Refresh patches.suse/mm-page_alloc.c-avoid-accessing-uninitialized-pcp-page-migratetype.patch. Update metadata and move to the sorted section. - commit adb2477 - Enable MQ channelization by default for ibmvfc (jsc#SLE-20056). Delete patches.suse/ibmvfc-disable-MQ-channelization-by-default.patch. - commit fef44f6 - Remove obsolete non-mainline patches (bsc#1178366). - Delete patches.suse/ext4-show-the-dax-option-in-mount-options.patch. - Delete patches.suse/xfs-show-the-dax-option-in-mount-options.patch. - commit 1a3b5af - mm/mempolicy: fix a race between offset_il_node and mpol_rebind_task (bsc#1190208 (MM functional and performance backports)). - mm,vmscan: fix divide by zero in get_scan_count (bsc#1190208 (MM functional and performance backports)). - mm: migrate: change to use bool type for 'page_was_mapped' (bsc#1190208 (MM functional and performance backports)). - mm: migrate: fix the incorrect function name in comments (bsc#1190208 (MM functional and performance backports)). - mm: migrate: introduce a local variable to get the number of pages (bsc#1190208 (MM functional and performance backports)). - mm/workingset: correct kernel-doc notations (bsc#1190208 (MM functional and performance backports)). - fs/epoll: use a per-cpu counter for user's watches count (bsc#1190208 (MM functional and performance backports)). - mm: introduce PAGEFLAGS_MASK to replace ((1UL << NR_PAGEFLAGS) - 1) (bsc#1190208 (MM functional and performance backports)). - mm: in_irq() cleanup (bsc#1190208 (MM functional and performance backports)). - mm: remove redundant compound_head() calling (bsc#1190208 (MM functional and performance backports)). - mm: memory_hotplug: cleanup after removal of pfn_valid_within() (bsc#1190208 (MM functional and performance backports)). - mm: remove pfn_valid_within() and CONFIG_HOLES_IN_ZONE (bsc#1190208 (MM functional and performance backports)). - memory-hotplug.rst: complete admin-guide overhaul (bsc#1190208 (MM functional and performance backports)). - memory-hotplug.rst: remove locking details from admin-guide (bsc#1190208 (MM functional and performance backports)). - commit 06dd188 - mm/memory_hotplug: remove nid parameter from remove_memory() and friends (git fixes (mm/hotplug)). - mm/memory_hotplug: remove nid parameter from arch_remove_memory() (git fixes (mm/hotplug)). - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() (git fixes (mm/hotplug)). - commit 3108871 - mm/vmstat: protect per cpu variables with preempt disable on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - highmem: don't disable preemption on RT in kmap_atomic() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm/madvise: add MADV_WILLNEED to process_madvise() (bsc#1190208 (MM functional and performance backports)). - mm/vmstat: remove unneeded return value (bsc#1190208 (MM functional and performance backports)). - mm/vmstat: simplify the array size calculation (bsc#1190208 (MM functional and performance backports)). - mm/vmstat: correct some wrong comments (bsc#1190208 (MM functional and performance backports)). - mm/percpu,c: remove obsolete comments of pcpu_chunk_populated() (bsc#1190208 (MM functional and performance backports)). - mm/mempolicy.c: use in_task() in mempolicy_slab_node() (bsc#1190208 (MM functional and performance backports)). - mm/mempolicy: use readable NUMA_NO_NODE macro instead of magic number (bsc#1190208 (MM functional and performance backports)). - mm: compaction: optimize proactive compaction deferrals (bsc#1190208 (MM functional and performance backports)). - mm/vmpressure: replace vmpressure_to_css() with vmpressure_to_memcg() (bsc#1190208 (MM functional and performance backports)). - hugetlb: fix hugetlb cgroup refcounting during vma split (bsc#1190208 (MM functional and performance backports)). - hugetlb: before freeing hugetlb page set dtor to appropriate value (bsc#1190208 (MM functional and performance backports)). - hugetlb: drop ref count earlier after page allocation (bsc#1190208 (MM functional and performance backports)). - hugetlb: simplify prep_compound_gigantic_page ref count racing code (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: use in_task() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: make alloc_node_mem_map() __init rather than __ref (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: fix 'zone_id' may be used uninitialized in this function warning (bsc#1190208 (MM functional and performance backports)). - memblock: stop poisoning raw allocations (bsc#1190208 (MM functional and performance backports)). - mm: introduce memmap_alloc() to unify memory map allocation (bsc#1190208 (MM functional and performance backports)). - microblaze: simplify pte_alloc_one_kernel() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: always initialize memory map for the holes (bsc#1190208 (MM functional and performance backports)). - mm/vmalloc: fix wrong behavior in vread (git fixes (mm)). - mm/vmalloc: remove gfpflags_allow_blocking() check (bsc#1190208 (MM functional and performance backports)). - mm/vmalloc: use batched page requests in bulk-allocator (bsc#1190208 (MM functional and performance backports)). - include/linux/mmzone.h: avoid a warning in sparse memory support (bsc#1190208 (MM functional and performance backports)). - mm/sparse: set SECTION_NID_SHIFT to 6 (bsc#1190208 (MM functional and performance backports)). - mm: sparse: remove __section_nr() function (bsc#1190208 (MM functional and performance backports)). - mm: sparse: pass section_nr to find_memory_block (bsc#1190208 (MM functional and performance backports)). - mm: sparse: pass section_nr to section_mark_present (bsc#1190208 (MM functional and performance backports)). - mm/bootmem_info.c: mark __init on register_page_bootmem_info_section (bsc#1190208 (MM functional and performance backports)). - mm/mremap: fix memory account on do_munmap() failure (git fixes (mm)). - remap_file_pages: Use vma_lookup() instead of find_vma() (bsc#1190208 (MM functional and performance backports)). - mm/pagemap: add mmap_assert_locked() annotations to find_vma*() (bsc#1190208 (MM functional and performance backports)). - mm: change fault_in_pages_* to have an unsigned size parameter (bsc#1190208 (MM functional and performance backports)). - mm,do_huge_pmd_numa_page: remove unnecessary TLB flushing code (bsc#1190208 (MM functional and performance backports)). - mm: remove flush_kernel_dcache_page (bsc#1190208 (MM functional and performance backports)). - scatterlist: replace flush_kernel_dcache_page with flush_dcache_page (bsc#1190208 (MM functional and performance backports)). - mmc: mmc_spi: replace flush_kernel_dcache_page with flush_dcache_page (bsc#1190208 (MM functional and performance backports)). - mm: memcontrol: set the correct memcg swappiness restriction (git fixes (mm)). - memcg: enable accounting for pids in nested pid namespaces (git fixes (mm)). - mm, memcg: inline swap-related functions to improve disabled memcg config (bsc#1190208 (MM functional and performance backports)). - mm, memcg: inline mem_cgroup_{charge/uncharge} to improve disabled memcg config (bsc#1190208 (MM functional and performance backports)). - mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports)). - shmem: shmem_writepage() split unlikely i915 THP (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: decide stat.st_blksize by shmem_is_huge() (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: shmem_is_huge(vma, inode, index) (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: SGP_NOALLOC to stop collapse_file() on race (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: move shmem_huge_enabled() upwards (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: revert shmem's use of transhuge_vma_enabled() (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: remove shrinklist addition from shmem_setattr() (git fixes (mm/shmem)). - huge tmpfs: fix split_huge_page() after FALLOC_FL_KEEP_SIZE (git fixes (mm/shmem)). - huge tmpfs: fix fallocate(vanilla) advance over huge pages (git fixes (mm/shmem)). - shmem: include header file to declare swap_info (bsc#1190208 (MM functional and performance backports)). - shmem: remove unneeded function forward declaration (bsc#1190208 (MM functional and performance backports)). - shmem: remove unneeded header file (bsc#1190208 (MM functional and performance backports)). - shmem: remove unneeded variable ret (bsc#1190208 (MM functional and performance backports)). - shmem: use raw_spinlock_t for ->stat_lock (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm: delete unused get_kernel_page() (bsc#1190208 (MM functional and performance backports)). - fs, mm: fix race in unlinking swapfile (git fixes (mm)). - mm/gup: small refactoring: simplify try_grab_page() (bsc#1190208 (MM functional and performance backports)). - mm/gup: documentation corrections for gup/pup (bsc#1190208 (MM functional and performance backports)). - mm: gup: use helper PAGE_ALIGNED in populate_vma_page_range() (git fixes (mm)). - mm: gup: fix potential pgmap refcnt leak in __gup_device_huge() (git fixes (mm)). - mm: gup: remove useless BUG_ON in __get_user_pages() (git fixes (mm)). - mm: gup: remove unneed local variable orig_refs (git fixes (mm)). - mm: gup: remove set but unused local variable major (git fixes (mm)). - writeback: use READ_ONCE for unlocked reads of writeback stats (bsc#1190209 (VM/FS functional and performance backports)). - writeback: rename domain_update_bandwidth() (bsc#1190209 (VM/FS functional and performance backports)). - writeback: fix bandwidth estimate for spiky workload (bsc#1190209 (VM/FS functional and performance backports)). - writeback: reliably update bandwidth estimation (bsc#1190209 (VM/FS functional and performance backports)). - writeback: track number of inodes under writeback (bsc#1190209 (VM/FS functional and performance backports)). - mm: report a more useful address for reclaim acquisition (bsc#1190208 (MM functional and performance backports)). - fsnotify: optimize the case of no marks of any type (bsc#1190120 (Fsnotify functional and performance backports)). - fsnotify: count all objects with attached connectors (bsc#1190120 (Fsnotify functional and performance backports)). - fsnotify: count s_fsnotify_inode_refs for attached connectors (bsc#1190120 (Fsnotify functional and performance backports)). - fsnotify: replace igrab() with ihold() on attach connector (bsc#1190120 (Fsnotify functional and performance backports)). - commit 87371a8 - mm, slub: convert kmem_cpu_slab protection to local_lock (bsc#1189998). - mm, slub: use migrate_disable() on PREEMPT_RT (bsc#1189998). - mm, slub: protect put_cpu_partial() with disabled irqs instead of cmpxchg (bsc#1189998). - mm, slub: make slab_lock() disable irqs with PREEMPT_RT (bsc#1189998). - mm: slub: make object_map_lock a raw_spinlock_t (bsc#1189998). - mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context (bsc#1189998). - mm, slab: split out the cpu offline variant of flush_slab() (bsc#1189998). - mm, slub: don't disable irqs in slub_cpu_dead() (bsc#1189998). - mm, slub: only disable irq with spin_lock in __unfreeze_partials() (bsc#1189998). - mm, slub: separate detaching of partial list in unfreeze_partials() from unfreezing (bsc#1189998). - mm, slub: detach whole partial list at once in unfreeze_partials() (bsc#1189998). - mm, slub: discard slabs in unfreeze_partials() without irqs disabled (bsc#1189998). - mm, slub: move irq control into unfreeze_partials() (bsc#1189998). - mm, slub: call deactivate_slab() without disabling irqs (bsc#1189998). - mm, slub: make locking in deactivate_slab() irq-safe (bsc#1189998). - mm, slub: move reset of c->page and freelist out of deactivate_slab() (bsc#1189998). - mm, slub: stop disabling irqs around get_partial() (bsc#1189998). - mm, slub: check new pages with restored irqs (bsc#1189998). - mm, slub: validate slab from partial list or page allocator before making it cpu slab (bsc#1189998). - mm, slub: restore irqs around calling new_slab() (bsc#1189998). - mm, slub: move disabling irqs closer to get_partial() in ___slab_alloc() (bsc#1189998). - mm, slub: do initial checks in ___slab_alloc() with irqs enabled (bsc#1189998). - mm, slub: move disabling/enabling irqs to ___slab_alloc() (bsc#1189998). - mm, slub: simplify kmem_cache_cpu and tid setup (bsc#1189998). - mm, slub: restructure new page checks in ___slab_alloc() (bsc#1189998). - mm, slub: return slab page from get_partial() and set c->page afterwards (bsc#1189998). - mm, slub: dissolve new_slab_objects() into ___slab_alloc() (bsc#1189998). - mm, slub: extract get_partial() from new_slab_objects() (bsc#1189998). - mm, slub: remove redundant unfreeze_partials() from put_cpu_partial() (bsc#1189998). - mm, slub: don't disable irq for debug_check_no_locks_freed() (bsc#1189998). - mm, slub: allocate private object map for validate_slab_cache() (bsc#1189998). - mm, slub: allocate private object map for debugfs listings (bsc#1189998). - mm, slub: don't call flush_all() from slab_debug_trace_open() (bsc#1189998). - commit ba105d1 - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (stable-5.14.2). - commit 48ec4ff - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - commit 88072cd ++++ microos-tools: - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation ++++ patterns-microos: - added the FIPS pattern (matching the one from SLES) ++++ samba: - Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796); ++++ supermin: - arm32 may have a kernel named /boot/zImage - Remove arch exclusion, almost all of them build. ------------------------------------------------------------------ ------------------ 2021-9-8 - Sep 8 2021 ------------------- ------------------------------------------------------------------ ++++ irqbalance: - Update to version 1.8.0.18.git+2435e8d: * fix unsigned integer subtraction sign overflow * fix opendir fails in check_platform_device * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds - Fixes integrated mainline: * bsc#1119461 * bsc#1138190 * bsc#1154905 * bsc#1178477 bsc#1183405 (removed patches due to mainline integration): procinterrupts-check-xen-dyn-event-more-flexible.patch * bsc#1182254 bsc#1156315 (removed patches due to mainline integration): fix-ambiguous-parsing-of-node-entries-in-sys.patch * bsc#1183157 also-fetch-node-info-for-non-PCI-devices.patch ++++ open-iscsi: - Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains these changes not already present: * Handle IPv6 interfaces correctly. (bsc#1187958) * Handle qedi correctly in NPAR mode (bsc#1187958) * Update iscsiadm man page (bsc#1187958) * Update iface.example for ipv6 * Change iscsi IP type from defines to enum. * Handle recv() returning 0 in iscsid_response() ++++ kernel-default: - Delete patches.suse/mdraid-fix-read-write-bytes-accounting.patch. This was resolved differently upstream across several releases. - commit afcd1d0 - SLE15-SP4: refresh and re-enable btrfs per-subvolume dev_t series - commit a4a75e4 - bnxt_en: Fix 64-bit doorbell operation on 32-bit kernels (jsc#SLE-19704). - commit a9396a0 - bnxt_en: support multiple HWRM commands in flight (jsc#SLE-19704). - commit 4f57dd9 - bnxt_en: remove legacy HWRM interface (jsc#SLE-19704). - commit 4d87f72 - bnxt_en: update all firmware calls to use the new APIs (jsc#SLE-19704). - commit 02d32b7 - bnxt_en: use link_lock instead of hwrm_cmd_lock to protect link_info (jsc#SLE-19704). - commit 5933450 - bnxt_en: add support for HWRM request slices (jsc#SLE-19704). - commit 4fdb6f3 - bnxt_en: add HWRM request assignment API (jsc#SLE-19704). - commit 6aee5ab - bnxt_en: discard out of sequence HWRM responses (jsc#SLE-19704). - commit aae7bc0 - bnxt_en: introduce new firmware message API based on DMA pools (jsc#SLE-19704). - commit fbdf313 - bnxt_en: move HWRM API implementation into separate file (jsc#SLE-19704). - commit 95f1cd5 - bnxt_en: Refactor the HWRM_VER_GET firmware calls (jsc#SLE-19704). - commit c191d10 - Update patch metadata for patches.suse/setuid-dumpable-wrongdir. - commit 30e1cd3 - bnxt_en: remove DMA mapping for KONG response (jsc#SLE-19704). - commit 19dfdb7 - bnxt: count discards due to memory allocation errors (jsc#SLE-19704). - commit 706770f - bnxt: count packets discarded because of netpoll (jsc#SLE-19704). - commit 868a0a6 - net: broadcom: switch from 'pci_' to 'dma_' API (jsc#SLE-19704). - commit 9106d4f - bnxt_en: Increase maximum RX ring size if jumbo ring is not used (jsc#SLE-19704). - commit dc9af50 - bnxt_en: Don't use static arrays for completion ring pages (jsc#SLE-19704). - commit fa8eb9d - bnxt_en: Log if an invalid signal detected on TSIO pin (jsc#SLE-19704). - commit 9a9a0cc - bnxt_en: Event handler for PPS events (jsc#SLE-19704). - commit 7dfe276 - bnxt_en: 1PPS functions to configure TSIO pins (jsc#SLE-19704). - commit a03bb08 - bnxt_en: 1PPS support for 5750X family chips (jsc#SLE-19704). - commit 722655d - bnxt_en: Do not read the PTP PHC during chip reset (jsc#SLE-19704). - commit d9d4cdc - bnxt_en: Move bnxt_ptp_init() from bnxt_open() back to bnxt_init_one() (jsc#SLE-19704). - commit bb87ff1 - Bluetooth: schedule SCO timeouts with delayed_work (CVE-2021-3640 bsc#1188172). - Refresh patches.suse/Bluetooth-fix-repeated-calls-to-sco_sock_kill.patch. - Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch. - commit d68ed34 - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - commit b41e4fd - mm/page_alloc: Use accumulated load when building node fallback list (git fixes (mm/pgalloc)). - mm/page_alloc: Print node fallback order (git fixes (mm/pgalloc)). - commit 4503c46 - mm/page_alloc.c: avoid accessing uninitialized pcp page migratetype (git fixes (mm/pgalloc)). - commit a609347 - Revert "memcg: enable accounting for file lock caches (bsc#1190115)." This reverts commit 78b761616bfb31a0d54806624e7c8db23fbeda9c. It's effectively upstream commit 3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to avoid proliferation of patches). Make a note in blacklist.conf too. - commit 922c6d5 - net/iucv: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - net: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - virtio_net: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - workqueue: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - hwmon: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - ACPI: processor: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - powercap: intel_rapl: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - PM: sleep: s2idle: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - cpufreq: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - clocksource: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - genirq/affinity: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - static_call: Update API documentation (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - md/raid5: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - Documentation: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - smpboot: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - perf/hw_breakpoint: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - perf/x86/intel: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/mce/inject: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/microcode: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/mtrr: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/mmiotrace: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - s390/sclp: replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - s390: replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - padata: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - crypto: virtio - Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - torture: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - rcu: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - commit 8db1640 - Linux 5.14.2 (stable-5.14.2). - commit 0b343f1 - HID: usbhid: Fix warning caused by 0-length input reports (stable-5.14.2). - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG (stable-5.14.2). - ext4: fix race writing to an inline_data file while its xattrs are changing (stable-5.14.2). - ext4: fix e2fsprogs checksum failure for mounted filesystem (stable-5.14.2). - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (stable-5.14.2). - commit 003e8d3 - cgroup: Avoid compiler warnings with no subsystems (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Avoid memory migration when nodemasks match (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Enable memory migration for cpuset v2 (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Enable event notification when partition state changes (bsc#1190050 (Cgroup functional and performance backports)). - cgroup: cgroup-v1: clean up kernel-doc notation (bsc#1190050 (Cgroup functional and performance backports)). - cgroup: Replace deprecated CPU-hotplug functions (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Fix violation of cpuset locking rule (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Miscellaneous code cleanup (bsc#1190050 (Cgroup functional and performance backports)). - cgroup: remove cgroup_mount from comments (bsc#1190050 (Cgroup functional and performance backports)). - commit 985c1b6 - Update patch references for already backported stable-5.14.2 patches - commit 8736f45 - sched/topology: Skip updating masks for non-online nodes (bsc#1189999 (Scheduler functional and performance backports)). - sched: Replace deprecated CPU-hotplug functions (bsc#1189999 (Scheduler functional and performance backports)). - sched: Skip priority checks with SCHED_FLAG_KEEP_PARAMS (bsc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix missing clock update in migrate_task_rq_dl() (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Avoid a second scan of target in select_idle_cpu (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Use prev instead of new target as recent_used_cpu (bsc#1189999 (Scheduler functional and performance backports)). - sched: Don't report SCHED_FLAG_SUGOV in sched_getattr() (bsc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix reset_on_fork reporting of DL tasks (bsc#1189999 (Scheduler functional and performance backports)). - sched: remove redundant on_rq status change (bsc#1189999 (Scheduler functional and performance backports)). - sched: Optimize housekeeping_cpumask() in for_each_cpu_and() (bsc#1189999 (Scheduler functional and performance backports)). - sched/sysctl: Move extern sysctl declarations to sched.h (bsc#1189999 (Scheduler functional and performance backports)). - wait: use LIST_HEAD_INIT() to initialize wait_queue_head (bsc#1189999 (Scheduler functional and performance backports)). - commit 4fafa6d - Update config files. Version bump 5.14.1 and a cleanup in armv7hl - commit dcc91b9 - PCI: controller: PCI_IXP4XX should depend on ARCH_IXP4XX (git-fixes). - PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). - PCI: iproc: Fix BCMA probe resource handling (git-fixes). - watchdog: iTCO_wdt: Fix detection of SMI-off case (git-fixes). - remoteproc: fix kernel doc for struct rproc_ops (git-fixes). - remoteproc: fix an typo in fw_elf_get_class code comments (git-fixes). - commit e8fec37 - PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: aardvark: Fix reporting CRS value (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n (git-fixes). - PCI/PTM: Remove error message at boot (git-fixes). - PCI: Fix pci_dev_str_match_path() alloc while atomic bug (git-fixes). - PCI/portdrv: Enable Bandwidth Notification only if port supports it (git-fixes). - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). - PCI: Call Max Payload Size-related fixup quirks early (git-fixes). - mfd: lpc_sch: Rename GPIOBASE to prevent build error (git-fixes). - mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set (git-fixes). - commit d618f96 - can: c_can: fix null-ptr-deref on ioctl() (git-fixes). - iwlwifi: fix printk format warnings in uefi.c (git-fixes). - firmware: dmi: Move product_sku info to the end of the modalias (git-fixes). - backlight: ktd253: Stabilize backlight (git-fixes). - mfd: axp20x: Update AXP288 volatile ranges (git-fixes). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio: mpc8xxx: Fix a potential double iounmap call in 'mpc8xxx_probe()' (git-fixes). - gpio: mpc8xxx: Fix a resources leak in the error handling path of 'mpc8xxx_probe()' (git-fixes). - commit bef14d8 - Linux 5.14.1 (stable-5.14.1). - commit df45c6c - Move upstreamed patches into sorted section - commit 0a347d9 - locking/atomic: add generic arch_*() bitops (bsc#1190282). - locking/atomic: add arch_atomic_long*() (bsc#1190282). - locking/atomic: centralize generated headers (bsc#1190282). - locking/atomic: remove ARCH_ATOMIC remanants (bsc#1190282). - locking/atomic: simplify ifdef generation (bsc#1190282). - commit b0a0a9d - workqueue: Remove unused WORK_NO_COLOR (bsc#1190232). - workqueue: Assign a color to barrier work items (bsc#1190232). - workqueue: Mark barrier work with WORK_STRUCT_INACTIVE (bsc#1190232). - workqueue: Change the code of calculating work_flags in (bsc#1190232). - workqueue: Change arguement of pwq_dec_nr_in_flight() (bsc#1190232). - workqueue: Rename "delayed" (delayed by active (bsc#1190232). - workqueue: Replace deprecated ida_simple_*() with (bsc#1190232). - workqueue: Fix typo in comments (bsc#1190232). - workqueue: Fix possible memory leaks in wq_numa_init() (bsc#1190232). - commit 380dfb2 ++++ c-ares: - 5c995d5.patch: augment input validation on hostnames to allow _ as part of DNS response (bsc#1190225) ++++ systemd: - Don't reexecute user manager instances on package update yet This can't be done until users have their user instance updated to the new version that supports reexecuting with SIGRTMIN+25 because this signal terminates the user managers for the previous versions. - Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - systemd.spec: reexec user manager instances on package updates ++++ qemu: - Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch - Update supported file for ARM machines. ++++ supportutils: - Fixed cron package for RPM validation (bsc#1190315) - Updated spec file with correct URL ++++ sysuser-tools: - Add support for new shell field [bsc#1189518] ++++ virt-manager: - bsc#1190215 - [virt-install] No Support for SUSE Product SLE-HPC virtinst-add-sle-hpc-support.patch ------------------------------------------------------------------ ------------------ 2021-9-7 - Sep 7 2021 ------------------- ------------------------------------------------------------------ ++++ file: - Add patch bsc1189996-9fbe768a.patch to fix bsc#1189996 ++++ glib2: - desktop-file-utils: add Pantheon desktop environment - Update to version 2.69.3: + g_settings_schema_key_range_check() misbehaves for int versus bool. + Compiling anything with GCC <4.6 spews deprecation warnings. + `g_invoke_closure` bindings API break.. + GPowerProfileMonitorPortal does not notice initial power-saver-enabled status. + doc: Explicitly said, that no null term. is needed. + ci: Use C.UTF-8 locale on FreeBSD 12. + gio: Fix conditions in memory-monitor test. + Updated translations. ++++ grub2: - Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061) * 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch ++++ haproxy: - Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877) * [RELEASE] Released version 2.4.4 * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * MINOR: time: add report_idle() to report process-wide idle time * BUG/MINOR: time: fix idle time computation for long sleeps * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MINOR: base64: base64urldec() ignores padding in output size check * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions * MINOR: hlua: take the global Lua lock inside a global function * REGTESTS: abortonclose: after retries, 503 is expected, not close * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path ++++ kernel-default: - config: update CMA_AREAS to reflect new default (bsc#1189685). - config: sync config for removal of printk NMI tracking - commit 8d3b4c2 - Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964) The regression addressed by this revert was fixed properly by mainline commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again") in 5.7. - commit e86af82 - tracing/boot: Fix a hist trigger dependency for boot time tracing (git-fixes). The fix is not strictly needed in SLES because we have CONFIG_HIST_TRIGGERS=y for all supported architectures. However, armv7hl disables it and we may share the kernel with Leap one day, so better be safe. - commit fdfc9e3 - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - commit 6376013 - thunderbolt: test: split up test cases in tb_test_credit_alloc_all (jsc#SLE-19359 jsc#SLE-20163). - commit 785e4a8 - thunderbolt: Fix port linking by checking all adapters (jsc#SLE-19355). - commit 6658ec3 - thunderbolt: Do not read control adapter config space (jsc#SLE-19359 jsc#SLE-20163). - commit 3d51d0d - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - commit 34aa35b - vfio/mbochs: Fix missing error unwind of mbochs_used_mbytes (git-fixes). - vfio/samples: Remove module get/put (git-fixes). - commit 5d9f639 - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: zynqmp: Drop pinctrl_unregister for devm_ registered device (git-fixes). - soc: mediatek: cmdq: add address shift in jump (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: ISST: Fix optimization with use of numa (git-fixes). - vfio/pci: Make vfio_pci_regops->rw() return ssize_t (git-fixes). - vfio: Use config not menuconfig for VFIO_NOIOMMU (git-fixes). - speakup: use C99 syntax for array initializers (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - PM: cpu: Make notifier chain use a raw_spinlock_t (git-fixes). - commit 94af1da - pinctrl: ingenic: Fix bias config for X2000(E) (git-fixes). - pinctrl: ingenic: Fix incorrect pull up/down info (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: mediatek: fix platform_no_drv_owner.cocci warnings (git-fixes). - pinctrl: armada-37xx: Correct PWM pins definitions (git-fixes). - lib/test_stackinit: Fix static initializer test (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - net: usb: asix: ax88772: add missing stop (git-fixes). - irqchip/gic-v3: Fix priority comparison when non-secure priorities are used (git-fixes). - commit e822cd7 - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs (git-fixes). - HID: usbhid: Fix flood of "control queue full" messages (git-fixes). - HID: input: do not report stylus battery state as "full" (git-fixes). - HID: amd_sfh: Fix period data field to enable sensor (git-fixes). - HID: thrustmaster: clean up Makefile and adapt quirks (git-fixes). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - irqchip/apple-aic: Fix irq_disable from within irq handlers (git-fixes). - irqchip/loongson-pch-pic: Improve edge triggered interrupt support (git-fixes). - commit d828469 ++++ expat: - Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253] * Remove expat-CVE-2018-20843.patch upstream ------------------------------------------------------------------ ------------------ 2021-9-6 - Sep 6 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.5.3 - t-u: Purge kernels as part of package operations Required for live patching support [bsc#1189728] ++++ kernel-default: - memcg: enable accounting of ipc resources (bsc#1190115 CVE-2021-3759). - memcg: enable accounting for file lock caches (bsc#1190115). - commit cac2650 - USB: EHCI: Add alias for Broadcom INSNREG (git-fixes). - commit 19a3422 - USB: EHCI: Add register array bounds to HCS ports (git-fixes). - commit ec4d52a - xhci: Add bus number to some debug messages (jsc#SLE-20163). - commit 366daea - xhci: Add additional dynamic debug to follow URBs in cancel and error cases (jsc#SLE-20163). - commit 89e620e - Update patches.suse/xhci-Fix-failure-to-give-back-some-cached-cancelled-.patch (jsc#SLE-20163). - commit d237ca8 - xhci: fix even more unsafe memory usage in xhci tracing (jsc#SLE-20163). - commit cea4b08 - xhci: fix unsafe memory usage in xhci tracing (jsc#SLE-20163). - commit a271851 - thunderbolt: Handle ring interrupt by reading interrupt status register (jsc#SLE-20163). - commit 8815f0d - usb: typec: tcpm: Support non-PD mode (jsc#SLE-20163). - commit 984cb96 - sched: Fix UCLAMP_FLAG_IDLE setting (git fixes (sched)). - sched/numa: Fix is_core_idle() (git fixes (sched)). - sched/debug: Don't update sched_domain debug directories before sched_debug_init() (git fixes (sched)). - commit 0e8b960 - thunderbolt: Add vendor specific NHI quirk for auto-clearing interrupt status (jsc#SLE-19355 jsc#SLE-19359). - commit 3795602 - thunderbolt: Add authorized value to the KOBJ_CHANGE uevent (jsc#SLE-19359). - commit f5a190c - bus: Make remove callback return void (jsc#SLE19359). - commit 4f51634 - PCI: endpoint: Make struct pci_epf_driver::remove return void (jsc#SLE-19359). - commit b206fb1 - s390/ccwgroup: Drop if with an always false condition (jsc#SLE-19359). - commit 7adc17d - s390/scm: Make struct scm_driver::remove return void (jsc#SLE-19359). - commit 22a6edf - s390/cio: Make struct css_driver::remove return void (jsc#SLE-19359). - commit af06902 - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). These are unchanged since 2011 when they were introduced. No need to track them separately. - commit 692d38b - rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla kernel which is not supported in any way. The only effect is has is that the image and initrd symlinks are created with this suffix. These symlinks are not used except on s390 where the unsuffixed symlinks are used by zipl. There is no reason why a vanilla kernel could not be used with zipl as well as it's quite unexpected to not be able to boot when only a vanilla kernel is installed. Finally we now have a backup zipl kernel so if the vanilla kernel is indeed unsuitable the backup kernel can be used. - commit e2f37db - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - commit e602b0f - rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the shortened hash rather than full filename. As has been discussed in bsc#1124431 comment 51 https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of the certificates is an API which cannot be changed unless we can ensure that no two kernels that use different certificate location can be built with the same certificate. - commit d9a1357 - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - commit d87fe21 - USB: serial: pl2303: fix GL type detection (git-fixes). - USB: serial: cp210x: fix flow-control error handling (git-fixes). - USB: serial: cp210x: fix control-characters error handling (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - mtd: rawnand: intel: Fix error handling in probe (git-fixes). - mtd: spinand: Fix comment (git-fixes). - mtd: mtdconcat: Check _read, _write callbacks existence before assignment (git-fixes). - mtd: mtdconcat: Judge callback existence based on the master (git-fixes). - commit 4851953 - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls (stable-5.14.1). - audit: move put_tree() to avoid trim_trees refcount underflow and UAF (stable-5.14.1). - ubifs: report correct st_size for encrypted symlinks (stable-5.14.1). - f2fs: report correct st_size for encrypted symlinks (stable-5.14.1). - ext4: report correct st_size for encrypted symlinks (stable-5.14.1). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (stable-5.14.1). - Revert "floppy: reintroduce O_NDELAY fix" (stable-5.14.1). - commit 0f888a9 - Update patch reference for stable-5.14.1 - commit c1210cb ++++ kmod: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). * Refres no-stylesheet-download.patch ++++ libcontainers-common: - Comment out ostree_repo [boo#1189893] ++++ fuse3: - Update to release 3.10.5 * Various improvements to make unit tests more robust. ++++ python-ordered-set: - Update to version 4.0.2 * Restore compatibility with Python 3.5 * fix packaging, remove vestiges of type stubs * Remove unused type * Add a mailmap * remove old .pyi type stub * Implement code review suggestions for types * Code formatting (isort and black) * Move type annotations inline * Directly distribute type stub file via PEP 561 * Handle another indexing case from NumPy ++++ yast2: - Mark systemd unit/service state "maintenance" as active (bsc#1190163) - 4.4.17 ------------------------------------------------------------------ ------------------ 2021-9-4 - Sep 4 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - watchdog: Fix NULL pointer dereference when releasing cdev (bsc#1190093). - Update config files. We can enable the option after this fix again. - commit d237379 ------------------------------------------------------------------ ------------------ 2021-9-3 - Sep 3 2021 ------------------- ------------------------------------------------------------------ ++++ glib-networking: - Update to version 2.70.rc: + gnutls: - revert AuthorityInformationAccess implementation for now. - fix use of non-default GTlsDatabases, Geary crash on startup. - fix leak in g_tls_certificate_gnutls_copy. - Unbreak GTLS_GNUTLS_CHECK_VERSION. + openssl: remove openssl-util. ++++ kernel-default: - supported.conf: Add missing entries for armv7hl builds - commit 86ffe23 - Refresh patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch. - commit 35e6afe - supported.conf: hv_sock is externally supported - commit 8dbed5c - locking/rtmutex: Return success on deadlock for ww_mutex (bsc#1190137 bsc#1189998). - locking/rtmutex: Prevent spurious EDEADLK return caused by (bsc#1190137 bsc#1189998). - locking/rtmutex: Dequeue waiter on ww_mutex deadlock (bsc#1190137 bsc#1189998). - locking/rtmutex: Dont dereference waiter lockless (bsc#1190137 bsc#1189998). - locking/ww_mutex: Initialize waiter.ww_ctx properly (bsc#1190137 bsc#1189998). - locking/local_lock: Add PREEMPT_RT support (bsc#1190137 bsc#1189998). - locking/spinlock/rt: Prepare for RT local_lock (bsc#1190137 bsc#1189998). - locking/rtmutex: Add adaptive spinwait mechanism (bsc#1190137 bsc#1189998). - locking/rtmutex: Implement equal priority lock stealing (bsc#1190137 bsc#1189998). - preempt: Adjust PREEMPT_LOCK_OFFSET for RT (bsc#1190137 bsc#1189998). - locking/rtmutex: Prevent lockdep false positive with PI (bsc#1190137 bsc#1189998). - futex: Prevent requeue_pi() lock nesting issue on RT (bsc#1190137 bsc#1189998). - futex: Simplify handle_early_requeue_pi_wakeup() (bsc#1190137 bsc#1189998). - futex: Reorder sanity checks in futex_requeue() (bsc#1190137 bsc#1189998). - futex: Clarify comment in futex_requeue() (bsc#1190137 bsc#1189998). - futex: Restructure futex_requeue() (bsc#1190137 bsc#1189998). - futex: Correct the number of requeued waiters for PI (bsc#1190137 bsc#1189998). - futex: Remove bogus condition for requeue PI (bsc#1190137 bsc#1189998). - futex: Clarify futex_requeue() PI handling (bsc#1190137 bsc#1189998). - futex: Clean up stale comments (bsc#1190137 bsc#1189998). - futex: Validate waiter correctly in (bsc#1190137 bsc#1189998). - lib/test_lockup: Adapt to changed variables (bsc#1190137 bsc#1189998). - locking/rtmutex: Add mutex variant for RT (bsc#1190137 bsc#1189998). - locking/ww_mutex: Implement rtmutex based ww_mutex API (bsc#1190137 bsc#1189998). - locking/rtmutex: Extend the rtmutex core to support ww_mutex (bsc#1190137 bsc#1189998). - locking/ww_mutex: Add rt_mutex based lock type and accessors (bsc#1190137 bsc#1189998). - locking/ww_mutex: Add RT priority to W/W order (bsc#1190137 bsc#1189998). - locking/ww_mutex: Implement rt_mutex accessors (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out internal lock accesses (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out mutex types (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out mutex accessors (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out waiter enqueueing (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out the waiter iteration (bsc#1190137 bsc#1189998). - locking/ww_mutex: Remove the __sched annotation from ww_mutex (bsc#1190137 bsc#1189998). - locking/ww_mutex: Split out the W/W implementation logic into (bsc#1190137 bsc#1189998). - locking/ww_mutex: Split up ww_mutex_unlock() (bsc#1190137 bsc#1189998). - locking/ww_mutex: Gather mutex_waiter initialization (bsc#1190137 bsc#1189998). - locking/ww_mutex: Simplify lockdep annotations (bsc#1190137 bsc#1189998). - locking/mutex: Make mutex::wait_lock raw (bsc#1190137 bsc#1189998). - locking/ww_mutex: Move the ww_mutex definitions from (bsc#1190137 bsc#1189998). - locking/mutex: Move the 'struct mutex_waiter' definition from (bsc#1190137 bsc#1189998). - locking/mutex: Consolidate core headers, remove (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash !RT tasks to DEFAULT_PRIO (bsc#1190137 bsc#1189998). - locking/rwlock: Provide RT variant (bsc#1190137 bsc#1189998). - locking/spinlock: Provide RT variant (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide the spin/rwlock core lock function (bsc#1190137 bsc#1189998). - locking/spinlock: Provide RT variant header: (bsc#1190137 bsc#1189998). - locking/spinlock: Provide RT specific spinlock_t (bsc#1190137 bsc#1189998). - locking/rtmutex: Reduce header (bsc#1190137 bsc#1189998). - rbtree: Split out the rbtree type definitions into (bsc#1190137 bsc#1189998). - locking/lockdep: Reduce header dependencies in (bsc#1190137 bsc#1189998). - locking/rtmutex: Prevent future include recursion hell (bsc#1190137 bsc#1189998). - locking/spinlock: Split the lock types header, and move the (bsc#1190137 bsc#1189998). - locking/rtmutex: Guard regular sleeping locks specific (bsc#1190137 bsc#1189998). - locking/rtmutex: Prepare RT rt_mutex_wake_q for RT locks (bsc#1190137 bsc#1189998). - locking/rtmutex: Use rt_mutex_wake_q_head (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide rt_wake_q_head and helpers (bsc#1190137 bsc#1189998). - locking/rtmutex: Add wake_state to rt_mutex_waiter (bsc#1190137 bsc#1189998). - locking/rwsem: Add rtmutex based R/W semaphore implementation (bsc#1190137 bsc#1189998). - locking/rt: Add base code for RT rw_semaphore and rwlock (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide rt_mutex_base_is_locked() (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide rt_mutex_slowlock_locked() (bsc#1190137 bsc#1189998). - locking/rtmutex: Split out the inner parts of 'struct (bsc#1190137 bsc#1189998). - locking/rtmutex: Split API from implementation (bsc#1190137 bsc#1189998). - locking/rtmutex: Switch to from cmpxchg_*() to (bsc#1190137 bsc#1189998). - locking/rtmutex: Convert macros to inlines (bsc#1190137 bsc#1189998). - locking/rtmutex: Remove rt_mutex_is_locked() (bsc#1190137 bsc#1189998). - media/atomisp: Use lockdep instead of *mutex_is_locked() (bsc#1190137 bsc#1189998). - sched/wake_q: Provide WAKE_Q_HEAD_INITIALIZER() (bsc#1190137 bsc#1189998). - sched/core: Provide a scheduling point for RT locks (bsc#1190137 bsc#1189998). - sched/core: Rework the __schedule() preempt argument (bsc#1190137 bsc#1189998). - sched/wakeup: Prepare for RT sleeping spin/rwlocks (bsc#1190137 bsc#1189998). - sched/wakeup: Reorganize the current::__state helpers (bsc#1190137 bsc#1189998). - sched/wakeup: Introduce the TASK_RTLOCK_WAIT state bit (bsc#1190137 bsc#1189998). - sched/wakeup: Split out the wakeup ->__state check (bsc#1190137 bsc#1189998). - locking/rtmutex: Set proper wait context for lockdep (bsc#1190137 bsc#1189998). - locking/local_lock: Add missing owner initialization (bsc#1190137 bsc#1189998). - commit e9aaa1f - locking/semaphore: Add might_sleep() to down_*() family (bsc#1190137). - Documentation/atomic_t: Document forward progress expectations (bsc#1190137). - locking/rwsem: Remove an unused parameter of rwsem_wake() (bsc#1190137). - Documentation/atomic_t: Document cmpxchg() vs try_cmpxchg() (bsc#1190137). - locking/mutex: Add MUTEX_WARN_ON (bsc#1190137). - locking/mutex: Introduce __mutex_trylock_or_handoff() (bsc#1190137). - locking/mutex: Fix HANDOFF condition (bsc#1190137). - locking/mutex: Use try_cmpxchg() (bsc#1190137). - locktorture: Count lock readers (bsc#1190137). - locktorture: Mark statistics data races (bsc#1190137). - commit e3cdb0b ++++ hivex: - Update to version 1.3.21 hivex-1.3.21.tar.gz hivex-1.3.21.tar.gz.sig * Improve performance by adding a cache for iconv_t handles to hive_t * Increase HIVEX_MAX_VALUES for windows HKLM\SYSTEM\MountedDevices * hivexregedit: add --max-depth option for exports * hivexml: Add -u flag for HIVEX_OPEN_UNSAFE * Ruby: improve test functions * Update translations * Various bug fixes - Drop patches contained in new tarball CVE-2021-3622-stack-overflow-due-to-recursive-call-of-_get_children.patch 0001-lib-handle.c-Add-missing-bounds-check-for-block-exce.patch ++++ spice: - Update to v0.15.0 release This is the first release in the new 0.15.x stable series. * Minor updates to CI * Some compatibility with OpenSSL * Change the behavior of handle_dev_start ignoring multiple start requests * Ignore multiple calls to handle_dev_stop * Pick up newer spice-common to fix a buffer overflow issue - Dropped patches contained in new tarball 0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch 0002-quic-Check-image-size-in-quic_decode_begin.patch 0003-quic-Check-RLE-lengths.patch 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch 0001-With-OpenSSL-1.1-Disable-client-initiated-renegotiation.patch 0002-With-OpenSSL-1.0.2-and-earlier-disable-client-side-renegotiation.patch ++++ systemd: - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) ++++ libzypp: - CMake/spec: Add option to force SINGLE_RPMTRANS as default for zypper (fixes #340) - Make sure singleTrans is zypper-only for now. - Do not double check signatures and keys (bsc#1190059) - version 17.28.3 (22) ++++ osinfo-db: - Update to database version 20210903 osinfo-db-20210903.tar.xz ++++ zypper: - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Fix typo in German translation (fixes #395) - BuildRequires: libzypp-devel >= 17.28.3. - version 1.14.49 ------------------------------------------------------------------ ------------------ 2021-9-2 - Sep 2 2021 ------------------- ------------------------------------------------------------------ ++++ glibc: - mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify (CVE-2021-33574, bsc#1186489, BZ #27896) ++++ hwdata: - Update to version 0.351 (bsc#1190091): + Updated pci, usb and vendor ids. ++++ kernel-default: - update patches metadata Once again, the nvme repository branch has been rebased so that patches from it must have their Git-commit tags updated to avoid git-sort errors. - commit 0fe7e9c - supported.conf: yet more corrections for aarch64 Moved cros-ec and qcom-spmi stuff into solely optional subpkg - commit 3dd8f40 - rpm/config.sh: Use Update OBS/IBS projects Using GA confuses armv7hl build on IBS, and we should keep tracking the update in anyway. - commit 8986697 - Delete patches.suse/printk-console-Correctly-mark-console-that-is-used-w.patch. The upstream commit e369d8227fd211be36242fc4 ("printk: Fix preferred console selection with multiple matches") should be enough to fix the original issue (bsc#1040020). It causes that register_console() first matches console names defined via the command line. The preferred name will match first and CON_CONSDEV (C) flag will be set. As a result, showconsole will know what console is associated with /dev/console. - commit bcf71c6 - Update config files. Run run-oldconfig.sh and re-sort the config files to a clean state. - commit 26fcbce - lib/nmi_backtrace: Serialize even messages about idle CPUs (bsc#1189998). - commit f5da463 - printk: syslog: close window between wait and read (bsc#1189998). - commit 8faa622 - printk: convert @syslog_lock to mutex (bsc#1189998). - commit 75b3430 - printk: remove NMI tracking (bsc#1189998). - commit 76f2be0 - printk: remove safe buffers (bsc#1189998). - commit bad7a41 - rpm/mkspec-dtb: Sync with TW branch A few changes have been missing for the recent kernels that resulted in build errors of dtb packages. - commit 08ed01f - printk: track/limit recursion (bsc#1189998). - commit 6ef1d1a - btrfs: unify regular and subpage error paths in __extent_writepage() (jsc#SLE-17681). - btrfs: allow read-write for 4K sectorsize on 64K page size systems (jsc#SLE-17681). - btrfs: subpage: fix relocation potentially overwriting last page data (jsc#SLE-17681). - btrfs: subpage: fix false alert when relocating partial preallocated data extents (jsc#SLE-17681). - btrfs: subpage: fix a potential use-after-free in writeback helper (jsc#SLE-17681). - btrfs: subpage: fix race between prepare_pages() and btrfs_releasepage() (jsc#SLE-17681). - btrfs: subpage: reject raid56 filesystem and profile conversion (jsc#SLE-17681). - btrfs: subpage: allow submit_extent_page() to do bio split (jsc#SLE-17681). - btrfs: subpage: disable inline extent creation (jsc#SLE-17681). - btrfs: subpage: fix writeback which does not have ordered extent (jsc#SLE-17681). - btrfs: make relocate_one_page() handle subpage case (jsc#SLE-17681). - btrfs: reloc: factor out relocation page read and dirty part (jsc#SLE-17681). - btrfs: rework lzo_decompress_bio() to make it subpage compatible (jsc#SLE-17681). - btrfs: rework btrfs_decompress_buf2page() (jsc#SLE-17681). - btrfs: grab correct extent map for subpage compressed extent read (jsc#SLE-17681). - btrfs: disable compressed readahead for subpage (jsc#SLE-17681). - btrfs: subpage: check if there are compressed extents inside one page (jsc#SLE-17681). - btrfs: reset this_bio_flag to avoid inheriting old flags (jsc#SLE-17681). - btrfs: remove uptodate parameter from btrfs_dec_test_first_ordered_pending (jsc#SLE-17681). - btrfs: switch uptodate to bool in btrfs_writepage_endio_finish_ordered (jsc#SLE-17681). - btrfs: remove unused start and end parameters from btrfs_run_delalloc_range() (jsc#SLE-17681). - btrfs: check-integrity: drop kmap/kunmap for block pages (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from generic helpers (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from zstd (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from zlib (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from lzo (jsc#SLE-17681). - btrfs: drop from __GFP_HIGHMEM all allocations (jsc#SLE-17681). - commit 8fdc8cf - lib/nmi_backtrace: explicitly serialize banner and regs (bsc#1189998). - commit a46a563 - printk/console: Check consistent sequence number when handling race in console_unlock() (bsc#1190111). - commit f003e88 - Fix wrongly dropped CONFIG_SUSE_KERNEL_SUPPORTED on default kernel In the commit 8ab07a9c3eb0, I mistakenly dropped CONFIG_SUSE_KERNEL_SUPPORTED for x86_64/default instead of x86_64/debug. Correct the configs again. - commit 517caa1 - clk: staging: correct reference to config IOMEM to config HAS_IOMEM (git-fixes). - Update config files. - commit 553fdbe - supported.conf: More fixup for aarch64 build Also a typo fix in the previous change - commit dbd4d65 - drm/amd/pm: Fix a bug in semaphore double-lock (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - commit 0cfdea4 - xhci: Fix failure to give back some cached cancelled URBs (git-fixes). - wcn36xx: Ensure finish scan is not requested before start scan (git-fixes). - wan: remove stale Kconfig entries (git-fixes). - commit a6904e7 - blacklist.conf: Add an already cherry-picked wwan commit - commit dc79c3b - usb: host: xhci-rcar: Don't reload firmware after the completion (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - commit cffd3f1 - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc or intr (git-fixes). - usb: cdnsp: fix the wrong mult value for HS isoc or intr (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: mtu3: restore HS function when set SS/SSP (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: misc: brcmstb-usb-pinmap: add IRQ check (git-fixes). - usb: gadget: udc: s3c2410: add IRQ check (git-fixes). - commit ffaa491 - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: isp1301-omap: Fix the GPIO include (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - spi: spi-zynq-qspi: use wait_for_completion_timeout to make zynq_qspi_exec_mem_op not interruptible (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: : add missing struct kernel-doc entry (git-fixes). - commit 872c90f - soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - soc: qcom: aoss: Fix the out of bound usage of cooling_devs (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: mediatek: mmsys: Fix missing UFOE component in mt8173 table routing (git-fixes). - soc: mmsys: mediatek: add mask to mmsys routes (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - spi: davinci: invoke chipselect callback (git-fixes). - spi: coldfire-qspi: Use clk_disable_unprepare in the remove function (git-fixes). - commit b90aa8c - reset: simple: remove ZTE details in Kconfig help (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8723bs: fix wpa_set_auth_algs() function (git-fixes). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - power: supply: cw2015: use dev_err_probe to allow deferred probe (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - commit 9f6c7fa - memory: tegra: fix unused-function warning (git-fixes). - media: venus: helper: do not set constrained parameters for UBWC (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: venus: hfi: fix return value check in sys_get_prop_image_version() (git-fixes). - staging: mt7621-pci: fix hang when nothing is connected to pcie ports (git-fixes). - misc/pvpanic: fix set driver data (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - commit 254fa4e - media: Documentation: media: Improve camera sensor documentation (git-fixes). - media: omap3isp: Fix missing unlock in isp_subdev_notifier_complete() (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: atomisp: fix the uninitialized use and rename "retvalue" (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: rockchip/rga: fix error handling in probe (git-fixes). - media: v4l2-subdev: fix some NULL vs IS_ERR() checks (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - commit d7222a8 - lib/test_scanf: Handle n_bits == 0 in random tests (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: atmel: atmel-sama5d2-isc: fix YUYV format (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mac80211: remove unnecessary NULL check in ieee80211_register_hw() (git-fixes). - leds: lgm-sso: Propagate error codes from callee to caller (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - commit 7c24bb4 - iio: ltc2983: fix device probe (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - iwlwifi: mvm: fix old-style static const declaration (git-fixes). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - leds: rt8515: Put fwnode in any case during ->probe() (git-fixes). - leds: lt3593: Put fwnode in any case during ->probe() (git-fixes). - leds: lgm-sso: Don't spam logs when probe is deferred (git-fixes). - leds: lgm-sso: Put fwnode in any case during ->probe() (git-fixes). - leds: is31fl32xx: Fix missing error code in is31fl32xx_parse_dt() (git-fixes). - i2c: xlp9xx: fix main IRQ check (git-fixes). - commit 491c9c6 - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (git-fixes). - hwmon: remove amd_energy driver in Makefile (git-fixes). - hwmon: sht4x: update Documentation for Malformed table (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: hix5hd2: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: synquacer: fix deferred probing (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - commit bf527f5 - firmware: qcom_scm: Mark string array const (git-fixes). - drm/exynos: g2d: fix missing unlock on error in g2d_runqueue_worker() (git-fixes). - drm/amdgpu: fix kernel-doc warnings on non-kernel-doc comments (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dp: replug event is converted into an unplug followed by an plug events (git-fixes). - firmware: fix theoretical UAF race with firmware cache and resume (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - fpga: xilinx-pr-decoupler: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - commit c9e6f32 - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dp: update is_connected status base on sink count at dp_pm_resume() (git-fixes). - drm/msm/disp/dpu1: add safe lut config in dpu driver (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm: bridge: it66121: Check drm_bridge_attach retval (git-fixes). - drm/bridge: ti-sn65dsi86: Fix power off sequence (git-fixes). - drm/amd/pm: Fix a bug communicating with the SMU (v5) (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - commit f068ea3 - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm: mxsfb: Clear FIFO_CLEAR bit (git-fixes). - drm: mxsfb: Increase number of outstanding requests on V4 and newer HW (git-fixes). - drm: mxsfb: Enable recovery on underflow (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - drm: rcar-du: Don't put reference to drm_device in rcar_du_remove() (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv (git-fixes). - commit 594b73c - docs: networking: dpaa2: fix chapter title format (git-fixes). - docs: kvm: properly format code blocks and lists (git-fixes). - docs: kvm: fix build warnings (git-fixes). - docs: printk-formats: fix build warning (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - Revert "dmaengine: imx-sdma: refine to load context only once" (git-fixes). - drm/bridge: anx7625: Make hpd workqueue freezable (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - Revert "drm/i915/display: Drop FIXME about turn off infoframes" (git-fixes). - driver core: Fix error return code in really_probe() (git-fixes). - commit 845b17f - counter: 104-quad-8: Return error when invalid mode during ceiling_write (git-fixes). - clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel (git-fixes). - crypto: rmd320 - remove rmd320 in Makefile (git-fixes). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: omap - Avoid redundant copy when using truncated sg list (git-fixes). - crypto: ccp - shutdown SEV firmware on kexec (git-fixes). - crypto: ecc - handle unaligned input buffer in ecc_swap_digits (git-fixes). - crypto: x86/aes-ni - add missing error checks in XTS code (git-fixes). - char: tpm: Kconfig: remove bad i2c cr50 select (git-fixes). - commit 761b234 - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: Move shutdown callback before flushing tx and rx queue (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - can: c_can: c_can_do_tx(): fix typo in comment (git-fixes). - can: m_can: fix block comment style (git-fixes). - can: tcan4x5x: cdev_to_priv(): remove stray empty line (git-fixes). - can: j1939: j1939_session_tx_dat(): fix typo (git-fixes). - can: bittiming: fix documentation for struct can_tdc (git-fixes). - commit dfeba14 - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: btusb: Make the CSR clone chip force-suspend workaround more generic (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - commit b676294 - igb: Avoid memcpy() over-reading of ETH_SS_STATS (jsc#SLE-19094). - commit 93a11b3 - ASoC: imx-rpmsg: change dev_err to dev_err_probe for - EPROBE_DEFER (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: fsl_rpmsg: Check -EPROBE_DEFER for getting clocks (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: simple-card-utils: Avoid over-allocating DLCs (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: mediatek: mt8192:Fix Unbalanced pm_runtime_enable in mt8192_afe_pcm_dev_probe (git-fixes). - ASoC: tlv320aic32x4: Fix TAS2505/TAS2521 channel count (git-fixes). - commit d69a91a - igb: Add counter to i21x doublecheck (jsc#SLE-19094). - commit f117cef - Refresh patches.suse/btrfs-fix-NULL-pointer-dereference-when-deleting-dev.patch. - Refresh patches.suse/nvme-code-command_id-with-a-genctr-for-use-after-fre.patch. - Refresh patches.suse/nvme-pci-limit-maximum-queue-depth-to-4095.patch. - Refresh patches.suse/nvme-tcp-don-t-check-blk_mq_tag_to_rq-when-receiving.patch. - Refresh patches.suse/params-lift-param_set_uint_minmax-to-common-code.patch. - commit d7a1b93 - ASoC: codecs: wcd938x: fix returnvar.cocci warnings (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: wm_adsp: Put debugfs_remove_recursive back in (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ALSA: usb-audio: Add lowlatency module option (git-fixes). - ALSA: usb-audio: Work around for XRUN with low latency playback (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - commit 749ac46 - Move upstreamed btrfs and nvme patches into sorted section - commit 7e285de - Move upstreamed BT fixes into sorted section - commit 060f76e - blacklist.conf: Add an already cherry-picked BT entry - commit 272beb8 - vt_kdsetmode: extend console locking (bsc#1190025 CVE-2021-3753). - commit 1133248 - supported.conf: fix module subpkg dependencies for aarch64 - commit 14c4a2e - supported.conf: Add missing entries for aarch64 builds - commit 804fe91 - Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT (bsc#1190093) - commit ba1434f - Fix config and supported.conf for ppc64le builds Disable irrelevant modules: CONFIG_MDIO_IPQ4019 CONFIG_KEYBOARD_BCM CONFIG_SENSORS_GSC CONFIG_MFD_GATEWORKS_GSC CONFIG_I2C_HID_OF_GOODIX CONFIG_LEDS_AW2013 CONFIG_XILINX_ZYNQMP_DPDMA CONFIG_VDPA and relevant ones CONFIG_IOMMU_IOVA - commit d0e5beb ++++ kernel-firmware: - Update to version 20210901 (git commit 6f5aada830d6): * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_1D69 * rtl_bt: Update RTL8822C BT UART firmware to 0x05A9_1A4A * rtl_bt: Update RTL8822C BT USB firmware to 0x09A9_1A4A * Mellanox: Add new mlxsw_spectrum firmware xx.2008.3326 * iwlwifi: add FW for new So/Gf device type * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_127B * rtl_nic: update firmware of RTL8153C * ice: update package file to 1.3.26.0 - Update aliases ++++ ceph: - Update to 16.2.5-504-g6a3a59bd19e: + rebased on top of upstream commit SHA1 0d1e1f2973cae7645126fc88a72743367c790d9d + (bsc#1189605) cmake: exclude "grafonnet-lib" target from "all" ++++ systemd: - Drop dependency on m4 (replaced by Jinja2) ++++ podman: - require runc >= 1.0.1 ++++ qemu: - Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation. ++++ strace: - Update to strace 5.14 * Improvements * Implemented decoding of memfd_secret and quotactl_fd syscalls, introduced in Linux 5.14. * Enhanced prctl syscall decoding. * Enhanced decoding of IFLA_* netlink attributes. * Enhanced decoding of MDBA_ROUTER_PATTR_* mdb router port netlink attributes. * Updated lists of BPF_*, IORING_*, MADV_*, MOUNT_ATTR_*, SCTP_*, and UFFD_* constants. * Updated lists of ioctl commands from Linux 5.14. ------------------------------------------------------------------ ------------------ 2021-9-1 - Sep 1 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Add btrfs zstd compression on i386-pc and also make sure it won't break existing grub installations (bsc#1161823) * deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch * added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch ++++ kernel-default: - Update config files: drop CONFIG_SUSE_KERNEL_SUPPORTED on some flavors again (bsc#1190068) - commit 8ab07a9 - supported.conf: More fixups for x86-64 supported states - commit 37a445d - Drop downstream patches for DRM AST drivers Those are neither applicable nor valid on the recent upstream code. - commit ed98f8d - arm64: dts: rockchip: Disable CDN DP on Pinebook Pro (bsc#1188234). - commit 84c42d0 - regulator: mt6323: Add OF match table (bsc#1180731). - regulator: mt6358: Add OF match table (bsc#1180731). - regulator: mt6360: Add OF match table (bsc#1180731). - commit 81a7c74 - Bluetooth: btusb: Add support for Foxconn Mediatek Chip (bsc#1188064). - Bluetooth: btusb: Add support for IMC Networks Mediatek Chip (bsc#1188064). - commit 73cd599 - supported.conf: Move spi-mux into extra for unneeded dependency mess - commit 033b938 - supported.conf: Sort entries - commit defd825 - Update config files: disable unneeded modules for s390x/default CONFIG_SERIAL_BCM63XX=n CONFIG_SERIAL_FSL_LINFLEXUART=n CONFIG_VDPA_SIM*=n - commit d925443 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640 bsc#1188172). - commit 071eba1 - Move upstreamed BT patches into sorted section - commit 3fa501b - supported.conf: Fix for x86-64 build - commit d459e8f - nvme-multipath: revalidate paths during rescan (bsc#1181972). - commit ff45b6e - supported.conf: hyperv_drm (jsc#sle-19733) - commit 19a1bb2 - livepatch: Re-export two kallsyms functions Revert "kallsyms: unexport kallsyms_lookup_name() and kallsyms_on_each_symbol()" (bsc#1190003 jsc#SLE-17360). - commit d62679f - livepatch: Enable -flive-patching GCC option Revert "Revert "kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled"" (bsc#1190003 jsc#SLE-17360). - commit 8f68bda - livepatch: Drop klp-convert patches It is highly unlikely we will ever use klp-convert, so drop two small patches we currently have in the tree. References: jsc#SLE-17360 bsc#1190003 - Delete patches.suse/livepatch-create-and-include-UAPI-headers.patch. - Delete patches.suse/livepatch-modpost-ignore-unresolved-symbols.patch. - commit 52ab380 - livepatch: Re-enable patches.suse/livepatch-dump-ipa-clones.patch Re-enable patches.suse/livepatch-dump-ipa-clones.patch, so that we can continue to use IPA clones dumps for live patching even on SLE15-SP4. - Update config files. - Update patches.suse/livepatch-dump-ipa-clones.patch (jsc#SLE-17360 bsc#1190003). - commit c5b382c ++++ numactl: - Update to version 2.0.14.20.g4ee5e0c: * Fix system call numbers on s390x * numactl.c: fixed debug verify for --preferred option * numactl.c: Fixed description for the usage of numactl ++++ libseccomp: - Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. ++++ systemd: - Configure split-usr=true only when %usrmerged is not defined - Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f8220736b8f427...40bda18e346ff45132ccd6f8f8e96de78dcf3470 ++++ libvirt: - Update to libvirt 7.7.0 - jsc#SLE-18446 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html ++++ linux-glibc-devel: - Update to kernel headers 5.14 ++++ mdadm: - Remove Spare drives line from details for external metadata (bsc#1180661, bsc#1182642) 0118-Remove-Spare-drives-line-from-details-for-external-m.patch - Don't associate spares with other arrays during RAID Examine (bsc#1180661, bsc#1182642) 0119-Don-t-associate-spares-with-other-arrays-during-RAID.patch ++++ osinfo-db: - Update to database version 20210809 osinfo-db-20210809.tar.xz ++++ pam: - Added new file macros.pam on request of systemd. [bsc#1190052, macros.pam] ++++ python-libvirt-python: - Update to 7.7.0 - Add all new APIs and constants in libvirt 7.7.0 - jsc#SLE-18446 ++++ salt: - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Added: * fix-failing-unit-tests-for-systemd.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * don-t-use-shell-sbin-nologin-in-requisites.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * templates-move-the-globals-up-to-the-environment-jin.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * backport-of-upstream-pr59492-to-3002.2-404.patch ------------------------------------------------------------------ ------------------ 2021-8-31 - Aug 31 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Delete the author list from %description (the %description section is literally for package descriptions (only) these days, encoding was also problematic). - Add %doc AUTHORS to get packaged that info ++++ irqbalance: - Update to version 1.8.0.18.git+2435e8d.obscpio: * fix unsigned integer subtraction sign overflow - Make git hash in version better visable .git+ ++++ kernel-default: - Delete patches.suse/pcc-cpufreq-Re-introduce-deadband-effect-to-reduce-number-of-frequency-changes.patch. - Delete patches.suse/sched-Further-improve-spurious-CPU_IDLE-active-migrations.patch. Evaluated and are unnecessary - commit c00353f - rpm/config.sh: Update product and build projects. - commit aa0b0dc - Add guards to out-of-tree performance patches that require re-evaluation While these patches apply, there have been changes made upstream that requires them to be re-evaluated. - commit f4767bf - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - commit e98096d - arm64: Update config files. (bsc#1189922, jsc#SLE-20148, jsc#SLE-20721) Enable ISP1760_DUAL_ROLE - commit ad8336c - README.BRANCH: Update branch name and maintainers for SLE15-SP4 - commit 9b584c8 - Enable DEBUG_INFO_BTF (jsc#SLE-18805). - commit 1b36b45 - Remove obsolete non-upstream patches (bsc#1165404). - Delete patches.suse/powerpc-pseries-group-lmb-operation-and-memblock-s.patch. - Delete patches.suse/powerpc-pseries-update-device-tree-before-ejecting-h.patch. - commit ea3f853 - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - commit 357f09a ++++ mozilla-nss: - Removed nss-fips-kdf-self-tests.patch. This was made obsolete by upstream changes. (bmo#1660304) - Rebase nss-fips-stricter-dh.patch needed due to upstream changes. ++++ gpgme: - Update to 1.16.0 in SLE-15-SP4: [jsc#SLE-20014, jsc#SLE-21114] * Remove gpgme-test-json.patch fixed upstream ++++ libtpms: - security update - added patches fix CVE-2021-3746 [bsc#1189935], out-of-bounds access via specially crafted TPM 2 command packets + libtpms-CVE-2021-3746.patch ++++ libzypp: - Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a not UsrMerged Tumbleweed system. - version 17.28.2 (22) ++++ podman: - Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the - -pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. ++++ qemu: - Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7 ++++ supermin: - s390x may have a kernel named /boot/image ------------------------------------------------------------------ ------------------ 2021-8-30 - Aug 30 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Added hardening to systemd service(s). Added patch(es): * harden_chrony-wait.service.patch * harden_chronyd.service.patch ++++ transactional-update: - Version 3.5.2 - tukit: Fix overlay syncing errors with SELinux [bsc#1188648] - Don't print message for `shell` with --quiet [gh#openSUSE/transactional-update#69] ++++ gsettings-desktop-schemas: - Update to version 41.rc: + Stop setting legacy GNOME 2 shortcut by default. + Updated translations. ++++ kernel-default: - config: enable CONFIG_BMP280 as module (bsc#1189695). - commit 944ae09 - config: enable CONFIG_SERIAL_DEV_BUS (bsc#1189694). As a result, two other options were exposed. These are also aligned with the results of bsc#1182035. CONFIG_SERIAL_DEV_CTRL_TTYPORT=y CONFIG_BT_HCIUART_BCM=y - config: disable CONFIG_REMOTEPROC on non-ARM architectures (bsc#1189693). - config: disable CONFIG_SENSORS_LM3533 (bsc#1189690). - config: enable CONFIG_EROFS_FS_ZIP (bsc#1189689). - Delete patches.suse/misdn-add-support-for-group-membership-check. This patch depends on CONFIG_ISDN which is disabled. - commit a070a3c - config: enable CONFIG_PRINTK_CALLER (bsc#1189671). - config: modularize CONFIG_NF_REJECT_IPV[46] (bsc#1189111). Also mark these new modules as supported and part of the base package. - config: increase CONFIG_LOG_CPU_MAX_BUF_SHIFT (bsc#1189076). CONFIG_LOG_CPU_MAX_BUF_SHIFT determines the size of a the printk log buffer. This change syncs with the master branch and increases the buffer size from 4k/cpu to 32k/cpu. - commit 57994c4 - config: enable CONFIG_GENERIC_IRQ_DEBUGFS (bsc#1189074). - config: re-enable NLS_ISO8859_1 for kvmsmall The EFI partition wants NLS_ISO8859_1 and will fail to mount without it. - pvusb: fix build warning due to missing fallthrough annotation - SLE15-SP4: fix and re-enable mobiveil errata patchset This also incorporates a revert of removed code from mainline: - PCI: mobiveil: Remove unused readl and writel functions (bsc#1161495). - SLE15-SP4: fix and re-enable oracleasm compatibilty exports bio_map_user_iov is again exported but its prototype has changed, which will require updates in the oracleasm code. - commit cb8b4aa - SLE15-SP4: fix and re-enable rbd lio target support There were some API changes in the rbd code that required some rework. Notably, rbd_img_request_create was eliminated and the snapc argument was dropped, which didn't need particularly special handling at the call sites but deserved to be documented. - SLE15-SP4: xfs: fix and re-enable repair of malformed inode items The log recovery subsystem was reworked and this patch needed minor updating. - SLE15-SP4: fix and re-enable PKCS-7 codeSigning patch There was a new call site that needed usage passed to it but otherwise a simple update. - SLE15-SP4: update product/release identifying patches and re-enable These didn't really require much updating but were dependent on the context of the supported-flag patches. - commit de4c7ec - supported-flag: consolidate separate patches into one and re-enable The history of the five supported flag patches can be found in the commit log. This commit unifies them and reverts the removal of get_next_line from mainline to allow supported() to repeatedly scan the file in memory without modifying it. I looked into using tsearch() to handle the lookups and it turns out that it's no faster than just scanning the file repeatedly in memory. - commit d453119 - SLE15-SP4: re-enable patches with simple context conflicts Patches with simple context conflicts but are otherwise correct are fixed and re-enabled. - commit 89a2230 - SLE15-SP4: Update the base kernel version to 5.14. Required changes for rebasing: - Remove all obsolete backports - Remove all kABI references - Remove all kABI fixes - Remove obsolete blacklisted commits - Disable kABI padding patches - Disable and annotate patches that don't apply and need updating - Update config files - Update supported.conf with new dependencies All configurations retain settings from SLE15-SP3, if possible, and adopt new settings from master. - commit 98da1c5 - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release has arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - commit 56f2cba ++++ krb5: - Fix KDC null pointer dereference via a FAST inner body that lacks a server field; (CVE-2021-37750); (bsc#1189929); - Added patches: * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ++++ libnettle: - Provide s390x CPACF/SHA/AES Support for Crypto Libraries * Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733] ++++ pcsc-ccid: - Version 1.4.36 * Add support of - Lenovo Lenovo Smartcard Wired Keyboard II - REINER SCT tanJack USB - SafeNet eToken 5110+ FIPS - SafeNet eToken 5300 C - jSolutions s.r.o. Multi SIM card reader 4/8 * parse: fix check when bNumDataRatesSupported = 0 ++++ yast2-trans: - Update to version 84.87.20210828.fbeca8288d: * Translated using Weblate (Finnish) * New POT for text domain 'installation'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'add-on'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Interpolation fixes * Interpolation fixes * New POT for text domain 'packager'. * New POT for text domain 'online-update'. ------------------------------------------------------------------ ------------------ 2021-8-29 - Aug 29 2021 ------------------- ------------------------------------------------------------------ ++++ openssl-1_1: - Other OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. * CVE-2021-3712 continued * bsc#1189521 * Add CVE-2021-3712-other-ASN1_STRING-issues.patch * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521 2021-08-24 00:47 PDT by Marcus Meissner ------------------------------------------------------------------ ------------------ 2021-8-28 - Aug 28 2021 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 21.2.1 * first bugfix release ------------------------------------------------------------------ ------------------ 2021-8-27 - Aug 27 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-netconfig-azure: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update ++++ kernel-default: - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743 bsc#1189883). - net: qrtr: fix OOB Read in qrtr_endpoint_post (CVE-2021-3743 bsc#1189883). - commit 78ff8ba - rpm: fix kmp install path - commit 22ec560 - btrfs: fix NULL pointer dereference when deleting device by invalid id (bsc#1189832 CVE-2021-3739). - commit 6bfce07 ++++ kmod: - Add ZSTD support on Tumbleweed only. Add a way to detect ZSTD. ++++ patterns-microos: - zypper-migration-plug-in now provided by suseconnect-ng ++++ qemu: - Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch ++++ selinux-policy: - fix rebootmgr does not trigger the reboot properly (boo#1189878) * fix managing /etc/rebootmgr.conf * allow rebootmgr_t to cope with systemd and dbus messaging ++++ suseconnect-ng: - Update to version 0.0.3~git9.19e761b: * Add zypper-migration-plugin to package * Remove unused Error logger * Add missing doc strings to exported vars and funcs * Handle error after products sync api call * Make the CI check gofmt ------------------------------------------------------------------ ------------------ 2021-8-26 - Aug 26 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - params: lift param_set_uint_minmax to common code (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - commit 01de302 - post.sh: detect /usr mountpoint too - commit c7b3d74 - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - commit 8bf2f14 ++++ hivex: - bsc#1189060 - VUL-0: CVE-2021-3622: hivex: hivex: stack overflow due to recursive call of _get_children() CVE-2021-3622-stack-overflow-due-to-recursive-call-of-_get_children.patch ++++ python3-core: - test_faulthandler is still problematic under qemu linux-user emulation, disable it there ++++ libssh: - Update to version 0.9.6 (bsc#1189608, CVE-2021-3634) * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 ++++ patterns-microos: - added sssd_ldap pattern ++++ python3: - test_faulthandler is still problematic under qemu linux-user emulation, disable it there ++++ qemu: - Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1 For a full list of formely deprecated features that are removed, consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html For a list of new deprecated features, consult: https://qemu-project.gitlab.io/qemu/about/deprecated.html Some noteworthy changes: * Removed moxie CPU. * Removed lm32 CPU. * Removed unicore32 CPU. * Removed 'info cpustats'. * Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc. * Added npcm7xx machine: quanta-gbs-bmc. * Model for Aspeed's Hash and Crypto Engine. * SVE2 is now emulated, including bfloat16 support * FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and FEAT_MTE3 are now emulated. * Improved hot-unplug failures on PowerPC pseries machine. * Implemented some POWER10 instructions in TCG. * Added shakti_c RISC-V machine. * Improved documentation for RISC-V machines. * CPU models for gen16 have been added for s390x. * New CPU model versions added with XSAVES enabled: Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5, Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3, Snowridge-v3, Dhyana-v2 * Added ACPI based PCI hotplug support to Q35 machine. Enabled and used by default since pc-q35-6.1 machine type. * Added support for the pca9546 and pca9548 I2C muxes. * Added support for PMBus and several PMBus devices. * Crypto subsystem: The preferred crypto backend driver now gnutls, with libgcrypt as the second choice, and nettle as third choice, with ordering driven mostly by performance of the ciphers. * Misc doc improvements. * Patches removed: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch hw-block-nvme-align-with-existing-style.patch hw-block-nvme-consider-metadata-read-aio.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-nvme-fix-missing-check-for-PMR-capabi.patch hw-nvme-fix-pin-based-interrupt-behavior.patch hw-pci-host-q35-Ignore-write-of-reserved.patch hw-rdma-Fix-possible-mremap-overflow-in-.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch linux-user-aarch64-Enable-hwcap-for-RND-.patch module-for-virtio-gpu-pre-load-module-to.patch monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch pvrdma-Ensure-correct-input-on-ring-init.patch pvrdma-Fix-the-ring-init-error-flow-CVE-.patch qemu-config-load-modules-when-instantiat.patch qemu-config-parse-configuration-files-to.patch qemu-config-use-qemu_opts_from_qdict.patch runstate-Initialize-Error-to-NULL.patch sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch target-i386-Exit-tb-after-wrmsr.patch target-sh4-Return-error-if-CPUClass-get_.patch tcg-Allocate-sufficient-storage-in-temp_.patch tcg-arm-Fix-tcg_out_op-function-signatur.patch tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch usb-redir-avoid-dynamic-stack-allocation.patch usbredir-fix-free-call.patch vfio-ccw-Permit-missing-IRQs.patch vhost-user-blk-Check-that-num-queues-is-.patch vhost-user-blk-Don-t-reconnect-during-in.patch vhost-user-blk-Fail-gracefully-on-too-la.patch vhost-user-blk-Get-more-feature-flags-fr.patch vhost-user-blk-Make-sure-to-set-Error-on.patch vhost-user-gpu-abstract-vg_cleanup_mappi.patch vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch vhost-user-gpu-fix-resource-leak-in-vg_r.patch vhost-vdpa-don-t-initialize-backend_feat.patch virtio-blk-Fix-rollback-path-in-virtio_b.patch virtio-Fail-if-iommu_platform-is-request.patch virtiofsd-Fix-side-effect-in-assert.patch vl-allow-not-specifying-size-in-m-when-u.patch vl-Fix-an-assert-failure-in-error-path.patch vl-plug-object-back-into-readconfig.patch vl-plumb-keyval-based-options-into-readc.patch x86-acpi-use-offset-instead-of-pointer-w.patch ++++ selinux-policy: - Properly label cockpit files - Allow wicked to communicate with network manager on DBUS (bsc#1188331) ------------------------------------------------------------------ ------------------ 2021-8-25 - Aug 25 2021 ------------------- ------------------------------------------------------------------ ++++ cryptsetup: - As YaST passes necessary parameters to cryptsetup anyway, we do not necessarily need to take grub into consideration. So back to Argon2 to see how it goes. ++++ gobject-introspection: - Update to version 1.69.0: + Fix build when gobject-introspection is a subproject, + Add more float types, + Make test suite work with cross-related options, + Fix several leaks found by Coverity, + Fix enum member, + Add g-ir-doc-tool man page, + Export warnlib sources as variables, + Update the GLib annotations, + Add "final" class attribute, + Add option to make .gir files installation paths configurable, + Handle constructors with mismatched GTypes, + Add property accessors annotations, ++++ kernel-default: - Refresh patches.suse/blk-mq-sched-Fix-blk_mq_sched_alloc_tags-error-handl.patch. - commit 6f36e1b - perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - commit 8f47b8e - kABI fix of usb_dcd_config_params (git-fixes). - commit 8726268 ++++ json-glib: - Update to version 1.6.6: + New release with the documentation and gi-docgen included in the archive. - Drop gtk-doc BuildRequires, no longer needed, nor used. - Add docbook-xsl-stylesheets and libxslt-tools BuildRequires, needed for building of manpages. ++++ libqmi: - Update to version 1.28.8 * libqmi-glib: - Fix CTL "Set Data Format" output TLV prerequisites. - Fix double free in the qmiwwan based net port manager. ++++ libsoup2: - Rename source package to libsoup2, as a compatibility package while the world moves to libsoup3 (with HTTP/2 support). ++++ pam: - Added pam_faillock to the set of modules. [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch] ++++ supermin: - Update to 5.2.1 bug fix release. Include post 5.2.1 upstream fix. Avoid-lstat-Value-too-large-for-defined-data-type.patch disable-test-if-newer-ext2.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#520 - ensure /usr/share/pci.ids exists (bsc#1189767) - 16.56.11 ------------------------------------------------------------------ ------------------ 2021-8-24 - Aug 24 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - commit 33182b7 - blacklist.conf: 9625895011d1 x86/fpu: Fix copy_xstate_to_kernel() gap handling - commit 50f6bfa - net: usb: lan78xx: don't modify phy_device state concurrently (bsc#1188270) - commit 4e61642 - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - commit 41aa06c - usb: gadget: Export recommended BESL values (git-fixes). - commit 96bbeda ------------------------------------------------------------------ ------------------ 2021-8-23 - Aug 23 2021 ------------------- ------------------------------------------------------------------ ++++ glib2-branding-openSUSE: - Update for libreoffice-* desktop files no longer dropping the libreoffice- prefix. ++++ glib-networking: - Update to version 2.70.beta: + gnutls: Ensure that PKCS #11 pins are NUL terminated. + openssl: Restore OCSP support. ++++ glib2: - Update to version 2.69.2: + The `DBUS_SESSION_BUS_ADDRESS` environment variable is once more not used if the process is `AT_SECURE` (setuid/setgid/setcap); this change was previously applied and then reverted because it broke gnome-keyring + Add `g_test_fail_printf()`, `g_test_skip_printf()`, `g_test_incomplete_printf()` helper functions for printing messages when tests end prematurely + Add portal implementation of `GPowerProfileMonitor` + Various bugs fixed + Updated translations. - Update to version 2.69.1: + Support categories in desktop notifications (`GNotification`) + Add `GPowerProfileMonitor` for monitoring when to use less power (due to being on battery power, electricity being expensive or high-carbon, etc.) + Allow static names to be set for `GSource`s to avoid unnecessary string copies + Various bugs fixed + Updated translations. - Update to version 2.69.0: + Fix a crash in `GKeyFile` when parsing a file which contains translations using a `GKeyFile` instance which has loaded another file previously. + Ensure `dlerror()` is used with locking as it’s not thread-safe in some libc implementations. + Drop internal libpcre copy in favour of a subproject from wrapdb. + Optimise grefcount atomic operations. + Fix `g_date_time_format()` return value encoding if `LC_TIME` is not a UTF-8 locale but other locale settings are. + Set app name in freedesktop.org notifications with `GNotification`. + Add PKCS#11 flags to `GTlsPasswordFlags`. - Drop -Dinternal_pcre=false meson parameter: follow upstreams build recipe changes. ++++ gsettings-desktop-schemas: - Update to version 41.alpha: + Add lockdown setting for revealing passwords. + Updated translations. ++++ ignition: - Make sure to create /boot/writable (may not be present in some images) ++++ kernel-default: - ovl: prevent private clone if bind mount is not allowed (bsc#1189706, CVE-2021-3732). - commit d40514b - blacklist.conf: 6c34df6f350d ("tracing: Apply trace filters on all output channels") Requires at least commit 8cfcf15503f6 ("tracing: kprobes: Output kprobe event to printk buffer") too. Let's wait if there is an actual problem for someone. - commit ef40598 - kernel-binary.spec.in: make sure zstd is supported by kmod if used - commit f36412b - kernel-binary.spec.in: add zstd to BuildRequires if used - commit aa61dba - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - commit bf4be33 - x86/sev: Use "SEV: " prefix for messages from sev.c (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - commit 33b49b0 - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - commit 72c8a0d - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - commit cc02968 - Fix breakage of swap over NFS (bsc#1188924). - commit 9f3f2ef - Update Patch-mainline tags for patches that landed in 5.14-rc7. - commit 118111d ++++ libgcrypt: - Update to 1.9.4: [jsc#SLE-17558, jsc#SLE-18135, jsc#SLE-20734] * Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - Add GCM and CCM to OID mapping table for AES. * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch - Remove not needed patch libgcrypt-sparcv9.diff ++++ libsoup2: - Update to version 2.74.0: + IMPORTANT: Enable ssl-use-system-ca-file by default on deprecated Sync and Async sessions. + Fix including headers in C++ projects. + Fix attempting to resolve relative paths with data URIs. + Support Content-Disposition headers without a disposition-type. + Fix building VAPI bindings with latest Vala. + Fix sending a Content-Length header in a response with status code of 1xx or 204. + Updated translations. - Drop libsoup-fix-SSL-test.patch: fixed upstream. ++++ systemd: - Rework the test (sub)package: - it's been renamed into 'systemd-testsuite' - it includes the extended tests too - the relevant commits have been backported to SUSE/v249 so no SUSE specific patch is needed to run the extended tests (see below) - the deps needed by the extended tests have been added - Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427 ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too 088fbb71d0 test: adapt install_pam() for openSUSE 4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE" ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static" 6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only 278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set 3bba2f876a test: add support for NO_BUILD=1 on openSUSE d77cbc1b64 test: make busybox TEST-13-only dependency ++++ libzypp: - Fix crashes in logging code when shutting down (bsc#1189031) - version 17.28.1 (22) ++++ netcfg: - add submissions port number [bsc#1189683] - modified patches % services-suse.diff ++++ podman: - Revert crun change due to crun having exclusive arch targets that would drop podman support in PPC and IBM Z ++++ runc: - Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the "adding seccomp filter rule for syscall ..." error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful "failed to decode ..." errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. ++++ selinux-policy: - Added policy module for rebootmgr (jsc#SMO-28) ++++ toolbox: - Update to version 2.2+git20210823.dd0fff8: * README mini-typo * Docker: don't use unsupported --userns=keep-id * Docker: also check for created status * Try to use docker if installed and podman is not * Properly share namespaces in non-user toolboxes * Properly quote workdir ++++ yast2-trans: - Update to version 84.87.20210822.664756784b: * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Czech) * New POT for text domain 'country'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'services-manager'. ------------------------------------------------------------------ ------------------ 2021-8-22 - Aug 22 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - commit 7a5c94a - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - commit 0bed191 - Update config files: disable CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH (bsc#1189696) This option is only for special purpose, and rather harmful for the usual operations. - commit 1e546ed ++++ xfsprogs: - update to v5.13.0: - mkfs: validate rtextsz hint when rtinherit is set - xfs_repair: invalidate dirhash when junking dirent - xfs_repair: validate inherited rtextsz hint alignmt - xfs_quota: allow truncate of grp & prj quota files - xfs_io: allow callers to dump fs stats individually - xfs_io: don't count fsmaps before querying fsmaps - xfs_io: print header once when dumping fsmap in csv - xfs_io: clean up the funshare command a bit - xfs_io: fix broken funshare_cmd usage - libxfs changes merged from kernel 5.13 ------------------------------------------------------------------ ------------------ 2021-8-21 - Aug 21 2021 ------------------- ------------------------------------------------------------------ ++++ json-glib: - Update to version 1.6.4: + Discover linker flags on all toolchains + Fix memory leak + Use gi-docgen instead of gtk-doc for generating the API reference + Build against newer versions of GLib - Pass gtk_doc=disabled to meson, no longer build API documentation. ------------------------------------------------------------------ ------------------ 2021-8-20 - Aug 20 2021 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.68.4: + Various bugfixes and backports from master. + Updated translations. - Drop 63e7864.patch: fixed upstream. ++++ open-iscsi: - Merged latest upstream, which includes: * iscsid: set PR_SET_IO_FLUSHER (bsc#1188869) ++++ kernel-default: - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ("rpm: support compressed modules") for compression methods other than xz. - commit 3b8c4d9 - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - commit a13877e ++++ libjpeg-turbo: - version update to 2.1.1 1. Fixed a regression introduced in 2.1.0 that caused build failures with non-GCC-compatible compilers for Un*x/Arm platforms. 2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit (AArch32) Neon SIMD extensions from building unless the C compiler flags included -mfloat-abi=softfp or -mfloat-abi=hard. 3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on undefined C compiler behavior led to crashes ("SIGBUS: illegal alignment") on Android systems when running AArch32/Thumb builds of libjpeg-turbo built with recent versions of Clang. 4. Added a command-line argument (-copy icc) to jpegtran that causes it to copy only the ICC profile markers from the source file and discard any other metadata. 5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which use capability pointers that are larger than the size of size_t. 6. Fixed a regression introduced by 2.1 beta1[5] that caused a segfault in the 64-bit SSE2 Huffman encoder when attempting to losslessly transform a specially-crafted malformed JPEG image. ++++ podman: - Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert ".cirrus.yml: use fresh images for all VMs" * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html ------------------------------------------------------------------ ------------------ 2021-8-19 - Aug 19 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.10: + core: fix the order of IPv6 addresses changing on service restart. + initrd: add command line option to configure link autonegotiation and speed. + ifcfg-rh: - fix crash when parsing invalid DNS address. - extend ifup/ifdown scripts to work with connection profile names. + udev: also react to "move" (and "change") udev actions in our rules. - Changes from version 1.32.8: + firewalld: configure zones on "Reloaded" signal. + core: fix wrong MTU for bridge interfaces. + cloud-setup: fix gateway address for Aliyun cloud. ++++ cockpit: - add --legacy-peer-deps to fix build ++++ cockpit-wicked: - Version 4.2: * Update a few dependencies to address security concerns (gh#132). - Fix a packaging problem that caused cockpit-wicked to do not work at all (bsc#1189611). ++++ kernel-default: - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - commit a690151 - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - commit 62c768e - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - commit 4d62c8f - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - commit bb87ddf - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - commit 46381a6 - series.conf: cleanup - move mainline backports to sorted section: - patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch - patches.suse/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested.patch - commit 30636ef ++++ suse-module-tools: - Update to version 15.4.3: * fix problem that initrd may not be rebuilt after installing kernel-$flavor-extra (bsc#1189441) ------------------------------------------------------------------ ------------------ 2021-8-18 - Aug 18 2021 ------------------- ------------------------------------------------------------------ ++++ cpio: - Fix regression in last update (bsc#1189465) * fix-CVE-2021-38185_2.patch * fix-CVE-2021-38185_3.patch ++++ kernel-default: - Refresh patches.suse/x86-fpu-make-init_fpstate-correct-with-optimized-xsave.patch. - commit 20ad695 - Refresh patches.suse/x86-fpu-make-init_fpstate-correct-with-optimized-xsave.patch. - commit 9deb044 - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - commit da7e3ca - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - commit f7e0183 - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - commit ae93a20 - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - commit 50b39b2 - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - commit 3cfd5e7 - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - blacklist.conf: - commit d0fe9df - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - commit abd23d2 - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - commit 7960ad8 - ocfs2: fix snprintf() checking (bsc#1189581). - commit ca894bd - ocfs2: fix zero out valid data (bsc#1189579). - commit 42e68bc - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - commit b318f10 - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - commit 13d68f1 - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - commit edbcd21 - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - commit a8937b5 - bdi: Do not use freezable workqueue (bsc#1189573). - commit 60e4174 - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - commit 1b1dfcf - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - commit 0ace36d - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - commit 4329025 - ext4: fix avefreec in find_group_orlov (bsc#1189566). - commit d7bfbbd - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - commit 3ca5f18 - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - commit cd60859 - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - commit 200d004 - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - commit fd9a225 - blacklist.conf: add Kconfig patch for BLK_DEV_INITRD Add 481083ec0bfc ("initramfs: Remove redundant dependency of RD_ZSTD on BLK_DEV_INITRD") to blacklist. We don't have be1859bdc660 ("initramfs: remove redundant dependency on BLK_DEV_INITRD"), on which this one is based, either. - commit 598e95d - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - commit 92c63a5 - KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (bsc#1189399, CVE-2021-3653). - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (bsc#1189400, CVE-2021-3656). - KVM: X86: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198 bsc#1189262). - commit 7902615 - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - commit 2a94579 - Revert "xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype" (bsc#1185675). This revert was initially applied to SLE15-SP2-RT (70e4d04b75f). Since the reverted commit went into SLE15-SP2 (96f285dfa8b), the revert needs to move from SLE15-SP2-RT to SLE15-SP2. - commit f32a28c - Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237). - commit 8a87839 - blacklist.conf: add an entry for the reverted iTCO_wdt - commit 4c97ae2 ++++ kmod: - Display module information even for modules built into the running kernel (bsc#1189537). + libkmod-Provide-info-even-for-modules-built-into-the.patch ++++ mozilla-nss: - Update nss-fips-constructor-self-tests.patch to fix crashes reported by upstream. This was likely affecting WebRTC calls. ++++ gcc11: - Require libgccjit%{libgccjit_sover}%{libgccjit_suffix} from libgccjit%{libgccjit_sover}-devel%{libdevel_suffix}. ++++ openssl-1_1: - A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. * CVE-2021-3711 * bsc#1189520 * Add: CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch - The function X509_aux_print() has a bug which may cause a read buffer overrun when printing certificate details. A malicious actor could construct a certificate to deliberately hit this bug, which may result in a crash of the application (causing a Denial of Service attack). * CVE-2021-3712 * bsc#1189521 * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch ++++ pango: - Update to version 1.48.9: + Don't require a newly attached buffer to apply state. + Fix upside-down Xshape surface with EGLstream. + Misc. bug fixes and cleanups. + Updated translations. ++++ nvme-cli: - update to 1.15 * add NVMe MI features * add uuid index in get and set features command * nvme-cli: Add lsi option for get-log command * nvme: add json output format for list_ns * fabrics: add fast_io_fail_tmo option * fabrics: add --host-iface option * nvme: add latency parameter for passthru commands * nvme: add optional copy format support id ctrl field * nvme: add zone desc changed notice async event * nvme: add json, binary and human readable output format for id iocs * fabrics: print device name on connect * nvme: add get log page 2.0 spec fields * nvme: add the status codes from 2.0 spec * zns: add timeout parameter for Zone Management Commands * nvme: add CDW2 and CDW3 support for Write Zeroes and Verify Command * nvme: add Storage Tag Check field in NVM Commands * bash: updated completion support for latest commands and plugins * nvme: add capacity management command support * add identify CNS 0x18 domain list support ------------------------------------------------------------------ ------------------ 2021-8-17 - Aug 17 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Post update-alternatives approach back from factory for /bin/sh (SLE-19670) ++++ haproxy: - Update to version 2.4.3+git0.4dd5a5a6c: CVE-2021-39240 CVE-2021-39241 CVE-2021-39242 (boo#1189366 boo#1189548 boo#1189549) * [RELEASE] Released version 2.4.3 * REGTESTS: add a test to prevent h2 desync attacks * BUG/MEDIUM: h2: give :authority precedence over Host * BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header * BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it * BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax * MINOR: http: add a new function http_validate_scheme() to validate a scheme * DOC/MINOR: fix typo in management document * CLEANUP: assorted typo fixes in the code and comments * BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check * BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued * DOC: config: Fix 'http-response send-spoe-group' documentation * DOC: Improve the lua documentation * BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer * BUG/MINOR: buffer: fix buffer_dump() formatting * BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released * MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure * ADMIN: dyncookie: implement a simple dynamic cookie calculator * MINOR: server: unmark deprecated on enable health/agent cli * BUG/MINOR: server: update last_change on maint->ready transitions too * BUG/MINOR: server: remove srv from px list on CLI 'add server' error * BUILD: opentracing: fixed build when using pkg-config utility * DOC: internals: document the FD takeover process * BUG/MINOR: fd: protect fd state harder against a concurrent takeover * BUG/MINOR: pollers: always program an update for migrated FDs * BUG/MINOR: poll: fix abnormally high skip_fd counter * BUG/MINOR: select: fix excess number of dead/skip reported * BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before * BUG/MEDIUM: connection: close a rare race between idle conn close and takeover * BUG/MINOR: connection: Add missing error labels to conn_err_code_str * BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames * BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called * BUG/MINOR: mux-h2: Obey dontlognull option during the preface * BUG/MINOR: mux-h1: Obey dontlognull option for empty requests * BUG/MINOR: systemd: must check the configuration using -Ws * BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree * BUG/MINOR: check: fix the condition to validate a port-less server * BUG/MINOR: stats: Add missing agent stats on servers * BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request * BUILD/MINOR: memprof fix macOs build. * BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs * BUG/MEDIUM: mworker: do not register an exit handler if exit is expected * BUILD: lua: silence a build warning with TCC * BUILD: add detection of missing important CFLAGS * BUG/MINOR: ssl: Default-server configuration ignored by server * MINOR: mux_h2: define config to disable h2 websocket support * BUILD: http_htx: fix ci compilation error with isdigit for Windows ++++ jeos-firstboot: - Include appropriate Requires * wicked * iptroute2 * timezone ++++ kernel-default: - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - commit 5e0eec9 - tracing: Reject string operand in the histogram expression (git-fixes). - commit edab067 - tracing / histogram: Give calculation hist_fields a size (git-fixes). - commit 49985ee - blacklist.conf: 1e3bac71c505 ("tracing/histogram: Rename "cpu" to "common_cpu"") Better not to backport the commit as it changes the semantics of an existing field. - commit 00d0183 - blacklist.conf: 6c881ca0b304 ("afs: Fix tracepoint string placement with built-in AFS") CONFIG_AFS_FS is not set on SLE15-SP2. It is on SLE15-SP3 but only as a module, not built-in. No need to backport the commit. - commit 43483b1 - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - commit b15ef07 - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - commit 7fe32f7 - block: fix trace completion for chained bio (bsc#1189505). - commit 47344da - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - commit 7b07185 - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - commit 798c57a - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - commit 55d9570 - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()" (git-fixes). - commit 990b695 - Revert a BT patch that was reverted on stable trees (git-fixes) Delete patches.suse/Bluetooth-Shutdown-controller-after-workqueues-are-f.patch - commit 127d54b - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - commit 0a223c6 ++++ samba: - Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875); - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875); - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727); - Add Certificate Auto Enrollment Policy; (jsc#SLE-18456). - Update to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); - Update to 4.13.9 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); - Update to 4.13.8 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571 - Update to 4.13.7 * Release with dependency on ldb version 2.2.1. ++++ selinux-policy: - Allow systemd-sysctl to read kernel specific sysctl.conf (fix_kernel_sysctl.patch, boo#1184804) ------------------------------------------------------------------ ------------------ 2021-8-16 - Aug 16 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - harden_auditd.service.patch: automatic hardening applied to systemd services ++++ dracut: - Update to version 055+suse.117.ge5fc2048: * fix(suse-initrd): need to handle relative links too ++++ kernel-default: - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - commit 603fc19 - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). About the pahole version: v1.18 should be bare mnimum, v1.22 should be fully functional, for now we ship git snapshot with fixes on top of v1.21. - commit 8ba3382 - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - commit f42aa15 - blacklist.conf: blacklist davicom legacy ethernet driver - commit 78e9c10 - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - commit 0d1e1fe - Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted - commit e5dd4ab - Update config files. - commit 565c68c - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - commit 7e146ac - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - commit 0297522 - Bluetooth: switch to lock_sock in SCO (CVE-2021-3640 bsc#1188172). - Bluetooth: avoid circular locks in sco_sock_connect (CVE-2021-3640 bsc#1188172). - commit f2d375d - Update patch reference for a BT fix (CVE-2021-3640 bsc#1188172) - commit 98aa089 - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - commit fbccd6a - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - commit 3483c38 - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - commit 5733c23 - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - commit 124c915 - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - commit 627b67a ++++ kernel-firmware: - Update to version 20210812 (git commit 24c4a85d8514): * amdgpu: revert back to older raven2 sdma firmware * amdgpu: revert back to older raven sdma firmware * amdgpu: revert back to older picasso sdma firmware * amdgpu: add initial vangogh support * amdgpu: update vega20 firmware from 21.30 * amdgpu: update vega12 firmware from 21.30 * amdgpu: update vega10 firmware from 21.30 * amdgpu: update renoir firmware from 21.30 * amdgpu: update raven2 firmware from 21.30 * amdgpu: update raven firmware from 21.30 * amdgpu: update polaris12 firmware from 21.30 * amdgpu: update picasso firmware from 21.30 * amdgpu: update dimgrey cavefish firmware from 21.30 * amdgpu: update navy flounder firmware from 21.30 * amdgpu: update sienna cichlid firmware from 21.30 * amdgpu: update navi14 firmware from 21.30 * amdgpu: update navi12 firmware from 21.30 * amdgpu: update navi10 firmware from 21.30 * amdgpu: update green sardine firmware from 21.30 * amdgpu: update arcturus firmware from 21.30 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: add firmware for MT7922 * QCA : Updated firmware files for WCN3991 * i915: Add v2.03 DMC for RKL * i915: Add v2.12 DMC for TGL * qca: Add firmware files for BT chip WCN6750. ++++ gcc11: - Update to gcc-11 branch head (056e324ce46a7924b5cf10f610), git610 * Includes GCC 11.2 release * Includes fix for opie build with glibc 2.34 [boo#1188623] ++++ patterns-microos: - remove the microos-k3s pattern ++++ rust-keylime: - Update to version 0.1.0+git.1629114992.890e8c9: * Add "v1.0" prefix to agent APIs - Update generate-cargo-lock-file.patch ++++ supportutils: - Changes to version 3.1.18 + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028) + Include 'multipath -t' output in mpio.txt #105 + Improved lsblk readability with --ascsi #106 + Removed duplicate commands in network.txt + Remove duplicate firewalld status output #109 ++++ yast2-trans: - Update to version 84.87.20210813.9ff5558c9c: * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Catalan) * New POT for text domain 'users'. ------------------------------------------------------------------ ------------------ 2021-8-15 - Aug 15 2021 ------------------- ------------------------------------------------------------------ ++++ libepoxy: - Update to version 1.5.9: + Allow libopengl.so to be used when GLX_LIB is missing. ++++ libgudev: - Update to version 237: + Fix reading double precision floats from sysfs attributes in locales that use comma as a separator + Fix compilation warning + Fix headers to help with build reproducibility + Clarify licensing information - Changes from version 236: + Fix meson project name to match autotools. - Changes from version 235: + Port build system to meson and remove autotools + Fix conversion of sysfs attributes to boolean. - Add meson BuildRequires and macros following upstreams port. - Enable pkgconfig(umockdev-1.0) BuildRequires and test macro. - Update Licence tag to LGPL-2.1-or-later. ------------------------------------------------------------------ ------------------ 2021-8-14 - Aug 14 2021 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Switch bash completion subpackage to noarch. ------------------------------------------------------------------ ------------------ 2021-8-13 - Aug 13 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - new version 249.1 https://github.com/cockpit-project/cockpit-machines/releases/tag/249 ++++ cockpit-podman: - new version 33 https://github.com/cockpit-project/cockpit-podman/releases/tag/33 - fix_dependencies.patch no longer needed ++++ kernel-default: - config: refresh - commit a299bb8 - bpf: Fix integer overflow involving bucket_size (bsc#1189233, CVE#CVE-2021-38166). - commit f4fe434 - Update patches.suse/s390-dasd-add-missing-discipline-function (bsc#1188130 ltc#193581). - commit 0a58311 - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - commit 93c7440 - blacklist.conf: Add 'fix poly1305_core_setkey() declaration' Commit 8d195e7a8ada ("crypto: poly1305 - fix poly1305_core_setkey() declaration") is a cleanup which breaks kABI. - commit 37e4183 - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - Update config files. - commit 1317caa - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - commit 6aa0bda - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - commit f089244 - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - commit 8d4d06f - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - commit 71d7dbd - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - commit 8f53414 - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - virt_wifi: fix error on connect (git-fixes). - commit 690710b - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - commit 24af025 - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - Revert "ACPICA: Fix memory leak caused by _CID repair function" (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - commit 20c4d69 ++++ multipath-tools: - Spec file: remove compatibility code for SLE <= SLE15-SP2 ++++ podman: - Switch to crun (bsc#1188914) ++++ suse-module-tools: - Update to version 15.4.2 - Move config files to /lib/modprobe.d and /lib/depmod.d (jsc#SLE-20639) * "modprobe $FS" for a blacklisted file system now offers to unblacklist the module permanently * disabled automatic un-blacklisting of filesystem modules loaded at installation time - Replace mkinitrd with dracut everywhere (jsc#SLE-20348) - Add faster substitute for lsinitrd to speed up weak-modules2 (jsc#SLE-9078) - Enable f2fs - Add a "Supplements" dependency on dkms to the "legacy" submodule (dkms needs "weak-modules") - modprobe.d cleanups and fixes: * Unify ppc64 and ppc64le * Delete files for obsolete architectures * Remove obsolete SUSE_INITRD statements (bsc#1161343) * Remove dma=none setting for parport_pc (bsc#1177695) - Add README.md ------------------------------------------------------------------ ------------------ 2021-8-12 - Aug 12 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.115.gf65e559b: * fix(suse-initrd): find links of usrmerged kernels (boo#1184804) * fix(tpm2-tss): typo in depends() * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470) - use manual mode in _service file ++++ ignition: - is-live-image doesn't exist on *SUSE, and our live images don't use Ignition, so just add the Ignition device dependency to the service file directly. ++++ kernel-default: - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock [#]AC in guest (bsc#1187959). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - commit 93dd7c1 - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - Refresh patches.suse/x86-resctrl-query-llc-monitoring-properties-once-during-boot.patch. patches.suse/x86-split_lock-don-t-write-msr_test_ctrl-on-cpus-that-aren-t-whitelisted.patch. - commit b9759ab - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - commit 4f97d8a - Update patch reference for a netfilter fix (CVE-2021-38209 bsc#1189393) - commit 26cdeeb - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - Update config files Add kABI fixup patch - patches.kabi/blk-cgroup-kABI-fixes-for-new-fc_app_id-definition.patch - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - commit e47f569 - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - commit da8a2b6 ++++ multipath-tools: - Update to version 0.8.6+32+suse.f11c192: * libmultipath:fix compilation with glibc 2.34 (bsc#1189099) * libmultipath: avoid buffer size warning with systemd 240+ (bsc#1189176) * libmultipath: use uint64_t for sg_id.lun (bsc#1187534) - Upstream bug fixes: * multipath-tools: make HUAWEI/XSG1 config work with alua and multibus * multipath-tools: add info about HPE Alletra 6000 and 9000 * multipathd: cli_getprkey(): fix return value and "aptpl" support * multipathd: don't rescan_path on wwid change in uev_update_path * kpartx: Don't leak memory when getblock returns NULL * multipath: free vectors in configure * multipathd: fix ev_remove_path return code handling * multipathd: remove duplicate orphan_paths in flush_map * multipathd: don't fail to remove path once the map is removed * multipathd: fix compilation issue with liburcu < 0.8 ++++ pango: - Update to version 1.48.8: + Rename git `master` branch to `main` + Fix threadsafety issues with Thai + Fix a rounding problem on i386 + Fix font choice for ellipsis + Fix a crash if no fonts are found. - Drop 3ff6365.patch: Upstream have made various changes to the offending commit. ++++ sssd: - Update to version 2.5.2; (jsc#SLE-17763); * originalADgidNumber attribute in the SSSD cache is now indexed. * Add new config option fallback_to_nss. - Changes from version 2.5.1 * auto_private_groups option can be set centrally through ID range setting in IPA (see ipa idrange commands family). This feature requires SSSD update on both client and server. This feature also requires freeipa 4.9.4 and newer. * Fix getsidbyname issues with IPA users with a user-private-group. * Default value of ldap_sudo_random_offset changed to 0 (disabled). This makes sure that sudo rules are available as soon as possible after SSSD start in default configuration. - Changes from version 2.5.0 * Added support for automatic renewal of renewable TGTs that are stored in KCM ccache. This can be enabled by setting tgt_renewal = true. See the sssd-kcm man page for more details. This feature requires MIT Kerberos krb5-1.19-0.beta2.3 or higher. * Backround sudo periodic tasks (smart and full refresh) periods are now extended by a random offset to spread the load on the server in environments with many clients. * Completing a sudo full refresh now postpones the smart refresh by ldap_sudo_smart_refresh_interval value. This ensure that the smart refresh is not run too soon after a successful full refresh. * If debug_backtrace_enabled is set to true then on any error all prior debug messages (to some limit) are printed even if debug_level is set to low value. * Besides trusted domains known by the forest root, trusted domains known by the local domain are used as well. * New configuration option offline_timeout_random_offset to control random factor in backend probing interval when SSSD is in offline mode. * ad_gpo_implicit_deny is now respected even if there are no applicable GPOs present. * During the IPA subdomains request a failure in reading a single specific configuration option is not considered fatal and the request will continue. * Unknown IPA id-range types are not considered as an error - Changes from version 2.4.2 * Default value of "user" config option was fixed into accordance with man page, i.e. default is "root". * pam_sss_gss now support authentication indicators to further harden the authentication. - Changes from version 2.4.1 * New PAM module pam_sss_gss for authentication using GSSAPI. * case_sensitive=Preserving can now be set for trusted domains with AD and IPA providers. * krb5_use_subdomain_realm=True can now be used when sub-domain user principal names have upnSuffixes which are not known in the parent domain. SSSD will try to send the Kerberos request directly to a KDC of the sub-domain. * SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald output, to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output. * Added pam_gssapi_check_upn to enforce authentication only with principal that can be associated with target user. * Added pam_gssapi_services to list PAM services that can authenticate using GSSAPI. - Changes from version 2.4.0 * Session recording can now exclude specific users or groups when scope is set to all (see exclude_users and exclude_groups options). * Active Directory provider now sends CLDAP pings over UDP protocol to Domain Controllers in parallel to determine site and forest to speed up server discovery. - Changes from version 2.3.1 * Domains can be now explicitly enabled or disabled using enable option in domain section. This can be especially used in configuration snippets. * New configuration options memcache_size_passwd, memcache_size_group, memcache_size_initgroups that can be used to control memory cache size. * Fixed several regressions in GPO processing introduced in sssd-2.3.0 * Fixed regression in PAM responder: failures in cache only lookups are no longer considered fatal. * Fixed regression in proxy provider: pwfield=x is now default value only for sssd-shadowutils target. - Changes from version 2.3.0 * SSSD can now handle hosts and networks nsswitch databases (see resolve_provider option). * By default, authentication request only refresh user's initgroups if it is expired or there is not active user's session (see pam_initgroups_scheme option). * OpenSSL is used as default crypto provider, NSS is deprecated. * The AD provider now defaults to GSS-SPNEGO SASL mechanism (see ldap_sasl_mech option). * The AD provider can now be configured to use only ldaps port (see ad_use_ldaps option). * SSSD now accepts host entries from GPO's security filter. * New debug level (0x10000) added for low level LDB messages only (see sssd.conf man page). - Changes from version 2.2.3 * allow_missing_name now treats empty strings the same as missing names. * "soft_ocsp" and "soft_crl" options have been added to make the checks for revoked certificates more flexible if the system is offline. * Smart card authentication in polkit is now allowed by default. * Handling of FreeIPA users and groups containing ‘@’ sign now works. * Issue when autofs was unable to mount shares was fixed. * SSSD was unable to hande ldap_uri containing URIs with different port numbers, which has been rectified. - Changes from version 2.2.2 * Removing domain from ad_enabled_domain was not reflected in SSSD’s cache. This has been fixed. * Because of a race condition SSSD could crash during shutdown. The race condition was fixed. * Fixed a bug that limited number of external groups fetched by SSSD to 2000. * pam_sss now properly creates gnome keyring during login. * SSSD with KCM could wrongly pick older ccache instead of the latest one after login. This was fixed. - Changes from version 2.2.1 * New options were added which allow sssd-kcm to handle bigger data. * SSSD can now automatically refresh cached user data from subdomains in IPA/AD trust. * Fixed issue with SSSD hanging when connecting to non-responsive server with ldaps://. * SSSD is now restarted by systemd after crashes. * Fixed refression when dyndns_update was set to True and dyndns_refresh_interval was not set or set to 0 then DNS records were not updated at all. * Fixed issue when default_domain_suffix was used with files provider and caused all results from files domain to be fully qualified. * Fixed issue with sudo rules not being visible on OpenLDAP servers * Fixed crash with auth_provider = proxy that prevented logins - Changes from version 2.2.0 * The Kerberos provider can now include more KDC addresses or host names when writing data for the Kerberos locator plugin. * The 2FA prompting can now be configured. * The LDAP authentication provider now allows to use a different method of changing LDAP passwords using a modify operation in addition to the default extended operation. * The "auto_private_groups" configuration option now takes a new value hybrid. * A new option "ad_gpo_ignore_unreadable" was added. * The "cached_auth_timeout" parameter is now inherited by trusted domains. * The "ldap_sasl_mech" option now accepts another mechanism "GSS-SPNEGO" in addition to "GSSAPI". * The sssctl tool has two new commands, "cert-show" and "cert-map". - Changes from version 2.1.0 * Any provider can now match and map certificates to user identities. * pam_sss can now be configured to only perform Smart Card authentication or return an error if this is not possible. * pam_sss can also prompt the user to insert a Smart Card if, during an authentication it is not available. * It is now possible to refresh the KCM configuration without restarting the whole SSSD deamon * A new configuration option ad_gpo_implicit_deny was added. This option (when set to True) can be used to deny access to users even if there is not applicable GPO. * The dynamic DNS update can now batch DNS updates to include all address family updates in a single transaction. - Changes from version 2.0.0 * The Python API for managing users and groups in local domains (id_provider=local) was removed completely. The local provider (id_provider=local) and the command line tools to manage users and groups in the local domains, such as sss_useradd is not built anymore. * The LDAP provider had a special-case branch for evaluating group memberships with the RFC2307bis schema when group nesting was explicitly disabled. This codepath is removed. * The ldap_groups_use_matching_rule_in_chain and ldap_initgroups_use_matching_rule_in_chain options and the code that evaluated them was removed. * The "ldap_sudo_include_regexp" option changed its default value from true to false. Wildcards in the sudoHost LDAP attribute are no longer evaluated. This was costly to evaluate on the LDAP server side and at the same time rarely used. * The KCM responder has a new back end to store credential caches in a local database * The list of PAM services which are allowed to authenticate using a Smart Card is now configurable using a new option pam_p11_allowed_services. - Make cifs-idmap plugin (idmapwb.so) use update-alternatives mechanism to be able to switch between cifs-utils and sssd; (bsc#1182682). - Build sssd's KCM - Drop obsolete patches: + 0001-SUDO-Create-the-socket-with-stricter-permissions.patch + 0002-intg-Do-not-hardcode-nsslibdir.patch + 0003-MONITOR-Do-not-use-two-configuration-databases.patch + 0004-Strip-whitespaces-in-netgroup-triple.patch + 0005-nss-sssd-returns-for-emtpy-home-directories.patch + 0006-Rotate-child-log-files.patch + 0007-nss-add-a-netgroup-counter-to-struct-nss_enum_index.patch + 0008-nss-initialize-nss_enum_index-in-nss_setnetgrent.patch + 0009-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch + 0010-SUDO-Allow-defaults-sudoRole-without-sudoUser-attrib.patch + 0011-GPO-Add-option-ad_gpo_ignore_unreadable.patch + 0012-nss-use-enumeration-context-as-talloc-parent-for-cac.patch + 0013-Revert-LDAP-IPA-add-local-email-address-to-aliases.patch + 0014-util-Remove-the-unused-function-is_email_from_domain.patch + 0015-MONITOR-Propagate-error-when-resolv.conf-does-not-ex.patch + 0016-MONITOR-Add-a-new-option-to-control-resolv.conf-moni.patch + 0017-MONITOR-Resolve-symlinks-setting-the-inotify-watcher.patch + 0018-SYSDB-Delete-linked-local-user-overrides-when-deleti.patch + 0019-winbind-idmap-plugin-support-inferface-version-6.patch + 0020-winbind-idmap-plugin-fix-detection.patch + 0021-nss-imap-add-sss_nss_getsidbyuid-and-sss_nss_getsidb.patch + 0022-cifs-idmap-plugin-use-new-sss_nss_idmap-calls.patch + 0023-winbind-idmap-plugin-use-new-sss_nss_idmap-calls.patch + 0024-libwbclient-sssd-use-new-sss_nss_idmap-calls.patch + 0025-pysss_nss_idmap-add-python-bindings-for-new-sss_nss_.patch + 0026-winbind-idmap-plugin-update-struct-idmap_domain-to-l.patch + 0027-utils-make-N_ELEMENTS-public.patch + 0028-ad-replace-ARRAY_SIZE-with-N_ELEMENTS.patch + sssd-gpo_host_security_filter-1.16.1.patch + 0001-Resolve-computer-lookup-failure-when-sam-cn.patch + 0031-ad-Add-support-for-passing-add-samba-data-to-adcli.patch + 0032-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch + 0033-Fix-build-failure-against-samba-4.12.0rc1.patch + 0034-Use-ndr_pull_steal_switch_value-for-modern-samba-ver.patch + 0035-ad_gpo_ndr.c-refresh-ndr_-methods-from-samba-4.12.patch + 0036-ad_gpo_ndr.c-more-ndr-updates.patch + 0037-UTIL-Fix-compilation-with-curl-7.62.0.patch + 0038-CACHE-Create-timestamp-if-missing.patch + 0039-sss_cache-Do-not-fail-for-missing-domains.patch ------------------------------------------------------------------ ------------------ 2021-8-11 - Aug 11 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 ++++ irqbalance: - Update to version 1.8.0.14.ga7f8148: * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled - Use %{?systemd_ordering} instead of %{?systemd_requires} ++++ kernel-default: - README: Modernize build instructions. - commit 8cc5c28 - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - commit d2a0c13 - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - commit 7f9ade7 - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - commit e6925d8 ++++ libapparmor: - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 ++++ p11-kit: - Update to version 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066): * Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook * anchor: Prefer persistent format when storing anchor [PR#329] * common: Fix infloop in p11_path_build [PR#326, PR#327] * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325] * common: Check for a NULL locale before freeing it [PR#321] * Build and test fixes [PR#313, PR#315, PR#317, PR#318, PR#319, PR#323, PR#330, PR#333, PR#334, PR#335, PR#338, PR#339] - Changes for version 0.23.21 * proxy: Do not assign duplicate slot IDs [PR#282] * common: Get program name based on executable path if possible [PR#307] * anchor: Exit with non-zero code, if any error occurs [PR#304] * Build and test fixes [PR#283, PR#290, PR#291, PR#292, PR#296, PR#299, PR#305, PR#306, PR#309, PR#311] - Changes for version 0.23.20: * Revert "Fix RPC when length-s are 0" changes [PR#276] - Changes for version 0.23.19: * common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255] * Add simple bash completion for provided commands [PR#258] * Unbreak list matching in enable-in and disable-in [PR#262] * Fix RPC when length-s are 0 [PR#259] * rpc: Add vsock transport support [PR#270] * trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265] * Build fixes [PR#271, PR#272, PR#273, ...] - Changes for version 0.23.18: * rpc: Allow empty CK_DATE value [PR#253] * build: Meson fixes [PR#245] * build: Adjust feature parity between meson and autotools [PR#247] - Changes for version 0.23.17: * common: Fix uClibc-ng compilation [PR#237] * trust: do not allow daylight to invalidate date validation [PR#236] * build: Port to meson build system [PR#231, PR#234] * rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232] * doc: Add 'server' command in help [PR#229] * Build and test fixes [PR#230] - Changes for version 0.23.16: * proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225] * conf: Ignore user configuration if the program is running as root [PR#226] * proxy: Refresh slot list on every C_GetSlotList call [PR#224] * modules: Fix index used in call to p11_dict_remove() [PR#219] * Fix Win32 p11_dl_error crash [PR#218] * modules: check gl.modules before iterates on it when freeing [PR#217] * trust: Ignore unreadable content in anchors [PR#215] * extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213] - Changes for version 0.23.15: * trust: Improve error handling if backed trust file is corrupted [PR#206] * url: Prefer upper-case letters in hex characters when encoding [PR#193] * trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202] * virtual: Prefer fixed closures to libffi closures [PR#196] * Fix issues spotted by coverity and cppcheck [PR#194, PR#204] * Build and test fixes [PR#164, PR#191, PR#199, PR#201] - Changes for version 0.23.14: * proxy: Avoid invalid memory access when unloading proxy module [PR#180] * Update pkcs11 header to allow SoftHSMv2 to compile [PR#181] * build: Restore libpthread dependency [PR#183] * Build fixes [PR#188] - Changes for version 0.23.13: * server: Enable socket activation through systemd [PR#173] * rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174] * proxy: Fail early if there is no slot mapping [PR#175] * Remove hard dependency on libpthread [PR#177] * Build fixes [PR#170, PR#176] - Changes for version 0.23.12 * Fix compile error when PKCS#11 GNU calling convention is enabled [PR#160] * Fix getauxval() and secure_getenv() emulation on macOS and FreeBSD [PR#167] * Build and test fixes on macOS [PR#162, PR#168] - Changes for version 0.23.11 * trust: Add extractor for edk2/cacerts.bin [PR#139] * modules: Add option to control module visibility from proxy [PR#140] * trust: Prevent trust module being loaded by proxy module [PR#142] * library: Use dedicated locale object for printing error [PR#148] * Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly [PR#134] * Improve const correctness for P11KitUri [PR#152] * PKCS#11 URI scheme comparison is now case insensitive [PR#156] * Build and test fixes [PR#151, PR#149, PR#141, PR#138, PR#135] - Changes for version 0.23.10 * filter: Respect "write-protected" vendor-specific attribute in PKCS#11 URI [PR#129] * server: Improve shell integration and documentation [PR#107, PR#108] * proxy: Reuse existing slot ID mapping in after fork() [PR#120] * trust: Forcibly mark "Default Trust" read-only [PR#123] * New function p11_kit_override_system_files() which can be used for testing [PR#110] * trust: Filter out duplicate extensions [PR#69] * Update translations [PR#128] * Bug fixes [PR#125, PR#126] - Changes for version 0.23.9 * Fix p11-kit server regressions [PR#103, PR#104] * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99] * Build fixes related to reallocarray [PR#96, PR#98, PR#100] - Changes for version 0.23.8 * Improve vendor query attributes handling in PKCS#11 URI [PR#92] * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91] * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations [PR#87] * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86] - Changes for version 0.23.7 * Fix memory issues with "p11-kit server" [PR#78] * Build fixes [PR#77 ...] - Changes for version 0.23.6 * Port "p11-kit server" to Windows and portability fixes of the RPC protocol [PR#67, PR#72, PR#74] * Recover the old behavior of "trust anchor --remove" [PR#70, PR#71] * Build fixes [PR#63 ...] - Changes for version 0.23.5 * Fix license notice of common/unix-peer.c [PR#58] * Remove systemd unit files for now [PR#60] * Build fixes for FreeBSD [PR#56] - Changes for version 0.23.4 * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31, PR#37, PR#52] * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute, used by Firefox [#99453, PR#46] * Add 'trust dump' command to dump all PKCS#11 objects in the persistence format [PR#44] * New experimental 'p11-kit server' command that allows PKCS#11 forwarding through a Unix domain socket. A client-side module p11-kit-client.so is also provided [PR#15] * Add systemd unit files for exporting the proxy module through a Unix domain socket [PR#35] * New P11KitIter API to iterate over slots, tokens, and modules in addition to objects [PR#28] * libffi dependency is now optional [PR#9] * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45] - Changes for version 0.23.3 * Install private executables in libexecdir [fdo#98817] * Fix link error of proxy module on macOS [fdo#98022] * Use new PKCS#11 URI specification for URIs [fdo#97245] * Support x-init-reserved argument of C_Initialize() in remote modules [fdo#80519] * Incorporate changes from PKCS#11 2.40 specification * Bump libtool library version * Documentation fixes * Build fixes [fdo#87192 ...] - Move RPM macros to %_rpmmacrodir. - New server subpackage - Change keyring to new maintainer Daiki Ueno - Avoid bareword to fix build failure - Remove obsolete patches: * p11-kit-biarch.patch * 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch * 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch ++++ libvirt: - supportconfig: When checking for installed hypervisor drivers, use the libvirtr-daemon-driver- package instead of libvirt-daemon-. The latter are not required packages for a functioning hypervisor driver. ------------------------------------------------------------------ ------------------ 2021-8-10 - Aug 10 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.13.1 * build: fix build on musl libc due to missing definition of NAME_MAX * check: * batch more work into one transaction when clearing v1 free space inodes * detect directoris with wrong number of links * libbtrfsutil: fix race between subvolume iterator and deletion * mkfs: be more specific about supported profiles for zoned device * other: * documentation updates ++++ kernel-default: - fix patches metadata - fix Patch-mainline: - patches.suse/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch - patches.suse/NFSv4-pNFS-Don-t-call-_nfs4_pnfs_v3_ds_connect-multi.patch - patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch - patches.suse/SUNRPC-Should-wake-up-the-privileged-task-firstly.patch - patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch - commit bd541fa - net: ll_temac: Fix TX BD buffer overwrite (CVE-2021-38207 bsc#1189298). - commit 64dedf9 - mac80211: Fix NULL ptr deref for injected rate info (CVE-2021-38206 bsc#1189296). - commit a4dbb10 - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - commit 071c9e5 - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205 bsc#1189292). - commit 1e538f8 - Update patch reference for a USB max3421 HCD fix (CVE-2021-38204 bsc#1189291) - commit 68d7672 - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state (bsc#1184180). - commit 435d2bf - usb: dwc3: gadget: Don't setup more than requested (git-fixes). - commit d278880 - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - commit bc358f9 - ocfs2: initialize ip_next_orphan (bsc#1186731). - commit fd80e8c - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - commit 1bdda2d - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - Delete patches.suse/0001-NFSv4-don-t-let-hanging-mounts-block-other-mounts.patch. Upstream now has a fix for this bug, so use their version instead of ours. - commit 350271e ++++ python3-core: - Update to 3.6.14: * Security - bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer. - bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - Upstreamed patches were removed: - CVE-2021-3426-inf-disclosure-pydoc-getfile.patch - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Refreshed patches: - python3-sorted_tar.patch - riscv64-ctypes.patch ++++ python3: - Update to 3.6.14: * Security - bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer. - bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - Upstreamed patches were removed: - CVE-2021-3426-inf-disclosure-pydoc-getfile.patch - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Refreshed patches: - python3-sorted_tar.patch - riscv64-ctypes.patch ++++ qemu: - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch ++++ selinux-policy: - Fix quoting in postInstall macro ------------------------------------------------------------------ ------------------ 2021-8-9 - Aug 9 2021 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.164.2 * Don't setup users for writing to pid_sockets * Allow container engines to be started from the staff user. * Allow spc_t domains to set bpf rules on any domain * Add support for k3s ++++ cpio: - Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr (CVE-2021-38185, bsc#1189206) * fix-CVE-2021-38185.patch ++++ ignition: - Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs [bsc#1196679] * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * *: add general mechanism for persisting state between stages * main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config*: document storage.luks.clevis.threshold default * ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream ++++ kernel-default: - usb: dwc3: gadget: Give back staled requests (git-fixes). - commit c4cb23f - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - commit f340e0b - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Don't set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - commit f116a8f - blacklist.conf: Add two IOMMU fixes b9abb19fa5fd iommu: Check dev->iommu in iommu_dev_xxx functions 474dd1c65064 iommu/vt-d: Fix clearing real DMA device's scalable-mode context entries - commit 2db8dfc - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - commit c109f3e - Fix filesystem requirement and suse-release requires Reduce filesystem conflict to anything less than 16 to allow pulling the change into the next major stable version. Don't require suse-release as that's not technically required. Conflict with a too old one instead. - commit 913f755 - iwlwifi: rs-fw: don't support stbc for HE 160 (git-fixes). - commit 981ddc7 - blacklist.conf: obsoleted by 8d396bb0a5b62b326f6be7594d8bd46b088296bd - commit d9ae913 - USB: usbtmc: Fix RCU stall warning (git-fixes). - commit 8c8f7df - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - commit 8c2e999 - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - commit 1278281 - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - commit 5db0ce9 - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - commit 9021659 - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - drm/i915: Correct SFC_DONE register offset (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - commit b4ad8ce - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - commit 8f575e8 ++++ yast2-trans: - Update to version 84.87.20210806.5bda944287: * New POT for text domain 'country'. * New POT for text domain 'country'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Italian) * Translated using Weblate (Hindi) ------------------------------------------------------------------ ------------------ 2021-8-8 - Aug 8 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fix patches metadata - fix Patch-mainline: - patches.suse/ALSA-hda-realtek-Fix-headset-mic-for-Acer-SWIFT-SF31.patch - patches.suse/ALSA-hda-realtek-add-mic-quirk-for-Acer-SF314-42.patch - patches.suse/ALSA-seq-Fix-racy-deletion-of-subscriber.patch - patches.suse/ALSA-usb-audio-Add-registration-quirk-for-JBL-Quantu-4b0556b96e1f.patch - patches.suse/ALSA-usb-audio-Fix-superfluous-autosuspend-recovery.patch - commit 486a747 ++++ Mesa: - fixed build on %ix86 by removing "-flto=auto" from optflags for cpp ------------------------------------------------------------------ ------------------ 2021-8-7 - Aug 7 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog ++++ kernel-default: - Move upstreamed patch into sorted section - commit a779693 - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - commit a52bb92 - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - commit 57d9208 ++++ libapparmor: - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog ++++ pcsc-lite: - version 1.9.3 * fix a stupid regression with systemd introduced in the previous version - version 1.9.2 * improve NetBSD support * pcsc-spy: version 1.1 . add option -t|--thread . x10 speed increase . correctly exit at end-of-file . remove, now useless, support of macOS * SetProtocol: Handle IFD_NOT_SUPPORTED from the driver * hotplug_libudev.c: sanitize interface name * pcsc_demo: change licence from GPLv3 to BSD * use Python 3 for Python scripts (psc-spy, UnitaryTests) * Some other minor improvements - remove obsolete pcsc-lite-python3.patch ------------------------------------------------------------------ ------------------ 2021-8-6 - Aug 6 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ++++ elfutils: - Add disable-run-deleted-test.patch in order to disable failing test-case (boo#1189153). ++++ glib-networking: - Update to version 2.70.alpha: + Fix TLS channel bindings tests. + Require OpenSSL 1.0.2. + Fix threadsafety issue in certificate verification. + dlopen libsoup for performing HTTP requests. + OpenSSL: add DTLS support, plus many related improvements. + Implement new GTlsCertificate details APIs. + GnuTLS: improve error handling for PIN failures. + GnuTLS: expose PIN type on PIN requests. + GnuTLS: check cancellable in pull timeout callback. + Improve automation of test certificate creation. + GnuTLS: use GnuTLS to implement all channel bindings. + GnuTLS: rework certificate verification to use TLS session. + GnuTLS: improve peer identity verification. + Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again). ++++ kernel-default: - Update kabi files. - Update from August 2021 maintenance update submission (commit 055c4fd5f13c) - commit 0b9f7b1 - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - commit 4d3a9e0 - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - commit 38ad73f ++++ libapparmor: - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ++++ c-ares: - Version update to git snapshot 1.17.1+20200724: * fixes missing input validation on hostnames returned by DNS servers (bsc#1188881, CVE-2021-3672) * If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash * Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response * Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing * Use unbuffered /dev/urandom for random data to prevent early startup performance issues - missing_header.patch: upstreamed ++++ rdma-core: - Update to rdma-core v36.0: - Bugfixes on all providers ++++ libesmtp: - Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097). ++++ qemu: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) usbredir-fix-free-call.patch ++++ u-boot-rpiarm64: - u-boot-bin.spl is used for UART or USB boot. Lets package it for convinience. ------------------------------------------------------------------ ------------------ 2021-8-5 - Aug 5 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fix patches metadata - fix Patch-mainline: - patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch - patches.suse/SUNRPC-prevent-port-reuse-on-transports-which-don-t-.patch - commit 5e54e89 - blacklist.conf: kABI changes due to kvm_mmu_rule struct. - commit f3e0e69 - Refresh patches.suse/Input-ili210x-add-missing-negation-for-touch-indicat.patch Fix missing parentheses in the input backport patch. - commit 0913716 - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - commit b6f021b - Revert "gpio: mpc8xxx: change the gpio interrupt flags." (git-fixes). - drm/amd/display: ensure dentist display clock update finished in DCN20 (git-fixes). - commit 3d2a7da - gpio: tqmx86: really make IRQ optional (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - commit 7dd3f8c - SUNRPC: prevent port reuse on transports which don't request it (bnc#1186264 bnc#1189021). - commit a89b568 - kabi fix for NFSv4.1: Don't rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - commit 844eb4c - NFSv4.1: Don't rebind to the same source port when (bnc#1186264 bnc#1189021) - commit 4b89a40 ++++ Mesa: - enabled build of 'crocus' Gallium3D OpenGL driver for i965 "Gen4" through Haswell "Gen7" graphics (alternative to classic "i965" OpenGL driver); use MESA_LOADER_DRIVER_OVERRIDE=crocus to use it; in case of issues with video hardware acceleration(vaapi driver), set LIBVA_DRIVER_NAME=i965 - update to 21.2.0 * new release ++++ gpgme: - Fix build with glibc 2.34: [bsc#1189089] * Use glibc's closefrom. * Add gpgme-use-glibc-closefrom.patch ------------------------------------------------------------------ ------------------ 2021-8-4 - Aug 4 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Add patch bash-4.4-jobctrl.patch to allow process group asignment even for modern kernels (bsc#1057452, bsc#1188287) ++++ glib2: - Add 63e7864.patch: Fix build with glibc 2.34: use 3 parameters for close_range (boo#1189088). ++++ grub2: - update grub2-systemd-sleep.sh to fix hibernation by avoiding the error "no kernelfile matching the running kernel found" on usrmerged setup - Use %autosetup ++++ kernel-default: - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - commit 55ca0a7 - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - commit 707ed65 - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop (CVE-2021-3679 bsc#1189057). - commit 49b5ebf - net/mlx5: Properly convey driver version to firmware (git-fixes). - commit 44d8f42 - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - commit ac61742 - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - commit 75096f3 - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - commit 524d35f ++++ lshw: - Update versioning to to allow easy transition on SLE - Disable parallel build to avoid random failures ++++ python-gobject: - Adjust BuildRequires for python_module cairo to python-module pycairo: the module was renamed 2 years ago. - Skip build for python2: not supported anymore since 3.38.0. ------------------------------------------------------------------ ------------------ 2021-8-3 - Aug 3 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 250 https://cockpit-project.org/blog/cockpit-250.html - fix pam_motd selinux denial (0001-selinux-allow-login-to-read-motd-file.patch) ++++ cryptsetup: - need to use PBKDF2 by default for LUKS2 as grub can't decrypt when using Argon. ++++ transactional-update: - Version 3.5.1 - t-u: Disable status file generation by default The new experimental `status` command requires the availability of /etc/YaST2/control.xml, which is not present on all systems. Hide the creation of the corresponding status file behind a new EXPERIMENTAL_STATUS option to try out this functionality. - Increase library version - Add tukit.conf to spec file ++++ efibootmgr: - Update to v17: [jsc#SLE-22542] * use efivar's logging facility more (more info in -v2 , -v3, etc) * Various bug fixes * Better -e parsing * fix pkg-config invocation for ldflags * Make efibootmgr use EFIDIR / efibootmgr.efidir like fwupdate does * make --loader default build-time configurable * sanitize set_mirror()/get_mirror() * Add support for parsing loader options as UCS2 * GCC 7 fixes * Don't use -fshort-wchar since we don't run on EFI machines. - Drop 0001-Don-t-use-fshort-wchar-when-building-63.patch (upstreamed) - Drop 0002-Remove-extra-const-keywords-gcc-7-gripes-about.patch (upstreamed) - Drop 0003-Add-support-for-parsing-optional-data-as-ucs2.patch (upstreamed) - Drop MARM-sanitize-set_mirror.diff (upstreamed) - Drop efibootmgr-derhat.diff (upstreamed) - Rebase efibootmgr-delete-multiple.diff ++++ hwdata: - Update to version 0.350 (bsc#1189005): + Updated pci, usb and vendor ids. ++++ kernel-default: - Update kabi files. - update from August 2021 maintenance update submission (commit a13100d5f167) - commit 75dc981 - blacklist.conf: add macsonic driver - commit 688a554 ++++ qemu: - Add stable patches from upstream: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-pci-host-q35-Ignore-write-of-reserved.patch ++++ u-boot-rpiarm64: Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07 * Patches added: 0014-btrfs-Use-default-subvolume-as-file.patch - boo#1185656 ------------------------------------------------------------------ ------------------ 2021-8-2 - Aug 2 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Obsolete the same version of mDNSResponder-lib and mDNSResponder in baselib.conf and spec. ++++ cryptsetup: - cryptsetup 2.4.0 (jsc#SLE-20275) * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - Use LUKS2 as default format on Tumbleweed. It provides some additional features which other tools (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking LUKS2 volumes meanwhile. ++++ transactional-update: - Version 3.5.0 - Add alias setDiscardIfUnchanged for setDiscard. The old method name wasn't really clear and will be removed if we should have an API break in the future - Replace mkinitrd with direct dracut call [boo#1186213] - tukit: Add configuration file support (/etc/tukit.conf) - Allow users to configure additional bind mounts (see /usr/etc/tukit.conf for an example and limitations) [bsc#1188322] - Add 'transactional-update status' call. This is a POC for obtaining a hash of a system to verify its integrity. The functionality is still experimental! - Internal bugfixes / optimizations ++++ e2fsprogs: - Update to 1.46.3: * Add -V and -VV options to filefrag * Fix fs corruption cause by resize2fs on filesystems with MMP blocks * Fast commit portability fixes * Fix direct IO support in Unix IO manager * Avoid calling EXT2_IOC_[GS]ETFLAGS for block devices * Fix mke2fs to not discard blocks beyond end of filesystem * Make e2fsck set filetype of '.' and '..' entries * Fix QCOW image generation in e2image for very large filesystems * Update translations ++++ gtk3: - Drop patch fixed upstream on SLE and Leap 15.4: gtk3-x11-fix-menu-touch-by-pointer-emulation.patch ++++ kernel-default: - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - commit 78eb685 - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - commit a798607 - cifs: missing null pointer check in cifs_mount (bsc#1185902). - commit 17b0494 - cifs: fix check of dfs interlinks (bsc#1185902). - commit 1db4f4d - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - commit 064a32d - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - commit 65332c5 - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - commit 1a16c86 - cifs: fix path comparison and hash calc (bsc#1185902). - commit 9ae40ff - cifs: handle different charsets in dfs cache (bsc#1185902). - commit 7b185cd - cifs: keep referral server sessions alive (bsc#1185902). - commit a6fba08 - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - commit b02980f - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - commit b68f7e6 - ACPI: DPTF: Fix reading of attributes (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - commit da4d5f8 - can: esd_usb2: fix memory leak (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - commit 7ff2c84 ++++ systemd: - Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719) See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for details. This includes the following bug fixes: - upstream commit 6fb61918ccdd0610b425d5b0e5417751f8f8f783 (bsc#1182870) - upstream commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2 (jsc#SLE-17798) - Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch ++++ libvirt: - Update to libvirt 7.6.0 - storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath CVE-2021-3667 bsc#1188843 - jsc#SLE-18354 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Added patches: suse-qemu-ovmf-paths.patch, suse-xen-ovmf-paths.patch - Dropped patches: ee3dc2c2-libxl-default-pcistub-name.patch, 6b8e9613-avoid-use-after-free.patch, eab7ae6b-fix-array-access.patch, c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch, ccc6dd8f-fix-exec-restart.patch, 15073504-CVE-2021-3631.patch, de1e0ae0-lockd-no-error-if-lockspace.patch, 447f69de-CVE-2021-3667.patch, suse-ovmf-paths.patch, suse-apparmor-libnl-paths.patch, suse-xen-ovmf-loaders.patch, suse-bump-xen-version.patch - libxl: ovmf now provides only one firmware for Xen. The firmware is named ovmf-x86_64-xen-4m.bin in the SUSE ovmf package. Adjust the upstream default firmware path to match the SUSE name. - packaging: To improve maintainability, rename suse-ovmf-paths.patch to suse-qemu-ovmf-paths.patch and suse-xen-ovmf-loaders.patch to suse-xen-ovmf-paths.patch - spec: Remove the sysconfig fillup files for the various daemons - Dropped patches: suse-libvirtd-sysconfig-settings.patch, suse-virtlockd-sysconfig-settings.patch, suse-virtlogd-sysconfig-settings.patch - qemu: Use correct flag constant for enabling storage migration f58349c9-qemu-storage-migration.patch bsc#1188171 - apparmor: Permit new capabilities required by libvirtd boo#1186888 - supportconfig plugin improvements - Suggest numad package instead of requiring it. numad is not required for libvirt daemon to run, it does not support the cgroup2 API and it has been superseded by the kernel NUMA balancer which is enabled by default. bsc#1184722 - libvirt-admin package merged with libvirt-daemon - libvirt-bash-completion package merged with libvirt-client and libvirt-daemon packages ++++ python-libvirt-python: - Update to 7.6.0 - Add all new APIs and constants in libvirt 7.6.0 - jsc#SLE-18354 ++++ rpm-config-SUSE: - Add macros.rpm415 to allow easy backport of Factory srpm [jsc#SLE-20017]. ++++ yast2-trans: - Update to version 84.87.20210802.da4df69bfc: * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Catalan) * New POT for text domain 'network'. * New POT for text domain 'country'. * Translated using Weblate (Italian) * New POT for text domain 'update'. * New POT for text domain 'autoinst'. * Translated using Weblate (Czech) ------------------------------------------------------------------ ------------------ 2021-8-1 - Aug 1 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fix patch metadata - fix Patch-mainline: patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch - commit e52bdda ------------------------------------------------------------------ ------------------ 2021-7-30 - Jul 30 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists - use https source urls ++++ gdk-pixbuf: - Drop gdk-pixbuf-bsc1180393-CVE-2020-29385.patch on SLE and Leap 15.4: fixed upstream. ++++ glib2: - Drop patches fixed upstream on SLE and Leap 15.4: + glib2-add-support-for-slim-timezone-format.patch + glib2-fix-6-days-until-the-end-of-the-month.patch + glib2-CVE-2021-27218.patch + glib2-CVE-2021-27219-add-g_memdup2.patch ++++ kernel-default: - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: don't disable an already disabled PCI device (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes). - e1000e: Check the PCIm state (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - mvpp2: suppress warning (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - commit 3de5d62 - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. (bsc#1187591, bsc#1188694) - Return EFI_UNSUPPORTED when accessing EFI_RNG_PROTOCOL failed. - Improved the warning message. - commit 0183525 ++++ audit: - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists - use https source urls ++++ ceph: - Update to 16.2.5-113-g8b5bda7684e: + (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9 improved version of patch that did not work as intended ++++ libsolv: - Disable python2 usage on suse_version >= 1550 by default (still possible to use osc build --with=python). ++++ shared-mime-info: - Do not ghost own %{_datadir}/mime/[a-ms-vxX]*: as those files/directories do not exist during build, RPM can't expand the glob and adds it literally to the file list, not having any effect in the end. A cleanup of the directory structure would not work anyway, as there are also files generated inside. ++++ sudo: - update to 1.9.7p2 - enabled openssl support for secure central session recording collection (without it's clear text) - fixed SLES12 build * When formatting JSON output, octal numbers are now stored as strings, not numbers. The JSON spec does not actually support octal numbers with a '0' prefix. * Fixed a compilation issue on Solaris 9. * Sudo now can handle the getgroups() function returning a different number of groups for subsequent invocations. GitHub PR #106. * When loading a Python plugin, python_plugin.so now verifies that the module loaded matches the one we tried to load. This allows sudo to display a more useful error message when trying to load a plugin with a name that conflicts with a Python module installed in the system location. * Sudo no longer sets the the open files resource limit to "unlimited" while it runs. This avoids a problem where sudo's closefrom() emulation would need to close a very large number of descriptors on systems without a way to determine which ones are actually open. * Sudo now includes a configure check for va_copy or __va_copy and only defines its own version if the configure test fails. * Fixed a bug in sudo's utmp file handling which prevented old entries from being reused. As a result, the utmp (or utmpx) file was appended to unnecessarily. GitHub PR #108. * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd from accepting TLS connections when OpenSSL is used. Bug #988. * Fixed an SELinux sudoedit bug when the edited temporary file could not be opened. The sesh helper would still be run even when there are no temporary files available to install. * Fixed a compilation problem on FreeBSD. * The sudo_noexec.so file is now built as a module on all systems other than macOS. This makes it possible to use other libtool implementations such as slibtool. On macOS shared libraries and modules are not interchangeable and the version of libtool shipped with sudo must be used. * Fixed a few bugs in the getgrouplist() emulation on Solaris when reading from the local group file. * Fixed a bug in sudo_logsrvd that prevented periodic relay server connection retries from occurring in "store_first" mode. * Disabled the nss_search()-based getgrouplist() emulation on HP-UX due to a crash when the group source is set to "compat" in /etc/nsswitch.conf. This is probably due to a mismatch between include/compat/nss_dbdefs.h and what HP-UX uses internally. On HP-UX we now just cycle through groups the slow way using getgrent(). Bug #978. ------------------------------------------------------------------ ------------------ 2021-7-29 - Jul 29 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - New package to enable/disable access due to AHB This references bsc#1182026, (jsc#SLE-21246, jsc#SLE-21247, jsc#SLE-21248, jsc#SLE-21249, jsc#SLE-21250) ++++ kernel-default: - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - commit 6d617e8 - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - commit 7f4ff26 - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - commit 96ce669 - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - commit 7d7b6d5 - Update Patch-mainline tags for patches that landed in 5.14-rc3. - commit 48a135a - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - commit 837e7fa - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - Delete patches.suse/powerpc-add-link-stack-flush-mitigation-in-debugfs.patch - replaced with upstream security mitigation cleanup - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - commit e35bcce - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - Refresh patches.suse/powerpc-pseries-mobility-notify-network-peers-after-.patch. - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - commit 3f019e2 - kABI workaround for btintel symbol changes (bsc#1188893). - commit a0378fb - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - commit 5d9b049 - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - commit 02eefaa - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Revert "Bluetooth: btintel: Fix endianness issue for TLV version information" (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - commit 8c5bc15 - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - commit 051ab9c - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - commit 29e3766 - Update patch-mainline and git-commit tags Refresh: - patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch - patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch - commit 758ec5c - Move upstreamed patches to sorted section - commit e174d5e - Refresh patches.suse/efi-tpm-Differentiate-missing-and-invalid-final-even.patch. Update upstream status. - commit 871e8d7 - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit e0dfe90 - net: mac802154: Fix general protection fault (CVE-2021-3659 bsc#1188876). - commit 61caeac - bonding: fix build issue (git-fixes). - commit ba9e531 - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - commit aefa679 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - xhci: Fix lost USB 2 remote wake (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - commit cbaa23f - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - commit 4603b01 ++++ mozilla-nss: - update to NSS 3.68 * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. - update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. ++++ Mesa: - update to 21.1.6 * sixth bugfix release ++++ systemd: - Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291) ++++ libvirt: - storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath CVE-2021-3667 bsc#1188843 ++++ tpm2.0-tools: - Add 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch to fix the offset of the read buffer ------------------------------------------------------------------ ------------------ 2021-7-28 - Jul 28 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.6: + core: - Fix adding stale local routes when address changes. - Introduce "allowed-connections" option to disallow profiles on a device. This allows to filter out profiles that originate from initrd. - Introduce "keep-configuration" device option to forcefully activate a profile on start. + initrd: - Tag generated profiles with origin in user data. - Add "ib.pkey=" command line option. + dhcp: Handle filename/bootfile_name DHCP option and write it to device state file for initrd/kickstart. ++++ ignition: - Include vfat and nls kernel modules into initrd so that we can read the ignition configuration from USB drives [bsc#1184202] ++++ kernel-default: - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - commit c3c4cb5 - use 3.0 SPDX identifier in rpm License tags As requested by Maintenance, change rpm License tags from "GPL-2.0" (SPDX 2.0) to "GPL-2.0-only" (SPDX 3.0) so that their scripts do not have to adjust the tags with each maintenance update submission. - commit f888e0b - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - commit 28541e7 - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - commit ffedcc6 - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - commit 4131c57 - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - commit 88a6182 - KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838 CVE-2021-37576). - commit 0162dcd - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - commit 017d588 - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - commit a8f01e1 - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - commit 0575cf5 - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - commit 81b4c99 - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - commit f2e225f - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - commit 388d3fb - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - commit c5de014 ++++ rust-keylime: - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag ++++ xfsprogs: - mkfs: disable reflink support by default (jsc#SLE-17360) - Add xfsprogs-mkfs-disable-reflink-support-by-default.patch Do not format xfs filesystems with reflink support by default, as the feature is read-only compatible, and read-write compatibility is required to be maintained within product stream (SLE15). - Dropped all following patches which are now part of upstream xfsprogs, and were previously backported to address bugs bsc#1167206, bsc#1167205, bsc#1158630, bsc#1158509, bsc#1158504, bsc#1158758, bsc#1129859, bsc#1122271, bsc#1073421, bsc#1119063, bsc#1105068. make_xfs_scrub_interp_explicit.patch xfsprogs-mkfs-avoid-divide-by-zero-when-hardware-reports-opti.patch xfsprogs-repair-Fix-root-inode-s-parent-when-it-s-bogus-f.patch xfsprogs-xfs_repair-Add-missing-braces-to-allow-zeroing-of-co.patch xfsprogs-xfs_repair-allow-in-attribute-names.patch xfsprogs-xfs-hoist-xfs_fs_geometry-to-libxfs.patch xfsprogs-xfs-refactor-the-geometry-structure-filling-function.patch xfsprogs-xfs_spaceman-add-a-superblock-info-command.patch xfsprogs-xfs_info-move-to-xfs_spaceman.patch xfsprogs-xfs_db-add-a-superblock-info-command.patch xfsprogs-libfrog-refactor-fs-geometry-printing-function.patch xfsprogs-mkfs-use-geometry-generation-helper-functions.patch xfsprogs-xfs_info-call-xfs_db-for-offline-filesystems.patch xfsprogs-xfs_info-use-findmnt-to-handle-mounted-block-devices.patch xfsprogs-xfs_quota-fix-false-error-reporting-of-project-inher.patch xfsprogs-xfs-create-structure-verifier-function-for-shortform.patch xfsprogs-xfs-create-structure-verifier-function-for-short-for.patch xfsprogs-xfs-refactor-short-form-directory-structure-verifier.patch xfsprogs-xfs-provide-a-centralized-method-for-verifying-inlin.patch xfsprogs-xfs_repair-don-t-fail-directory-repairs-when-grabbin.patch xfsprogs-xfs_repair-implement-custom-ifork-verifiers.patch xfsprogs-xfs_repair-use-custom-ifork-verifier-in-mv_orphanage.patch xfsprogs-xfs-move-inode-extent-size-hint-validation-to-libxfs.patch xfsprogs-xfs_repair-use-libxfs-extsize-cowextsize-validation-.patch xfsprogs-mkfs-validate-extent-size-hint-parameters.patch xfsprogs-xfs_io-Make-copy_range-arguments-understand-iB-values.patch xfsprogs-man-document-some-missing-xfs_db-commands.patch xfsprogs-man-reformat-xfs_quota-commands-in-the-manpage-for-t.patch ++++ zypper: - Support new reports for singletrans rpm commit. - BuildRequires: libzypp-devel >= 17.27.1. For lock/query comments. - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Install summary: Show new and removed packages closer to the prompt (fixes #403) These packages are usually more interesting than the updated ones. In case of doubt less scrolling is needed to see them. - Add need reboot/restart hint to XML install summary (bsc#1188435) - Add comment option for lock command (fixes #388). - version 1.14.48 ------------------------------------------------------------------ ------------------ 2021-7-27 - Jul 27 2021 ------------------- ------------------------------------------------------------------ ++++ combustion: - Drop explicit dependency on sysroot.mount. Instead, handle starting and stopping of the unit explicitly to avoid conflicts. - Add workaround for gh#systemd/systemd#20329 ++++ gnutls: - Account for the libnettle soname bump [jsc#SLE-19765] ++++ kernel-default: - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - commit 08b2951 - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - commit 5f8f317 - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - commit ef7bd2d - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - commit 8984ecb - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - commit 597c5f3 - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - commit 9024fbf - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - commit 7334e84 - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit (bsc#1188773). - commit f7ab15a - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - commit 8a9a1d5 - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - commit 7610884 - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - commit f768a8a - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - commit 80a0f40 - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - Refresh patches.suse/iwlwifi-pcie-free-IML-DMA-memory-allocation.patch. - commit 55531dc - blacklist.conf: kABI - commit c1f6ea9 - ceph: don't WARN if we're still opening a session to an MDS (bsc#1188748). - rbd: don't hold lock_rwsem while running_list is being drained (bsc#1188747). - rbd: always kick acquire on "acquired" and "released" notifications (bsc#1188746). - commit 5813020 - Update patches.suse/x86-intel-aggregate-microserver-naming.patch. This was a search-and-replace patch - there were one _X -> _D replacement missing in tools/power/x86/turbostat/turbostat.c Update the patch to cover the missing replacement. - commit 63c708b - mt76: set dma-done flag for flushed descriptors (git-fixes). - commit aaa3cb6 - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - commit 43e0b14 - mt76: mt7615: increase MCU command timeout (git-fixes). - commit 1ca559f - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - commit 606bd07 - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - commit fccec64 - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - commit 0be6a2a - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/nouveau: Don't set allow_fb_modifiers explicitly (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - commit 0856190 - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - commit 80eef04 - cifs: fix interrupted close commands (git-fixes). - commit 9eae08a ++++ ceph: - Update to 16.2.5-111-ga5b472dfcf8: + (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9 ++++ libvirt: - spec: Don't forcibly remove '--listen' arg from /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is not specified. bsc#1188232 ++++ osinfo-db: - bsc#1182144 - osinfo-db: autoinst.xml does not work with Tumbleweed. Fixes nested language problem. opensuse-autoyast-desktop.patch ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#135 - fix typo in update-bootloader - 0.935 ++++ suseconnect-ng: - Update to version 0.0.3~git0.dacdd3b: * Add gofmt target to Makefile * Fix gofmt errors * Add Requires that weren't explicit (bsc#1188646) * Use custom UnmarshalJSON() for the Product struct ------------------------------------------------------------------ ------------------ 2021-7-26 - Jul 26 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add libnm0 to baselibs.conf to be used by 64bit Steam ++++ cockpit-wicked: - Version 4.1: * Fix a problem when detecting whether an interface is down and clean up the list of assigned addresses when they are released (gh#128, bsc#1182189 and bsc#1186736). * Update several dependencies to address security concerns (gh#127). * Add translations for German, Hindi and Sinhala (work in progress). * Update translations for Catalan, Czech, Italian, Japanese and Portuguese (Brazil). ++++ kernel-default: - cifs: Fix preauth hash corruption (git-fixes). - commit a2ac7b0 - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - commit ffe15e7 - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - commit f974156 - uuid: Add inline helpers to import / export UUIDs (FATE#326628, bsc#1113295, git-fixes). - commit 5ef7dcb - Drop media rtl28xxu fix patch (bsc#1188683) The recent backport of patches.suse/media-rtl28xxu-fix-zero-length-control-request.patch caused a regression on Astrometa DVB-T2. Revert and blacklist it for now. - commit 1ae8d64 - series.conf: cleanup - update upstream references and move into sorted section: - patches.suse/r8152-Fix-a-deadlock-by-doubly-PM-resume.patch - patches.suse/r8152-Fix-potential-PM-refcount-imbalance.patch - commit 425c935 - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - commit fb8c7fc - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - commit 33a74a3 - sfp: Fix error handing in sfp_probe() (git-fixes). - commit 3f0aed6 - cadence: force nonlinear buffers to be cloned (git-fixes). - commit 4b76907 - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - commit 6e609d3 - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - commit ed39fda - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - commit 57704e2 - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - commit 23af1ba - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - commit aa75b92 - Update patches.suse/ibmvnic-account-for-bufs-already-saved-in-indir_buf.patch (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-parenthesize-a-check.patch (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221). - commit 8147958 - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - commit 8bf9d02 - blacklist.conf: kABI - commit 7c940a5 - blacklist.conf: cosmetic cleanup - commit 29705c7 - blacklist.conf: kABI - commit 839f900 - Update patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. This was a search-and-replace patch - there were a handful of _ULT -> _L and _MOBILE -> _L replacements missing in tools/power/x86/turbostat/turbostat.c Update the patch to cover the missing replacements. - Refresh patches.suse/x86-intel-aggregate-big-core-graphics-naming.patch. - commit efd5300 - Update patches.suse/iommu-vt-d-do-not-use-flush-queue-when-caching-mode-is-on. The definition of domain_use_flush_queue() was tucked inside an #ifdef CONFIG_INTEL_IOMMU_SVM, whereas the function can be called outside of that #ifdef. It does not affect SLE15-SP3 directly since our configs always enable CONFIG_INTEL_IOMMU_SVM, but it's in the incorrect place in general. Move it outside of the ifdef to match upstream behavior. - commit e39afe2 - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - commit 1045d0d - docs: virt/kvm: close inline string literal (bsc#1188703). - commit e83521c - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - commit 0f91585 - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - Update config files. Add CONFIG_IMA_ARCH_POLICY=y and CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y in x86_64/default. - commit 8567c4b - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - commit 27422dd - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - commit c39f899 ++++ krb5: - Fix KDC null deref on bad encrypted challenge; (CVE-2021-36222); (bsc#1188571); - Added patches: * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch ++++ python3-core: - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ++++ systemd: - Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516 ++++ libzypp: - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) This covers the case where not the packages itself would change its vendor, but replaces a package from a different vendor. - Fix solver jobs for PTFs (bsc#1186503) - spec: switch to pkgconfig(openssl) - Show key fpr from signature when signature check fails (bsc#1187224) Rpm by default only shows the short key ID when checking the signature of a package fails. This patch reads the signatures from the RPM headers and replaces she short IDs with the key fingerprints fetched from the signatures. - Implement alternative single transaction commit strategy. This patch adds a experimental commit strategy that runs all operations in a single rpm transaction, speeding up the execution a lot. - Use ZYPP_MEDIANETWORK=1 to enable the experimental new media backend. - Implement zchunk download, refactor Downloader backend. - Fix purge-kernels fails with kernels from Kernel:HEAD (bsc#1187738) There recently was a change in the kernel package naming scheme in regards to rc kernels. Since kernel upstream uses characters in the version that are not allowed in rpm versions a "-rc" was previously replaced with ".rc" which broke sorting by version, to fix this issue it was replaced with "~rc", which unfortunately broke the purge-kernels logic. This patch makes sure purge-kernel does apply the same conversion. - version 17.28.0 (22) ++++ mozilla-nspr: - update to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries ++++ osinfo-db: - Add support for openSUSE Leap 15.4, SLE15-SP4, and SLEM 5.1 (bsc#1188692) add-opensuse-leap-15.4-support.patch add-sle15sp4-support.patch add-slem5.1-support.patch ++++ python3: - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ++++ u-boot-rpiarm64: - Drop qemu-riscv64spl flavor - Use generic opensbi for sifiveunleashed - Rename sifivefu540 to sifiveunleashed to follow upstream - Update to 2021.07 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07 * Patches dropped: 0014-fs-btrfs-fix-the-false-alert-of-dec.patch 0015-arm64-dts-meson-odroidc2-readd-PHY-.patch ++++ yast2-trans: - Update to version 84.87.20210723.6ea31dfcf1: * New POT for text domain 'users'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'country'. * New POT for text domain 'control-center'. * Translated using Weblate (Portuguese (Brazil)) * New POT for text domain 'users'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-7-25 - Jul 25 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - commit c637f14 - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - Refresh patches.suse/ASoC-rt5682-sdw-set-regcache_cache_only-false-before.patch. - commit c833aa0 - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - Bluetooth: btqca: Don't modify firmware contents in-place (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - commit 2fb44db - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - commit 10136ed ++++ pcsc-ccid: - Version 1.4.35 * Add support of - ArkSigner Connect2Sign - Circle CCR7115 ICC - Circle CCR7315 - Circle CIR215 CL - Circle CIR215 PICC - Circle CIR315 - Circle CIR315 (idProduct: 0x3100) - Circle CIR315 CL - Circle CIR315 Dual & 1S - Circle CIR415 CL & 1S - Circle Idaxis SecurePIV - DUALi DE-ABCM6 RFRW - Feitian R701 - Generic EMV Smartcard Reader (0x058C:0x9590) - INMAX DWR18 HC - INMAX DWR18 HPC - Identiv Identiv uTrust 4711 F CL + SAM Reader - Identiv uTrust 3721 Contactless Reader - Infocrypt HWDSSL DEVICE - Infocrypt Token++ lite - MK Technology KeyPass D1 - SONY Felica RC-S300/P - SONY Felica RC-S300/S - SONY Felica RC-S660/U - SYNNIX CL-2100R - SoloKeys Solo 2 - Spyrus Inc PocketVault P-3X (idProduct: 0x3203) * parse: use "ICCD token" for ICCD tokens * Support 4 card slots with Feitian R502 C9 * ccid_usb: ask for bNumDataRatesSupported data rates * Solve a performance issue with T=1 and CCID_CLASS_AUTO_PPS_PROP * Fix a possible buffer overflow in T0ProcACK * IFDHSetProtocolParameters: set IFSC/IFSD only for TPDU readers * CCID serial: Reset buffers on failed read * Fix yylex missing symbol * Gemalto pinpad: fix incorrect bEntryValidationCondition for SecurePINVerify and SecurePINModify * Fix bit4id miniLector-EVO pinpad support * The Kobil TriBank reader does NOT support extended APDU ------------------------------------------------------------------ ------------------ 2021-7-23 - Jul 23 2021 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault ++++ hwinfo: - merge gh#openSUSE/hwinfo#104 - Fix timezone issue in SOURCE_DATE_EPOCH code - 21.76 ++++ kbd: - Only run kbdsettings.service if /etc/sysconfig/keyboard exists. Necessary for image based installations without admin made changes. ++++ kernel-default: - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - commit 2c19bb5 - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - commit 62c8708 - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - commit 539ea44 - Revert "drm/i915: Propagate errors on awaiting already signaled fences" (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - commit 258f2b1 - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - commit 44fe76d - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - commit aaf8eb0 ++++ kernel-firmware: - Update to version 20210719 (git commit 5de082d4d0f2): * iwlwifi: add ty firmware from Core63-43 - Reduce the LZMA2 dictionary size (bsc#1188662) ++++ libcontainers-common: - Update common to 0.41.0 0.38.18: [0.38] seccomp: add support for defaultErrnoRet 0.41.0: Allow /etc/containers/containers.conf to be read by non-root Created numMem_linux.go and numMem.go and nummem_unsupported.go Fix default definition of secrets in containers.conf Report bad entries in containers.conf to the user add shelldriver. build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5 build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1 build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 feat: add shell secret driver. libimage: LookupImage: remove IgnorePlatform option libimage: `(*Runtime).SystemContext()` libimage: events: deferred write libimage: force internal image lookups to ignore arch libimage: import: fix tags libimage: pull: enforce pull policy for custom platforms libimage: pull: ignore platform for local image lookup libimage: pull: override even --pull=never with custom platform pull: custom platform: do not use local image name 0.38.13: * libimage: events: deferred write 0.38.12: * pull: custom platform: do not use local image name 0.40.1: Vendor in containers/image v5.13.2 seccomp: tweak default profile (followup for #573) libimage: lookup images by custom platform libimage: force remove: only untag on multi tag image build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp seccomp: always allow get_mempolicy, set_mempolicy, mbind seccomp: let membarrier fail with ENOSYS seccomp: allow rseq seccomp: allow pkey_* seccomp: let io_uring_* fail with ENOSYS seccomp: allow clone3 0.40.0: Add default for log-tag Add support for config drop in directories Do not set the default netns Don't use systemd defaults if /proc/1/comm != systemd Fix spacing on name value pairs to be consistent Leave default seccomp path empty Sort containers.conf and containers.conf.5.md Strip extra trailing newlines in templates Tests are writing customer config to host machine Use SetCredentials and add verbose to loginopts [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md add 'secret' section to the containers.conf struct. add @Luap99 to OWNERS add passdriver for secrets. build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2 build(deps): bump github.com/docker/docker build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2 build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4 build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 fix autodiscovery of the secret passdriver. fixed comments libimage: fix Exists libimage: pull: turn image-lookup errors non-fatal libmage: Exists: catch corrupted images made necessary changes to handle OS/Arch while importing an image pkg/config: fix systemd compile errors pull: don't resolve short names on explicit docker:// reference seccomp: add support for defaultErrnoRet seccomp: allow more *_time64 syscalls seccomp: allow timer_settime64 seccomp: switch default to ENOSYS secrets: fix build with go 1.15 support tag@digest notation 0.39.0: Vendor in containers/storage v1.32.0 Ensure configuration directory is created for networks Include gateway in generated default networks Use Private as default for rootless when we want CNI rootless networking libimage: add some comments libimage: add more image tests build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0 rootless_networking = "slirp4netns | cni" build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 - Update podman to 3.2.3 3.2.3: [#]## Security - This release addresses CVE-2021-3602, an issue with the `podman build` command with the `--isolation chroot` flag that results in environment variables from the host leaking into build containers. [#]## Bugfixes - Fixed a bug where events related to images could occur before the relevant operation had completed (e.g. an image pull event could be written before the pull was finished) ([#10812](https://github.com/containers/podman/issues/10812)). - Fixed a bug where `podman save` would refuse to save images with an architecture different from that of the host ([#10835](https://github.com/containers/podman/issues/10835)). - Fixed a bug where the `podman import` command did not correctly handle images without tags ([#10854](https://github.com/containers/podman/issues/10854)). - Fixed a bug where Podman's journald events backend would fail and prevent Podman from running when run on a host with systemd as PID1 but in an environment (e.g. a container) without systemd ([#10863](https://github.com/containers/podman/issues/10863)). - Fixed a bug where containers using rootless CNI networking would fail to start when the `dnsname` CNI plugin was in use and the host system's `/etc/resolv.conf` was a symlink ([#10855](https://github.com/containers/podman/issues/10855) and [#10929](https://github.com/containers/podman/issues/10929)). - Fixed a bug where containers using rootless CNI networking could fail to start due to a race in rootless CNI initialization ([#10930](https://github.com/containers/podman/issues/10930)). [#]## Misc - Updated Buildah to v1.21.3 - Updated the containers/common library to v0.38.16 - Update storage to 1.32.6 1.32.6: Fix runtime panic for opening lockfile if parent dir got removed Cleanup exclude exceptions path build(deps): bump github.com/Microsoft/hcsshim from 0.8.17 to 0.8.20 Add test for bad entries in storage.conf chunked: fix the path used for layers dedup Report bad entries in storage.conf to the user Use /run/user/UID in rootless mode if writable - Update image to 5.14.0 v0.41.0: * Allow /etc/containers/containers.conf to be read by non-root * Created numMem_linux.go and numMem.go and nummem_unsupported.go * Fix default definition of secrets in containers.conf * Report bad entries in containers.conf to the user * add shelldriver. * build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 * build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5 * build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1 * build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 * build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 * feat: add shell secret driver. * libimage: LookupImage: remove IgnorePlatform option * libimage: `(*Runtime).SystemContext()` * libimage: events: deferred write * libimage: force internal image lookups to ignore arch * libimage: import: fix tags * libimage: pull: enforce pull policy for custom platforms * libimage: pull: ignore platform for local image lookup * libimage: pull: override even --pull=never with custom platform * pull: custom platform: do not use local image name v0.40.1: * Vendor in containers/image v5.13.2 * seccomp: tweak default profile (followup for #573) * libimage: lookup images by custom platform * libimage: force remove: only untag on multi tag image * build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 * Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp * seccomp: always allow get_mempolicy, set_mempolicy, mbind * seccomp: let membarrier fail with ENOSYS * seccomp: allow rseq * seccomp: allow pkey_* * seccomp: let io_uring_* fail with ENOSYS * seccomp: allow clone3 v0.40.0: * Add default for log-tag * Add support for config drop in directories * Do not set the default netns * Don't use systemd defaults if /proc/1/comm != systemd * Fix spacing on name value pairs to be consistent * Leave default seccomp path empty * Sort containers.conf and containers.conf.5.md * Strip extra trailing newlines in templates * Tests are writing customer config to host machine * Use SetCredentials and add verbose to loginopts * [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md * add 'secret' section to the containers.conf struct. * add @Luap99 to OWNERS * add passdriver for secrets. * build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 * build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2 * build(deps): bump github.com/docker/docker * build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2 * build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4 * build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 * build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 * fix autodiscovery of the secret passdriver. * fixed comments * libimage: fix Exists * libimage: pull: turn image-lookup errors non-fatal * libmage: Exists: catch corrupted images * made necessary changes to handle OS/Arch while importing an image * pkg/config: fix systemd compile errors * pull: don't resolve short names on explicit docker:// reference * seccomp: add support for defaultErrnoRet * seccomp: allow more *_time64 syscalls * seccomp: allow timer_settime64 * seccomp: switch default to ENOSYS * secrets: fix build with go 1.15 * support tag@digest notation v0.39: * Vendor in containers/storage v1.32.0 * Ensure configuration directory is created for networks * Include gateway in generated default networks * Use Private as default for rootless when we want CNI * rootless networking * libimage: add some comments * libimage: add more image tests * build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0 * rootless_networking = "slirp4netns | cni" * build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 ++++ libglvnd: - update to 1.3.3, fixes boo#1188640 ++++ nvme-cli: - Update copyright date - Move bash-completion into subpackage to avoid zypper recommanding bash-completion everytime. ++++ qemu: - Disabled skiboot building for PowerPC due to the following issue: https://github.com/open-power/skiboot/issues/265 - Fix possible mremap overflow in the pvrdma (CVE-2021-3582, bsc#1187499) hw-rdma-Fix-possible-mremap-overflow-in-.patch - Ensure correct input on ring init (CVE-2021-3607, bsc#1187539) pvrdma-Ensure-correct-input-on-ring-init.patch - Fix the ring init error flow (CVE-2021-3608, bsc#1187538) pvrdma-Fix-the-ring-init-error-flow-CVE-.patch ++++ suseconnect-ng: - Update to version 0.0.2~git0.ebef3b7: * Add --version * Fix list-extensions printing "Not available" when using SCC * Change --deregister to --de-register ------------------------------------------------------------------ ------------------ 2021-7-22 - Jul 22 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch with upstream backport: 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch. ++++ iputils: - Update to version 20210722 https://github.com/iputils/iputils/releases/tag/20210722 - Use rarpd.service from upstream (removes PrivateUsers=yes, which fixes broken start of the service, adds DynamicUser=yes for more security) - Add BuildRequires: iproute2 (required for running tests) ++++ kernel-default: - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - commit c73a425 - Update Patch-mainline tags for patches that landed in 5.14-rc2. - commit 55eeb57 - KVM: do not allow mapping valid but non-reference-counted pages (bsc#1186482, CVE-2021-22543). - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543). - KVM: do not assume PTE is writable after follow_pfn (bsc#1186482, CVE-2021-22543). - commit 3795669 - xen/events: reset active flag for lateeoi events later (git-fixes). - Refresh patches.suse/xen-events-fix-setting-irq-affinity.patch. - commit e51ccb0 - KVM: do not allow mapping valid but non-reference-counted pages (bsc#1186482, CVE-2021-22543). - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543). - KVM: do not assume PTE is writable after follow_pfn (bsc#1186482, CVE-2021-22543). - commit 50f4816 - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - commit 94fef56 - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - commit 2d7a0e6 ++++ ceph: - Update to 16.2.5-110-gc5d9c915c46: + rebased on top of upstream commit SHA1 7feddc9819ca05586f230accd67b4e26a328e618 + (bsc#1186348) mgr/zabbix: adapt zabbix_sender default path ++++ rust-keylime: - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs ++++ suseconnect-ng: - Update to version 0.0.1~git33.b531281: * Run integration tests * Try to use localized error from server response * Write usage help to stdout like the Ruby version * Simplify list-extensions template * Fix call to create UUID on s390 * Provides and Obsoletes SUSEConnect * Add extensions list tests * Fix calls to s390 read_values * Add build-s390 target to Makefile * hwinfo: don't fail if dmidecode is missing ------------------------------------------------------------------ ------------------ 2021-7-21 - Jul 21 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.78.0: [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923] [bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925] * Changes: - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax - hostip: make 'localhost' return fixed values - mbedtls: add support for cert and key blob options - metalink: remove all support for it - mqtt: add support for username and password * Bugfixes: - ares: always store IPv6 addresses first - c-hyper: abort CONNECT response reading early on non 2xx responses - c-hyper: add support for transfer-encoding in the request - c-hyper: bail on too long response headers - c-hyper: clear NTLM auth buffer when request is issued - c-hyper: fix NTLM on closed connection tested with test159 - conncache: lowercase the hash key for better match - curl_multibyte: Remove local encoding fallbacks - Curl_ntlm_core_mk_nt_hash: fix OOM in error path - Curl_ssl_getsessionid: fail if no session cache exists - easy: during upkeep, attach Curl_easy to connections in the cache - gnutls: set the preferred TLS versions in correct order - hsts: ignore numberical IP address hosts - HSTS: not experimental anymore - http2: init recvbuf struct for pushed streams - http: fix crash in rate-limited upload - http: make the haproxy support work with unix domain sockets - http_proxy: deal with non-200 CONNECT response with Hyper - lib: don't compare fd to FD_SETSIZE when using poll - lib: fix compiler warnings with CURL_DISABLE_NETRC - lib: fix type of len passed to *printf's %*s - lib: more %u for port and int for %*s fixes - lib: use %u instead of %ld for port number printf - libssh2: limit time a disconnect can take to 1 second - mqtt: detect illegal and too large file size - msnprintf: return number of printed characters excluding null byte - multi: add scan-build-6 work-around in curl_multi_fdset - multi: alter transfer timeout ordering - multi: do not switch off connect_only flag when closing - multi: fix crash in curl_multi_wait / curl_multi_poll - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS - openssl: avoid static variable for seed flag - openssl: don't remove session id entry in disassociate - socketpair: fix potential hangs - socks4: scan for the IPv4 address in resolve results - ssl: read pending close notify alert before closing the connection - telnet: fix option parser to not send uninitialized contents - TLS: prevent shutdown loops to get stuck - vtls: exit addsessionid if no cache is inited - vtls: fix connection reuse checks for issuer cert and case sensitivity ++++ drbd-utils: - Update to 9.18.0 (bsc#1189363) * build: remove rpm related targets * drbdsetup,v84: fix minor compile warnings * systemd: resource specific activation * systemd: drbd-reactor promoter templates * doc: fix maximum ping timeout * doc: add man pages for the systemd templates * drbdadm,v9: fix dstate for diskless volumes * build/release: use lbvers.py * drbd-attr: don't leak fd to drbdsetup * doc: various fixes and additions * drbdsetup,events2,v9: add backing_device * build,Debian: rm dh-systemd dependency * drbdsetup,events2,v9: fix --poll regression * drbdmeta: fix bug with ALs with small final extents * build,Debian: rm mail recommends * drbdsetup,events2,v9: allow --poll without --now * drbdsetup,invalidate: allow bitmap based resync after verify * drbdadm,sh-ll-dev: change output to "none" if diskless * drbd-attr/may_promote: fixes from 9.15.1 * drbdadm,v9: allow set-gi in single node clusters * drbsetup,events2,v9: diff(erential) output * drbsetup,events2,v9: add --full output * v9: allow resource rename, also in drbdmon * drbdadm,v9: allow c-max-rate to be disabled * New drbd-attr Pacemaker RA * events2: handle mixed initial state and multicast events * events2: fix regression to always print resync done - Add patch systemd-drbd-service-needs-network-online.patch ++++ ignition: - Ignore error return code if no virtualization environment detected. [bsc#1188479] This makes it possible to use Ignition also on bare metal (e.g. when dumping images directly to disk) without adding a ignition.platform.id parameter. ++++ open-iscsi: - Merge latest upstream, which includeds: * Support the "qede" CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit ++++ keepalived: - add 1915.patch to fix build on tumbleweed ++++ kernel-default: - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/seq_file-Disallow-extremely-large-seq-buffer-allocations.patch - commit 07df461 - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - commit 75aa507 - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: pnvm: don't try to load after failures (bsc#1187495). - commit 7ff688f - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: mvm: don't check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: pcie: don't disable interrupts for reg_lock (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: pnvm: don't skip everything when not reloading (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: dbg: Don't touch the tlv data (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - commit 8a657fa - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - Delete patches.suse/iwlwifi-SLE15-SP3-ucode-fixes.patch. - commit bcab4a8 - Revert "iwlwifi: remove wide_cmd_header field" (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - commit 8166979 - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: don't send a CSA command the firmware doesn't know (bsc#1187495). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - commit b1c507d - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - commit 53fae87 - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - commit 5ecfaae - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - Refresh patches.suse/iwlwifi-SLE15-SP3-ucode-fixes.patch. - commit 35fc6ef - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - commit 8a1ae62 - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - commit e6bd24d - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - commit 78b502b - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - commit 5e9faaf - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - Refresh patches.suse/iwlwifi-follow-the-new-inclusive-terminology.patch. - commit 18f1fc1 - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - Refresh patches.suse/iwlwifi-follow-the-new-inclusive-terminology.patch. - commit 2a48685 - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - commit b111b70 - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: don't export acpi functions unnecessarily (bsc#1187495). - commit 4e206c7 - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: Don't install CMAC/GMAC key in AP mode (bsc#1187495). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - commit 68d8e8f - Update patches.suse/ARM-ensure-the-signal-page-contains-defined-contents.patch (CVE-2021-21781 bsc#1188445). - commit 47f3aa1 - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - commit d15e1c0 - kABI workaround for intel_th_driver (git-fixes). - commit c18c5e5 - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - intel_th: Wait until port is in reset before programming it (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - commit 2f9e57e - Rename patches to match SLE15-SP2 equivalents to prepare for the next SLE15-SP2->SLE15-SP3 merge - commit 06bbd81 - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - commit 0fe04be - virtio_console: Assure used length from device is limited (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Don't disable clocks at device remove time (git-fixes). - pwm: spear: Don't modify HW state in .remove callback (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - commit 966e79d - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - commit 74628f5 - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - commit 14f42b7 - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - commit 006f207 - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: usx2y: Don't call free_pages_exact() with NULL address (git-fixes). - commit eaa8acd - config: refresh - drop GVE on arm64 and s390x (no longer available due to dependency update) - commit d6ed2bf ++++ gcc11: - Update to gcc-11 branch head (076930b9690ac3564638636f6b), git536 * Includes GCC 11.2 RC1. - Refresh gcc10-foffload-default.patch - Properly adjust GPL-3.0 WITH GCC-exception-3.1 to GPL-3.0-or-later WITH GCC-exception-3.1 ++++ libnettle: - Update to 3.7.3 in SLE-15-SP4: [SLE-19765, jsc#SLE-18132] - Add libnettle-rpmlintrc - Remove patches upstream: * libnettle-CVE-2021-20305.patch * libnettle-CVE-2021-3580-rsa_decrypt.patch * libnettle-CVE-2021-3580-rsa_sec.patch * nettle-respect-cflags.patch ++++ salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - virt: use /dev/kvm to detect KVM - zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/OpenSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Added: * fix-save-for-iptables-state-module-bsc-1185131-372.patch * grains.extra-support-old-non-intel-kernels-bsc-11806.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * backport-thread.is_alive-fix-390.patch * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch * virt-use-dev-kvm-to-detect-kvm-383.patch * implementation-of-held-unheld-functions-for-state-pk.patch * enhance-logging-when-inotify-beacon-is-missing-pyino.patch * move-vendor-change-logic-to-zypper-class-355.patch * virt-pass-emulator-when-getting-domain-capabilities-.patch * do-noop-for-services-states-when-running-systemd-in-.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * adding-preliminary-support-for-rocky.-59682-391.patch * fix-missing-minion-returns-in-batch-mode-360.patch * figure-out-python-interpreter-to-use-inside-containe.patch * handle-master-tops-data-when-states-are-applied-by-t.patch ------------------------------------------------------------------ ------------------ 2021-7-20 - Jul 20 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.4: + core: - Remove stale entries from "seen-bssids" and "timestamp" files in "/var/lib/NetworkManager". - Add ipv[46].required-timeout option to wait for IP configuration while activating. - Send ARP announcements when there is carrier. - Start DHCPv6 when a prefix delegation is needed for shared mode. + bond: support the peer_notif_delay option. + firewall: fix nftables backend to create "ip" table for IPv4 only. + initrd: set required-timeout of 20 seconds for default IPv4 configuration to opportunistically wait for IPv4. + ifcfg: - Log warning about invalid keys in ifcfg files. - Reject non-UTF-8 from ifcfg files. + nmcli: show DNS SEARCH field in device information. + cloud-setup: add support for Aliyun cloud. ++++ containerd: - Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282 - Remove upstreamed patches: - bsc1188282-use-chmod-path-for-checking-symlink.patch ++++ gnutls: - Update to 3.7.2 in SLE-15-SP4: [jsc#SLE-19765, jsc#SLE-18139] - Add gnutls-temporarily_disable_broken_guile_reauth_test.patch - Rebased patches: * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch * gnutls-fips_mode_enabled.patch - Remove patches merged upstream: * gnutls-CVE-2020-11501.patch * gnutls-CVE-2020-13777.patch * gnutls-CVE-2020-24659.patch * gnutls-CVE-2021-20231.patch * gnutls-CVE-2021-20232.patch * gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch * gnutls-fips_XTS_key_check.patch * 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch * 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch * 0003-x509-trigger-fallback-verification-path-when-cert-is.patch * 0004-tests-add-test-case-for-certificate-chain-supersedin.patch * 0001-Add-Full-Public-Key-Check-for-DH.patch * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch * 0001-dh-check-validity-of-Z-before-export.patch * 0002-ecdh-check-validity-of-P-before-export.patch * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch * 0001-Vendor-in-XTS-functionality-from-Nettle.patch * 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch * gnutls-3.6.7-fix-FTBFS-2024.patch * gnutls-3.6.7-reproducible-date.patch ++++ kernel-default: - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - commit 2b4c8a1 - blacklist.conf: add 4c9c26f1e67648f41f - commit db6c764 - blacklist.conf: add dbc03e81586fc33e4945263fd6e09e22eb4b980f - commit 32c5658 - powerpc/papr_scm: Properly handle UUID types and API (FATE#326628, bsc#1113295, git-fixes). - commit 9bcaa28 - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - commit 01547d1 - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - commit b063178 - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() (bsc#1156395). - commit f074894 - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - Refresh patches.suse/gve-Fix-an-error-handling-path-in-gve_probe.patch. - commit fc90ec1 - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: gve: convert strlcpy to strscpy (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - commit ffc7e3d - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - commit ea5f05d - blacklist.conf: duplication - commit eff56f7 - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - commit 9aba4a6 - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - commit a579f68 - kABI workaround for pci/quirks.c (git-fixes). - commit 04fb196 - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - commit 4680cad - Add a cherry-picked ID for AMDGPU fix patch - commit ba73832 - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - commit e3971fc - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - commit 0ca454f - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: mvm: don't change band on bound PHY contexts (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - commit f7d13b4 - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - commit d72cf42 - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/zte: Don't select DRM_KMS_FB_HELPER (git-fixes). - drm/mxsfb: Don't select DRM_KMS_FB_HELPER (git-fixes). - drm/tegra: Don't set allow_fb_modifiers explicitly (git-fixes). - commit b02b3f8 - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - commit c7cdd5b - ARM: ensure the signal page contains defined contents (bsc#1188445). - commit a1eecda ++++ python3-core: - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). ++++ systemd: - Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes https://github.com/systemd/systemd/issues/19464 which makes the aforementioned patch not needed anymore. - Drop 1003-basic-unit-name-adjust-comments.patch It's been merged in SUSE/v248 branch - Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5) 4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 - Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it was merged in v248.5. - Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 - Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch as it was merged in v248.4. - Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8 42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154) ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529) aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease 258a3d2043 sd-dhcp-client: shorten code a bit 0a80303114 sd-dhcp-client: check error earlier and reduce indentation ++++ patterns-microos: - re-add rollback-helper ++++ python3: - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). ------------------------------------------------------------------ ------------------ 2021-7-19 - Jul 19 2021 ------------------- ------------------------------------------------------------------ ++++ cpupower: - Update (jsc#SLE-18392, jsc#SLE-18906, jsc#SLE-18393, jsc#SLE-18410): * turbostat to 21.05.04 * intel speed select to 1.10 * cpupower to 5.14-rcX (kernel sources state) - Already upstream and included in the update: D intel-speed-select_remove_DATE_TIME.patch - SLE patches for jsc#SLE-17797 dropped (in fact never been applied to factory), due to inclusion in upstream version: cpupower-Add-CPUPOWER_CAP_AMD_HW_PSTATE-cpuid-caps-flag.patch cpupower-Condense-pstate-enabled-bit-checks-in-decode_pstates.patch cpupower-Update-family-checks-when-decoding-HW-pstates.patch cpupower-Remove-family-arg-to-decode_pstates.patch cpupower-Correct-macro-name-for-CPB-caps-flag.patch cpupower-Update-msr_pstate-union-struct-naming.patch cpupower-Add-cpuid-cap-flag-for-MSR_AMD_HWCR-support.patch cpupower-Remove-unused-pscur-variable.patch ++++ kernel-default: - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - commit ee1820f - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - commit 865421f - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - commit e2cb2ae - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - commit 4278aab - Align s390 NVME target options with other architectures (bsc#1188404). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m - commit a49b3f5 - net/mlx5: Don't fail driver on failure to create debugfs (git-fixes). - commit c19d4f7 - net: marvell: Fix OF_MDIO config check (git-fixes). - commit f372318 - net: dp83867: Fix OF_MDIO config check (git-fixes). - commit c2ac3ff - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - commit 0997bfc - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - commit 2e479b6 - PCI: quirks: fix false kABI positive (git-fixes). - commit a2a8059 - tpm: efi: Use local variable for calculating final log size (git-fixes). - commit 69be865 - tracing: Do not reference char * as a string in histograms (git-fixes). - commit 5ff7921 - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - commit 9e70011 - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - commit 4bfb1fd - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - commit dbaa5b3 - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - commit 900ca03 - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646). - commit f55c672 - blacklist.conf: 36fa06f9 KVM: x86: Add support for RDPID without RDTSCP - commit db710b8 - blacklist.conf: 8aec21c0 KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported - commit 202cd1e ++++ gcc11: - Remove bits/unistd_ext.h from include-fixed ++++ numactl: - Update to version 2.0.14.17.g498385e: * numactl.c: fix use after free * sysfs.c: prevent mem leak in sysfs_node_read() * sysfs.c: don't leak fd if fail in sysfs_read() * shm.c: fix memleak in verify_shm() * shm.c: fix memleak in dump_shm() * fix description for numa_node_size64 in man as well * fix numa_node_size definition in manpage numa.3 * link with -latomic if needed * libnuma: make numa_police_memory() free of race * numademo: Use first two nodes instead of node 0 and 1 - Enhance _service magic - Enable automake ++++ osinfo-db: - bsc#1188336 - openSUSE Tumbleweed unattended installation in libvirt fails due to invalid autoyast.xml Drop fix-autoyast-validation.patch ++++ patterns-microos: - use suseconnect-ng (jsc#SMO-35) - temporarily remove rollback-helper and zypper-migration-plugin - added bootloader pattern (bsc#1188351) ++++ strace: - Update to strace 5.13 * Improvements * Print netlink data in a more structured way. * Implemented decoding of NT_PRSTATUS and NT_FPREGSET regsets of PTRACE_GETREGSET and PTRACE_SETREGSET requests. * Implemented decoding of regs argument of PTRACE_GETREGS, PTRACE_GETREGS64, PTRACE_SETREGS, PTRACE_SETREGS64, PTRACE_GETFPREGS, and PTRACE_SETFPREGS requests. * Implemented powerpc System Call Vectored ABI support. * Implemented decoding of landlock_add_rule, landlock_create_ruleset, and landlock_restrict_self syscalls introduced in Linux 5.13. * Enhanced decoding of perf_event_open syscall. * Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, KVM_*, NT_*, PR_*, PTRACE_*, RTM_*, RTPROT_*, TRAP_*, UFFD_*, UFFDIO_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 5.13. ++++ suseconnect-ng: - Update to version 0.0.1~git16.8a5d48c: * Add extensions hints for readonly root fs * Make the connect package an internal package * Document debug output destination difference * Add status value constants * Add rollback CLI option * Fix callHTTP() so connections are reused * Fix list-extensions format * Fix error from zypper refresh ++++ yast2-trans: - Update to version 84.87.20210718.64398090f3: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * New POT for text domain 'registration'. * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'users'. * New POT for text domain 'security'. * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2021-7-18 - Jul 18 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Remove obsolete yajl - Add conditional to ocaml_preserve_bytecode - Remove traces of python2 code - Use pkgconfig(python3) to refer to variants of python3 - Remove obsolete 0004-python-include-dirs.patch and related workaround in spec file - Use autosetup - Use _udevrulesdir - Remove BuildRoot and defattr - Remove Group tags ++++ kernel-default: - fix patch metadata - fix Patch-mainline, drop Git-repo: patches.suse/bpftool-Properly-close-va_list-ap-by-va_end-on-error.patch - commit ec7585c - Update kabi files. - update from second July 2021 maintenance update submission (commit 44308a6ad508) - commit ee121a0 - Refresh patches.suse/0003-amdgpu-fix-GEM-obj-leak-in-amdgpu_display_user_frame.patch. Drop _unlocked - commit 942b7a3 - fbmem: Do not delete the mode that is still in use (git-fixes). - dma-buf/sync_file: Don't leak fences on merge failure (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - commit 1116a4b ++++ runc: - Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ("interrupted system call") on an Azure volume. * Fixed "unable to find groups ... token too long" error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - Remove upstreamed patches: + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch ------------------------------------------------------------------ ------------------ 2021-7-17 - Jul 17 2021 ------------------- ------------------------------------------------------------------ ++++ gstreamer-plugins-base: - Add 90903917.patch: Fix build with meson >= 0.58.0rc1 ++++ libcap: - update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module ++++ harfbuzz: - Drop pkgconfig(chafa) BuildRequires for now: causes a cycle between chafa and harfbuzz, and disable it in meson ++++ tpm2.0-abrmd: - Move selinux devel file to devel subpackage ++++ podman: - Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common@v0.38.16 * vendor containers/buildah@v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common@v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common@v0.38.14 * vendor containers/common@v0.38.13 * [3.2] vendor containers/common@v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev ------------------------------------------------------------------ ------------------ 2021-7-16 - Jul 16 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509). - Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509). - commit 5fcaf8a - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - commit 5b51131 - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - commit a14bd1d ++++ kernel-firmware: - Update to version 20210716 (git commit b7c134f0d349): * linux-firmware: update NXP 8897/8997 firmware images * rtlwifi: de-dupe rtl8723b WiFi firmware * rtlwifi: de-dupe rtl8192e WiFi firmware * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * cxgb4: Update firmware to revision 1.26.0.0 * firmware/i915/guc: Add HuC v7.9.3 for TGL & DG1 * firmware/i915/guc: Add GuC v62.0.3 for ADL-P * firmware/i915/guc: Add GuC v62.0.0 for all platforms - Make TW packages only installable on post-UsrMerge systems; the packages for Leap are found in OBS Kernel:stable:Backport repo, instead - Update aliases from 5.14-rc1 ++++ libgcrypt: - libgcrypt 1.9.3: [jsc#SLE-17558, jsc#SLE-19413] * Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points. * Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC. * Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding. * Remove libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch ++++ python3-core: - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ++++ python3: - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ++++ selinux-policy: - Update to version 20210716 - Remove interfaces for container module before building the package (bsc#1188184) - Updated * fix_init.patch * fix_systemd_watch.patch to adapt to upstream changes ++++ systemd-rpm-macros: - Bump to version 8 - Make use of "Suggests:" in %systemd_ordering Until libzypp supports "OrderWithRequires:", we need to specify a similar ordering constraint that can be understood by the dep solver as well. Hence the use of "Suggests:" in %systemd_ordering (workaround for bsc#1187332). - Introduce %sysusers_create_package %sysusers_create and %sysusers_create_inline are now deprecated and the new macro should be used instead. Upstream commit 07a7d4a0040d221ff09e527e91c112b4ffab1dba. ------------------------------------------------------------------ ------------------ 2021-7-15 - Jul 15 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point ++++ dbus-1: - Add missing patch for CVE-2020-12049 * fix-upstream-CVE-2020-12049_2.patch ++++ dbus-1-x11: - Add missing patch for CVE-2020-12049 * fix-upstream-CVE-2020-12049_2.patch ++++ glib2: - Silence output in libgio-2_0-0 post scriptlet in case the ENV-mimeapps.list files do not exist: we are ready to create them in this case. An error message is only confusing. ++++ kernel-default: - blacklist.conf: add "block: blk-mq.c: fix @at_head kernel-doc warning" Also removed a remnant of a merge conflict. - commit ebd24f1 - netfilter: x_tables: fix compat match/target pad out-of-bound write (CVE-2021-22555 bsc#1188116). - commit 0b62bdb - netfilter: x_tables: fix compat match/target pad out-of-bound write (CVE-2021-22555 bsc#1188116). - commit 5d3d4da - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (git-fixes). - ssb: sdio: Don't overwrite const buffer if block_write fails (git-fixes). - commit 76c3ff9 - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - commit a2b1a60 - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: siano: fix device register error path (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - commit 0eb2f6b - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - commit ba1b2bc - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - commit 74c2c06 - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - commit ac66984 - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - commit fcdd7a0 - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - commit 930000b ++++ libapparmor: - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point ++++ Mesa: - update to 21.1.5 * fith bugfix release ++++ libgcrypt: - Fix building test t-lock with pthread. [bsc#1189745] * Explicitly add -lpthread to compile the t-lock test. * Add libgcrypt-pthread-in-t-lock-test.patch ++++ tpm2-0-tss: - Remove conflicting sysusers.d file ++++ mokutil: - Update to 0.5.0 + mokutil: delete key/hash from the reverse request + efi_x509: fix an error handling in is_immediate_ca() + efi_x509: fix certificates fingerprint calculation + efi_x509: use EVP_Digest()* functions instead of the deprecated SHA1_*() + src/util.c: fix NULL pointer dereference in mok_get_variable + mokutil: Read the SbatLevelRT variable to get the SBAT entries + mokutil: add mok-variables parsing support + mokutil: Add option to print the UEFI SBAT variable content + mokutil: only check for Secure Boot support in options that need it + efi_x509: add the function to fetch SKID + keyring: add the function to check kernel keyring + mokutil: initialize data for efi_get_variable() + mokutil: correct the data for efi_set_variable() in set_password() + mokutil: improve the readability of issue_mok_request() + mokutil: drop the checks for PK and KEK + mokutil: check the blocklists before enrolling a key + mokutil: adjust the command bits + mokutil: remove "--simple-hash" + make CA check non-fatal + mokutil: close file in the error path + mokutil: do the CA check + efi_x509: add the function to check immediate CA + efi_x509: use d2i_X509() to create X509 handling + mokutil: rename hash_file as pw_hash_file + password-crypt: update the function names + password-crypt: fix the types of several functions + mokutil: fix the error message in sb_state() + mokutil: move x509 functions to efi_x509.c + mokutil: move the hash functions to efi_hash.c + util: add functions for db_var_name and db_friendly_name + Remove the SHA1 code from identify_hash_type() + Map the UEFI variable names with a function + Fix -Wcast-align warnings + Fix 32 bit build + Add --timeout to manpage and other corrections. + mokutil.c: fix typo enrollement -> enrollment + Avoid taking pointer to packed struct + Fix name of --enable-validation in the description + Remove shebang from bash-completion/mokutil - Add mokutil-fix-missing-header.patch to fix the compilation error due to the missing header - Refresh mokutil-remove-libkeyutils-check.patch and only apply it to openSUSE Leap 15.* - Drop upstreamed patches: + mokutil-remove-shebang-from-bash-completion-file.patch + mokutil-bsc1173115-add-ca-and-keyring-checks.patch - Drop mokutil-support-revoke-builtin-cert.patch since we don't use the builtin cert prompt patch in shim anymore. ++++ selinux-policy: - Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing here ++++ shim: - Update the SLE signatures ++++ sysuser-tools: - Use /bin/bash for sysusers-generate-pre ++++ yast2: - Do not escape "$" in URL paths (bsc#1187581). - 4.4.16 ------------------------------------------------------------------ ------------------ 2021-7-14 - Jul 14 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282 + bsc1188282-use-chmod-path-for-checking-symlink.patch ++++ kernel-default: - seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909). - commit fe01024 - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - commit c7a1614 - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - commit bdbeac7 - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - commit 27f2c49 - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - commit 3654173 - blacklist.conf: update blacklist - commit 36a2250 - usb: dwc3: Fix debugfs creation flow (git-fixes). - commit dc4de14 - Revert "drm: add a locked version of drm_is_current_master" (git-fixes). - commit 299bede - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm: bridge: add missing word in Analogix help text (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - commit 92278ad - blacklist.conf: update blacklist - commit 6b0f6b8 - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - cw1200: Revert unnecessary patches that fix unreal use-after-free bugs (git-fixes). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - commit 41694a6 - kABI compatibility fix for max98373_priv struct (git-fixes). - commit 9bfc21b - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - commit 5211f08 - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - commit 0a94859 - Blacklist already cherry-picked ASoC commits - commit 5cc6c21 - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - commit 8174fed - vfs: Convert functionfs to use the new mount API (git -fixes). - commit bc4a6d0 - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - commit b5af159 ++++ harfbuzz: - Update to version 2.8.2: + Shaping LTR digits for RTL scripts now makes the native direction of the digits LTR, applying shaping and positioning rules on the same glyph order as Uniscribe + Subsetting COLR v1 and CPAL tables is now supported + Various fixes and improvements to the subsetter + When applying morx table, mark glyph widths should not be zeroed + GPOS is preferred over kerx, if GSUB was applied + Regional_Indicator pairs are grouped together when clustering ++++ tpm2-0-tss: - Clean spec file - Add new library libtss2-tcti-pcap0 - Update to 3.1.0: * Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455) * Fixed possible access outside the array in ifapi_calculate_tree * Added pcap TCTI * Added GlobalSign TPM Root CA certs to FAPI cert store * Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59 * Added two new TPM commands TPM2_CC_CertifyX509, and TPM2_CC_ACT_SetTimeout ++++ tpm2.0-abrmd: - Update to version 2.4.0: - Service start depends on systemd device unit: dev-tpm0.device. - Numerous memory leaks. - udev settle service deprecation warnings. - StandardOutput=syslog deprecation warnings. - Add selinux module files - Move dbus files out of /etc ++++ yast2: - Don't crash with UI exception in Progress.rb if a popup is in the way (bsc#1187676) - 4.4.15 ------------------------------------------------------------------ ------------------ 2021-7-13 - Jul 13 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Forward port fix-authorized-keys-location.patch ++++ curl: - Security fix: [bsc#1188220, CVE-2021-22925] * TELNET stack contents disclosure again * Add curl-CVE-2021-22925.patch ++++ kernel-default: - Update Patch-mainline tags for patches that landed in 5.14-rc1. - commit b2d9bab - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - commit a8440fd - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW (git-fixes). - commit dcf2645 - fuse: reject internal errno (bsc#1188269). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - commit ad3c8af - kABI: restore struct tcpc_config definition (git-fixes). - commit af96f3e - media: v4l2-async: Fix trivial documentation typo (git-fixes). - commit a677fa5 ++++ pango: - Add 3ff6365.patch, reverse applied: fix build of e.g. g-c-c. This commit introduced a requirement to run X. ++++ libproxy: - Do no longer BuildRequire libmodman-devel: libproxy 0.4.17 was changed upstream to only support to internal version (no other consumer of libmodman exists). - No longer pass -DFORCE_SYSTEM_LIBMODMAN=ON to cmake: not understood anymore (boo#1188265). ------------------------------------------------------------------ ------------------ 2021-7-12 - Jul 12 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Add set-default-user.patch + Set the default user to suse - Add fix-authorized-keys-location.patch + Write the ssh keys to the standard location - Add no-network-args.patch + Networks arguments on the kernel command line are set during image build there is no need for another place for a hard coded list. - Create target dir for afterburn to write configuration file to ++++ btrfsprogs: - Update to 5.13 * restore: remove loop checks for extent count and directory scan * inspect dump-tree: new options to print node (--csum-headers) and data checksums (--csum-items) * fi usage: * print stripe count for striped profiles * print zoned information: size, total unusable * mkfs: print note about sha256 accelerated module loading issue * check: ability to reset dev_item::bytes_used * fixes * detect zoned kernel support at run time too * exclusive op running check return value * fi resize: support cancel (kernel 5.14) * device remove: support cancel (kernel 5.14) * documentation about general topics * compression * zoned mode * storage model * hardware considerations * other * libbtrfsutil API overview * help text fixes and updates * hash speedtest measure time, cycles using perf and print throughput ++++ curl: - Security fix: [bsc#1188219, CVE-2021-22924] * Bad connection reuse due to flawed path name checks * Add curl-CVE-2021-22924.patch - Security fix: Disable the metalink feature: * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923] * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922] ++++ dbus-1: - Fix CVE-2020-12049 truncated messages lead to resource exhaustion (CVE-2020-12049, bsc#1172505) * fix-upstream-CVE-2020-12049.patch - Rebased fix-CVE-2019-12749.patch ++++ dbus-1-x11: - Fix CVE-2020-12049 truncated messages lead to resource exhaustion (CVE-2020-12049, bsc#1172505) * fix-upstream-CVE-2020-12049.patch - Rebased fix-CVE-2019-12749.patch ++++ irqbalance: - Update to version 1.8.0.8.gbd5aaf5 (jsc#SLE-17697): * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds * Fix irqbalance cannot obtain the full name of irq - Enhance _service magic and add git hashtag to version ++++ kernel-default: - tracing/histograms: Fix parsing of "sym-offset" modifier (git-fixes). - commit e43cdf6 - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - commit 23df3ab - math: Export mul_u64_u64_div_u64 (git-fixes). - commit 3708119 - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - commit 0c46818 - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - commit 8a2377b - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - commit b522bcb - Refresh patches.suse/rtc-pcf2127-handle-timestamp-interrupts.patch. Switched to queued version. - commit 1b185ef ++++ sudo: - Fix commented out "Defaults env_keep" in sudo-sudoers.patch - Fix LC_TIME incorrectly named LC_ATIME ++++ suseconnect-ng: - Update to version 0.0.1~git0.a5f168a: * Add JSONError and cleanup error handling ++++ yast2-trans: - Update to version 84.87.20210710.14ccc2c973: * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * New POT for text domain 'bootloader'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Indonesian) * Translated using Weblate (Catalan) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'autoinst'. * Translated using Weblate (Japanese) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (French) ------------------------------------------------------------------ ------------------ 2021-7-11 - Jul 11 2021 ------------------- ------------------------------------------------------------------ ++++ elfutils: - For version 0.185, the below patches are no longer needed (jsc#SLE-17288, jsc#SLE-17951) libdw-check-end-of-attributes-list-consistently.patch elflint-dont-check-section-group-without-flags-word.patch libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch libdw-readelf-make-sure-there-is-enough-data-to-read.patch elfutils-dont-trust-sh_entsize.patch elflint-check-symbol-table-data-is-big-enough-before-check.patch size-handle-recursive-elf-ar-files.patch elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch use-the-empty-string-for-note-names-with-zero-size.patch readelf-fix-off-by-one-sanity-check.patch libebl-check-NT_PLATFORM-core-notes.patch libdwfl-sanity-check-partial-core-file-dyn-data-read.patch libelf-check-compression-before-allocate-output-buffer.patch libdwfl-sanity-check-partial-core-file-data-reads.patch arlib-check-that-sh_entsize-isnt-zero.patch ++++ libdrm: - Update to version 2.4.107: * amdgpu: update marketing names * tests/amdgpu: Fix valgrind warning * test/amdgpu: Add helper functions for hot unplug * test/amdgpu/hotunplug: Add test suite for GPU unplug * tests/amdgpu/hotunplug: Add unplug with cs test. * tests/amdgpu/hotunplug: Add hotunplug with exported bo test * tests/amdgpu/hotunplug: Add hotunplug with exported fence * amdgpu: Add vamgr for capture/replay. * include in xf86drmMode when the OS is FreeBSD * _WANT_KERNEL_ERRNO must be defined in FreeBSD for ERESTART to be used * Conditionally include and on Linux, BSD * Revert "tests/amdgpu: fix bo eviction test issue" * xf86drm: Add a human readable representation for format modifiers * xf86drm: Add a vendor function to decode the format modifier * xf86drm: Add support for decoding Nvidia format modifiers * xf86drm: Add support for decoding AMD format modifiers * xf86drm: Add support for decoding AMLOGIC format modifiers * README.rst: Include some notes about syncing uapi headers * amdgpu: Added product name for E9390,E9560 and E9565 dgpu * intel: Add support for ADLP ------------------------------------------------------------------ ------------------ 2021-7-10 - Jul 10 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - refresh patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - refresh patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - commit 80699a1 ++++ mozilla-nss: - update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. * Use GNU tar for the release helper script. - update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. - refreshed patches - Firefox 90.0 requires NSS 3.66 ++++ makedumpfile: - Update to 1.6.9 * Add initial mips64 support * Support newer kernels up to v5.12 * x86_64: fix a use-after-free bug in -e option * arm64: support flipped VA and 52-bit kernel VA * Add shorthand --show-stats option to show report stats * Add --dry-run option to prevent writing the dumpfile * printk: add support for lockless ringbuffer - Fix rpmlintrc to not be version agnostic - Refresh makedumpfile-override-libtinfo.patch - Drop upstream merged * makedumpfile-printk-add-support-for-lockless-ringbuffer.patch * makedumpfile-printk-use-committed-finalized-state-value.patch * makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch ------------------------------------------------------------------ ------------------ 2021-7-9 - Jul 9 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.40.3 + Bugfix: Use abstract sockets if libdbus is older than 1.12.0 ++++ gtk3: - Update to version 3.24.30: + Input: - Ignore NoSymbol key events (happens with some XKB options). - Fix incomplete reset in some cases. + GtkEmojiChooser: - Update data from CLDR 39. - Support translated keywords for multiple languages. - Allow inserting multiple Emoji with Ctrl. - Match keywords for search. - Fix a memory leak. + GtkFileChooser: Accessibility improvements. + GtkTreeView: - Fix an accessibility-related memory leak. - Fix assertion failures in some cases. + Printing: Remove the Google Cloud Print backend, since the service was shut down. + Wayland: Work with pointer-gestures v1 protocol. + Updated translations. ++++ jeos-firstboot: - Update to version 1.0.2.0: * Skip the lo interface when probing for DHCP - Use @TAG_OFFSET@ in version to make it unambiguous ++++ kernel-default: - fix patches metadata - fix Patch-mainline: patches.suse/tracepoint-Add-tracepoint_probe_register_may_exist-for-BPF-tracing.patch patches.suse/tracing-Resize-tgid_map-to-pid_max-not-PID_MAX_DEFAULT.patch patches.suse/tracing-Simplify-fix-saved_tgids-logic.patch - commit fa5e842 - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - commit ec1bcd7 - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - commit d17e17c - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - commit 586c229 - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - commit 3d9e50c - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - commit 85a9fc2 ++++ libeconf: - Update to version 0.4.1+git20210709.cf671f2: * CMake fixes regarding installation of econftool and man pages. ++++ gcc11: - Add BuildRequires on netcfg for the testsuite when testing Go. ++++ ovmf: - Add ovmf-fix-xen-s3-detection.patch to fix the S3 detection in ovmf-xen - Add ovmf-xen-add-qemu-kernel-loader-fs.patch to add QemuKernelLoaderFsDxe to ovmf-xen to load kernel from qemu fw_cfg ++++ suseconnect-ng: - Update to version 0.0.0~git.c45760f: * Add Conflicts:SUSEConnect due to same file name * Document advantage of suseconnect-ng * Make UpdateSystem() message text bold * Add no_zypper_refs config file option * Complete Register() and AnnounceSystem() * Add registerProductTree() * Add activateProduct() and registerProduct() * Rename source modules to executable names * Remove unnecessary content from package. * Add proxy auth support * Change order of usage help options to match the Ruby version * Make requirement for go 1.16 explicit. * Fix instance data file path * Add zypper service commands needed for registration * S390: set cpus, sockets, hypervisor and uuid hwinfo fields * Implement the system update part of registration * Add helper to build hwinfo struct * Add functions to call and parse s390 read_values * Add function to get the hostname * Add function to get private IP address * Add arch, hypervisor and uuid functions * Add function to find cloud provider from dmidecode * Add function to parse lscpu output * Add announceSystem() api call * Add deregistration functionality * Add deactivateProduct() API call * obs: use an in between branch ------------------------------------------------------------------ ------------------ 2021-7-8 - Jul 8 2021 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.349 (bsc#1187948): + Updated pci, usb and vendor ids. ++++ ignition: - If a Combustion device was mounted, then unmount it in ignition-kargs-helper - the replacement script will be put on the same location ++++ kernel-default: - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - commit 7f97df2 - seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909). - commit eb7ef76 - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - commit dfc48c9 - tracing: Simplify & fix saved_tgids logic (git-fixes). - commit c530730 - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - commit 1ab86c5 - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - commit e620ef1 - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). Refresh: patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). Refresh: patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). Refresh: patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - commit 8290109 - Fix meta data in lpfc-decouple-port_template-and-vport_template.patch - commit d9e6471 - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - commit 8665594 - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - commit 8616099 - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - commit d718cd9 - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - commit 6ccb8a5 - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - commit a286451 - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - commit 79058fa ++++ libeconf: - Update to version 0.4.0+git20210708.6918ea1: * Fixed covscan FORWARD_NULL_issues warnings ++++ ceph: - Update to 16.2.5-29-g97c2c82c2f5: + rebased on top of upstream commit SHA1 0883bdea7337b95e4b611c768c0279868462204a upstream 16.2.5 release https://ceph.io/releases/v16-2-5-pacific-released/ + cherry-pick fix for bsc#1188111: * include/denc: include used header * mon,osd: always init local variable * common/Formatter: include used header ++++ systemd: - Added patches to fix CVE-2021-33910 (bsc#1188063) Added 1001-unit-name-generate-a-clear-error-code-when-convertin.patch Added 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch Added 1003-basic-unit-name-adjust-comments.patch These patches will be moved to the git repo once the bug will become public. ++++ mdevctl: - Update to version 0.81: * Automatic version commit for tag 0.81 * Fix define from jsonfile ++++ python-pytz: - Add %pyunittest shim for platforms where it is missing. ++++ timezone: - Install tzdata.zi (bsc#1188127) ++++ tpm2.0-tools: - prepare running the test suite via %check, but leave it commented out, because it is broken due to LTO linking. ------------------------------------------------------------------ ------------------ 2021-7-7 - Jul 7 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Build with go1.15 for reproducible build results (boo#1102408) ++++ haproxy: - Update to version 2.4.2+git0.553dee326: * [RELEASE] Released version 2.4.2 * REGTESTS: add http scheme-based normalization test * MEDIUM: h2: apply scheme-based normalization on h2 requests * MEDIUM: h1-htx: apply scheme-based normalization on h1 requests * MEDIUM: http: implement scheme-based normalization * MINOR: http: implement http_get_scheme * Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" * BUG/MINOR: cli: fix server name output in "show fd" * BUG/MEDIUM: sock: make sure to never miss early connection failures * DOC: stick-table: add missing documentation about gpt0 stored type * BUG/MINOR: peers: fix data_type bit computation more than 32 data_types * BUG/MINOR: stick-table: fix several printf sign errors dumping tables * DOC: config: use CREATE USER for mysql-check * BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution * BUG/MINOR: mqtt: Support empty client ID in CONNECT message * BUG/MINOR: mqtt: Fix parser for string with more than 127 characters * BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules * BUILD: Makefile: fix linkage for Haiku. * BUG/MINOR: checks: return correct error code for srv_parse_agent_check * MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() * BUG/MINOR: resolvers: Reset server IP when no ip is found in the response * BUG/MINOR: resolvers: Always attach server on matching record on resolution * CLEANUP: dns: Remove a forgotten debug message * DOC: config: Add missing actions in "tcp-request session" documentation * MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules * REGTESTS: fix maxconn update with agent-check * BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check * BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header * BUG/MINOR: server/cli: Fix locking in function processing "set server" command * BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() * BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status * MINOR: resolvers: Remove server from named_servers tree when removing a SRV item * MINOR: resolvers: Clean server in a dedicated function when removing a SRV item * BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI * BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled * BUG/MINOR: server-state: load SRV resolution only if params match the config ++++ ignition: - Update to version 2.11.0: * news: add notes for 2.11.0 * Upgraded docs * config/*: return report from previous parser when chaining * config/*: re-order testcases by version * tree: update for stable v3.3.0 and new v3.4.0-experimental * config/v3_4_experimental: adapt for experimental * config/v3_4_experimental: copy from config/v3_3 * config/v3_3: adapt for stabilization * config/v3_3_experimental: rename to config/v3_3 * config/v3_3_exp: pointerify ClevisCustom Config and Pin * config/v3_3_exp: pointerify Raid.Level * config/v3_3_exp: pointerify LinkEmbedded1.Target * stages/disks: simplify a check * config/v3_1/translate: don't point to field from input struct * config/v3_3_exp: drop devices from schema "required" field * config/*: validate that storage.raid.devices is non-empty * config/*/types: add RAID validation tests * config/shared/errors: fix ErrSparesUnsupportedForLevel message * config: fix comment * *: formally bump Go to 1.13 * platform: add powervs platform * internal/providers/*stack: drop dead timeout code * stages/disks: improve error reporting for LUKS device reuse * ignition-setup-user.service: drop Before=multipathd.service * Dockerfile: build ignition-validate container using Fedora * workflows: test on Go 1.16 * tests/*: verify deletion of block device w/o creating a FS * *: allow erasing block device without creating a filesystem * *: rename other projects' master branches to main * *: rename master branch to main * config/*: add export functions for parsing any config version < N * config/*: refactor config.go's Parse() to use GetConfigVersion * config/* : minor cleanup - Refreshed to match new Ignition spec * 0002-allow-multiple-mounts-of-same-device.patch - Implement missing ignition-kargs-helper script for kernel argument support ++++ kernel-default: - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - commit 6b8c8e1 - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - commit b12d968 - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - commit 2299862 - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - commit 66bbafb - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - commit a219c27 - usb: dwc3: Fix debugfs creation flow (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: dwc2: Don't reset the core after setting turnaround time (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - commit e666eaf - leds: ktd2692: Fix an error handling path (git-fixes). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - commit ea3fb69 - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - commit b4df049 - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - commit fc44520 - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - commit d8b0fc2 - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - commit 8be348d - gve: Fix swapped vars when fetching max queues (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - commit c400726 - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - commit 4b20cc3 - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - commit 655a2af - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - commit 0231cde - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - commit c37129c - can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609 bsc#1187215). - commit a57ee2f - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612 bsc#1187585). - commit 64519f9 - blacklist.conf: Append 'drm/vc4: hdmi: Move the HSM clock enable to runtime_pm' - commit 23b3543 - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) Backporting changes: * context changes * vc4_hdmi -> vc4->hdmi - commit 84c924f - drm/amdgpu: Don't query CE and UE errors (bsc#1152472) Backporting changes: * unsigned long -> uint32_t - commit 1637ecb - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) Backporting changes: * context changes - commit f40c83c - drm/msm: Small msm_gem_purge() fix (bsc#1152489) Backporting changes: * context changes * GEM_WARN_ON() -> WARN_ON() - commit f02a5b9 - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) Backporting changes: * context changes - commit fee040e - blacklist.conf: Append 'drm/vc4: hdmi: Restore cec physical address on reconnect' - commit b32f423 - Update patch reference for patches.suse/module-limit-enabling-module.sig_enforce.patch (git-fixes, CVE-2021-35039, bsc#1188080). - commit 8d3fd9b - blacklist.conf: Append 'drm/vc4: crtc: Reduce PV fifo threshold on hvs4' - commit 3780e05 - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - commit 2c323b1 - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) Backporting changes: * context changes - commit b16ae28 - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) Backporting changes: * only panel-samsung-s6d16d0.c exists - commit 83514d0 - drm/stm: Fix bus_flags handling (bsc#1152472) - commit eaa7b7a ++++ kernel-firmware: - Update to version 20210629 (git commit d79c26779d45): * amdgpu: update vcn firmware for green sardine for 21.20 * amdgpu: update vcn firmware for renoir for 21.20 * amdgpu: update vcn firmware for navi14 for 21.20 * amdgpu: update vcn firmware for navi12 for 21.20 * amdgpu: update vcn firmware for navi10 for 21.20 * amdgpu: add initial dimgrey cavefish firmware from 21.20 * amdgpu: update sienna cichlid firmware from 21.20 * amdgpu: update vega20 firmware from 21.20 * amdgpu: update Picasso firmware from 21.20 * amdgpu: update navi14 firmware from 21.20 * amdgpu: update green sardine firmware from 21.20 * amdgpu: update vega12 firmware from 21.20 * amdgpu: update navi12 firmware from 21.20 * amdgpu: update vega10 firmware from 21.20 * amdgpu: update renoir firmware from 21.20 * amdgpu: update navi10 firmware from 21.20 * amdgpu: update raven2 firmware from 21.20 * amdgpu: update arcturus firmware from 21.20 * amdgpu: update raven firmware from 21.20 * amdgpu: update navy flounder firmware from 21.20 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A8_A0CD * linux-firmware: update firmware for MT7921 WiFi device to 20210612122753 * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x05A8_C6B4 * QCA: Update Bluetooth firmware for QCA6174 - Add missing CA0132 firmware files into kernel-firmware-sound (boo#1187825) - Update aliases ++++ libeconf: - Update to version 0.4.0+git20210707.537a8a: * Fixed resource leaks found by Iker Pedrosa. ++++ gpgme: - gpgme 1.16.0: * New context flag "cert-expire" * New data flags "io-buffer-size" and "sensitive" * cpp,qt: Add support for trust signatures * qt: Add support for flags in LDAP server options * qt: Fix too high memory consumption due to QProcess * qt: Do not set empty base DN as query of keyserver URL * qt: Extend SignKeyJob to create signatures with expiration date * python: New optional parameter filter_signatures for decrypt - run all tests again - add patches to fix tests: * gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch * gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch ++++ libvirt: - virtlockd: Don't report error if lockspace exists de1e0ae0-lockd-no-error-if-lockspace.patch bsc#1184253 ------------------------------------------------------------------ ------------------ 2021-7-6 - Jul 6 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - Refresh patches.suse/usb-typec-tcpm-Refactor-tcpm_handle_vdm_request-payl.patch. - Refresh patches.suse/usb-typec-tcpm-Refactor-tcpm_handle_vdm_request.patch. - commit 25ab009 - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - commit d172a56 - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - commit 44e186b - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - commit d27b294 - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - commit 20564c3 - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - commit 69ab721 - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - commit b4b2308 - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - commit 9417ed4 - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - commit ec4c8d0 - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - commit 9f0dcac - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - commit 54348d7 - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - blacklist.conf: we do ship the kernel sources and the documentation. They may just as well be up to date. - commit 7d1b971 - series.conf: cleanup - update upstream references and resort: patches.suse/scsi-ibmvfc-Avoid-move-login-if-fast-fail-is-enabled.patch patches.suse/scsi-ibmvfc-Handle-move-login-failure.patch patches.suse/scsi-ibmvfc-Reinit-target-retries.patch patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch - commit 9a3a833 - fix patch metadata - fix Patch-mainline and move to "almost mainline" section: patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch - commit 81935f9 ++++ less: - Fix build on Leap: Account for distinction in confdir after UsrMerge. ++++ gcc11: - Provide a libc-bootstrap cross compiler for aarch64 and riscv64 - More preparation for a full glibc cross compiler (not yet active) ++++ libvirt: - CVE-2021-3631: fix SELinux label generation logic 15073504-CVE-2021-3631.patch bsc#1187871 ++++ linuxptp: - Update to version 3.1.1: * Version 3.1.1 * tc: Fix length of follow-up message of one-step sync. * Validate the messageLength field of incoming messages. ++++ selinux-policy: - Add tabrmd SELinux modules from upstream (bsc#1187925) https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux - Automatic spec-cleaner to fix ordering and misaligned spaces ++++ supportutils: - Changes to version 3.1.17 + Adding ethtool options g l m to network.txt (jsc#SLE-18240) ++++ suse-module-tools: - Update to version 15.3.8: * modprobe.d: Remove dma=none setting for parport_pc (bsc#1177695) ------------------------------------------------------------------ ------------------ 2021-7-5 - Jul 5 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: 1e886090cefe docs: admin-guide: update description for kernel.hotplug sysctl - commit 1332420 - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - commit 5b8c19e - blacklist.conf: 89f5f8fb5bf4 EDAC/thunderx: Remove irrelevant variable from error messages - commit 7c3f543 ++++ pango: - Update to version 1.48.7: + Fix a thread-safety issue in fontmap initialization. + Small documentation improvements. ++++ systemd: - systemd-hwdb-update.service should be shipped by the udev package ++++ yast2-trans: - Update to version 84.87.20210703.f3c2e3c809: * New POT for text domain 'network'. * Update IRC link * New POT for text domain 'users'. * New POT for text domain 'installation'. * New POT for text domain 'control'. ------------------------------------------------------------------ ------------------ 2021-7-3 - Jul 3 2021 ------------------- ------------------------------------------------------------------ ++++ fmt: - Update to version 8.0.1 * Fixed the version number in the inline namespace. * Added a missing presentation type check for std::string. * Fixed a linkage error when mixing code built with clang and gcc. * Fixed documentation issues. * Removed dead code in FP formatter. * Fixed various warnings and compilation issues. ++++ qemu: - Fix qemu-supportconfig network-manager verification ------------------------------------------------------------------ ------------------ 2021-7-2 - Jul 2 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes (boo#1184846 CVE-2021-3502). ++++ hwinfo: - merge gh#openSUSE/hwinfo#100 - recognize loongarch64 architecture - 21.75 ++++ kernel-default: - blacklist.conf: d8778e393afa x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer - commit 07e7bbd - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - commit 05b202a - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - commit bc82289 - cgroup1: don't allow '\n' in renaming (bsc#1187972). - commit 31d330a - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - commit 8249f86 - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - commit f52fc7f ++++ nvme-cli: - install bash-completion file in correct directory - recommend bash-completion ++++ ovmf: - Add ovmf-xen-relocate-shared_info_page-map.patch to fix the save/restore/migrate in ovmf-xen ++++ suseconnect-ng: - Update to version 0.0.0~git.a083a1f: * Add Product.IsEmpty() * Add unit test for token auth * Add obs workflow to be able to use it as CI * add files to build rpm * Add more zypper operations * Unexport api functions * Add --cleanup CLI action * Add listing of installed services via zypper * Change zypperRun args to take a slice of strings * Fix printInformation() outputs ------------------------------------------------------------------ ------------------ 2021-7-1 - Jul 1 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - boo#1187906: Consolidate all references to the helper script. - bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch . ++++ cryptsetup: - cryptsetup 2.3.6: * integritysetup: Fix possible dm-integrity mapping table truncation. * cryptsetup: Backup header can be used to activate TCRYPT device. Use --header option to specify the header. * cryptsetup: Avoid LUKS2 decryption without detached header. This feature will be added later and is currently not supported. * Additional fixes and workarounds for common warnings produced by some static analysis tools (like gcc-11 analyzer) and additional code hardening. * Fix standalone libintl detection for compiled tests. * Add Blake2b and Blake2s hash support for crypto backends. Kernel and gcrypt crypto backend support all variants. OpenSSL supports only Blake2b-512 and Blake2s-256. Crypto backend supports kernel notation e.g. "blake2b-512". ++++ glibc: - wordexp-param-overflow.patch: wordexp: handle overflow in positional parameter number (CVE-2021-35942, bsc#1187911, BZ #28011) ++++ kernel-default: - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - commit f14058e - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - commit 8de1b90 - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - commit d9209e7 - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - commit 288e232 - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - commit 6f12df4 - series.conf: cleanup - update upstream reference and resort: patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch - commit dc51831 - Update patches.suse/RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch (bsc#1181147 bsc#1187050 CVE-2020-36385). Added CVE reference. - commit f7b3ebb - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - commit 4925dab - fix patch metadata - fix upstream reference: patches.suse/bpfilter-Specify-the-log-level-for-the-kmsg-message.patch - commit 4e6fe72 - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - commit badd4e0 - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - commit 9602802 - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - commit e5fa23c - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - Refresh patches.suse/0001-ipmi-watchdog-Stop-watchdog-timer-when-the-current-a.patch. - Refresh patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch. - Refresh patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch. - commit bff6126 - nvmem: rmem: fix undefined reference to memremap (git-fixes). - commit 420be35 - series.conf: cleanup - update upstream references and resort: patches.suse/0001-ipmi-watchdog-Stop-watchdog-timer-when-the-current-a.patch patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch - commit fc2830a - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - commit a6b5aff - Blacklisted SCSI ufs core patch: way out of context. - commit 33b89f4 ++++ Mesa: - update to 21.1.4 * fourth bugfix release ++++ systemd: - Finally don't create /run/lock/subsys anymore This effectively reverts the fix for bsc#1187292 made earlier. This directory is specific to RH sysvinit and since we're going to fade the support of SysV init script away the directory has no future. ++++ qemu: - Fix stable issues found in upstream: hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch hw-block-nvme-align-with-existing-style.patch hw-nvme-fix-missing-check-for-PMR-capabi.patch hw-nvme-fix-pin-based-interrupt-behavior.patch linux-user-aarch64-Enable-hwcap-for-RND-.patch qemu-config-load-modules-when-instantiat.patch qemu-config-parse-configuration-files-to.patch qemu-config-use-qemu_opts_from_qdict.patch runstate-Initialize-Error-to-NULL.patch target-i386-Exit-tb-after-wrmsr.patch tcg-Allocate-sufficient-storage-in-temp_.patch tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch vhost-vdpa-don-t-initialize-backend_feat.patch vl-allow-not-specifying-size-in-m-when-u.patch vl-Fix-an-assert-failure-in-error-path.patch vl-plug-object-back-into-readconfig.patch vl-plumb-keyval-based-options-into-readc.patch x86-acpi-use-offset-instead-of-pointer-w.patch - Update qemu-supportconfig plugin ++++ runc: - Backport to fix issues with runc under openSUSE MicroOS's SELinux policy. boo#1187704 + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch ++++ shim: - Add shim-bsc1187696-avoid-deleting-rt-variables.patch to avoid deleting the mirrored RT variables (bsc#1187696) ++++ zypper: - Quick fix obs:// platform guessing for Leap (bsc#1187425) - man: point out more clearly that patches update affected packages to the latest version (bsc#1187466) - version 1.14.47 ------------------------------------------------------------------ ------------------ 2021-6-30 - Jun 30 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.2 (CVE-2020-13529): + hostname: prefer IPv4 addresses for reverse DNS lookup. + dhcp: ignore unauthenticated FORCERENEW messages with internal, systemd-based DHCPv4 plugin (CVE-2020-13529). This plugin is not used, unless the undocumented dhcp=systemd option was set. + cloud-setup: preserve IP addresses, routes and rules from currently active connection profile. + Various bugfixes and performance improvements. ++++ kernel-default: - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - commit bf3226e - Blacklisted libsas new gfp variant patches - commit 7d45a44 - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - Refresh patches.suse/scsi_dh_alua-return-BLK_STS_AGAIN-for-ALUA-transitio.patch. - commit 1a66f28 - Blacklisted scsi commit that should be skipped. - commit 6c0722b - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - commit 4323f85 - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - commit f950430 - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - commit fa16d18 - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#191041). - commit ae5a395 ++++ sqlite3: - Sync version 3.36.0 from Factory to implement jsc#SLE-16032. - Obsoletes sqlite3-CVE-2019-16168.patch. - The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 boo#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 boo#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (boo#1172091) ------------------------------------------------------------------ ------------------ 2021-6-29 - Jun 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - commit 51e8b33 - Blacklisted commit already removed, to keep it away - commit 2ac8cfe - blacklist.conf: Append 'drm/shmem-helpers: vunmap: Don't put pages for dma-buf' - commit 4f0b109 ++++ libcontainers-common: - Mention libcontainers-common.rpmlintrc as source - Use versioned obsoletes ++++ pango: - Update to version 1.48.6: + Avoid attribute index overflow. + Add a new pango-segmentation utility. + Documentation cleanups and fixes. + Update script property data for gravity. + Bring back careful glyph position rounding. + Add a few missing bidi types. + Add more tests. ++++ sysuser-tools: - Remove usage of grep from sysusers-generate-pre - Add a simple test of sysusers-generate-pre to %check ------------------------------------------------------------------ ------------------ 2021-6-28 - Jun 28 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.110.gbe35f166: * fix(fips-suse): fipscheck doesn't need the -c parameter (bsc#1187498) * fix(kernel-install): initrd vs initramfs ++++ gobject-introspection: - Revert back o HOSTTYPE: RPM_ARCH is not available to the dep scanners. ++++ grub2: - Fix error not a btrfs filesystem on s390x (bsc#1187645) * 80_suse_btrfs_snapshot ++++ kernel-default: - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - commit d57c991 - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - commit 8cc69d2 - Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#1152489) - commit cb44bac ++++ systemd: - Import commit e9a23d9e064c2e7ac21a1b984d116bcf15327e63 8dd19c6ee3 sd-device: allow to read sysattr which contains embedded NUL d52409e5fe pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes (bsc#1181970 - Enable TPM2 support ++++ tpm2-0-tss: - small services fixes and comments ++++ linux-glibc-devel: - Update to kernel headers 5.13 ++++ live-langset-data: - Don't restart systemd-vconsole-setup.service explicitly (boo#1187618) ++++ selinux-policy: - Update to version 20210419 - Dropped fix_gift.patch, module was removed - Updated wicked.te to removed dropped interface - Refreshed: * fix_cockpit.patch * fix_hadoop.patch * fix_init.patch * fix_logging.patch * fix_logrotate.patch * fix_networkmanager.patch * fix_nscd.patch * fix_rpm.patch * fix_selinuxutil.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_thunderbird.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_xserver.patch ++++ tpm2.0-tools: - update to version 5.1.1: - tpm2_import: fix fixed AES key CVE-2021-3565 - tpm2_import used a fixed AES key for the inner wrapper, which means that a MITM attack would be able to unwrap the imported key. To fix this, ensure the key size is 16 bytes or bigger and use OpenSSL to generate a secure random AES key. - Avoid pandoc build dependency, use prebuilt man pages everywhere - Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream - Drop _service, unused - Drop unused unzip build dependency - Drop autoreconfigure call, no longer necessary - Use %autosetup - Verify tarball signature - Build against efivar - Drop %check section, tests weren't built, so that was a noop ++++ yast2-trans: - Update to version 84.87.20210626.da1ad1189b: * New POT for text domain 's390'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2021-6-27 - Jun 27 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Add source-offest to _service to fix build error in Leap 15.3. ++++ opensc: - Fix build on GCC11 * Add opensc-gcc11.patch from Fedora (https://github.com/OpenSC/OpenSC/pull/2241/) ++++ podman: - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common@v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev ------------------------------------------------------------------ ------------------ 2021-6-26 - Jun 26 2021 ------------------- ------------------------------------------------------------------ ++++ ceph: - Update to 16.2.4-564-g9689286366a: + rebased on top of upstream commit SHA1 e57defcbcc91e67aac958c4a52d657a7a907e8ef ------------------------------------------------------------------ ------------------ 2021-6-25 - Jun 25 2021 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105) * fix-upstream-userdb-constpointer.patch * fix-upstream-CVE-2020-35512.patch ++++ dbus-1-x11: - Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105) * fix-upstream-userdb-constpointer.patch * fix-upstream-CVE-2020-35512.patch ++++ kernel-default: - Revert "Update config files (bsc#1187167)" (bsc#1187711). The key is needed. When a random key is generaeted it is a problem with OBS repository setup. OBS should provide a signing key. - commit b53af95 - s390/dasd: add missing discipline function (git-fixes). - commit ea8d00e - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - commit c886494 - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - commit 20bb391 - blacklist.conf: Add amdgpu entries that have been reverted (git-fixes) - commit 41610da - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - commit c1d2306 ++++ libcbor: - Add libcbor-0.5.0-fix-lib.patch to not build shared lib twice and make package build reproducible (boo#1102408) ++++ libcontainers-common: - Update common to 0.38.11 0.38.11: * Strip extra trailing newlines in templates * Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp 0.38.10: * libimage: pull: override even --pull=never with custom platfo * libimage: pull: enforce pull policy for custom platforms * libimage: pull: ignore platform for local image lookup * Allow /etc/containers/containers.conf to be read by non-root * [0.38] libimage: force remove: only untag on multi tag image 0.38.9: * libimage: fix Exists 0.38.8: * libmage: Exists: catch corrupted images 0.38.7: * libimage: pull: turn image-lookup errors non-fatal 0.38.6: * [0.38] Leave default seccomp path empty 0.38.5: * pull: don't resolve short names on explicit docker:// reference 0.38.4: Revert "Do not emit warnings about OCI runtime paths" libimage: lookup: tolerate corrupted image 0.38.3: build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1 libimage: fix manifest list lookup - Update podman to 3.2.2 3.2.2: [#]## Changes - Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based on an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)). - Podman no longer uses inotify to monitor for changes to CNI configurations. This removes potential issues where Podman cannot be run because a user has exhausted their available inotify sessions ([#10686](https://github.com/containers/podman/issues/10686)). [#]## Bugfixes - Fixed a bug where the `podman cp` would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error. - Fixed a bug where the `podman logs` command would, when following a running container's logs, not include the last line of output from the container when it exited when the `k8s-file` driver was in use ([#10675](https://github.com/containers/podman/issues/10675)). - Fixed a bug where Podman would fail to run containers if `systemd-resolved` was incorrectly detected as the system's DNS server ([#10733](https://github.com/containers/podman/issues/10733)). - Fixed a bug where the `podman exec -t` command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set ([#10560](https://github.com/containers/podman/issues/10560)). - Fixed a bug where Podman containers using the `slirp4netns` network mode would add an incorrect entry to `/etc/hosts` pointing the container's hostname to the wrong IP address. - Fixed a bug where Podman would create volumes specified by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)). - Fixed a bug where Podman would not respect the `uid` and `gid` options to `podman volume create -o` ([#10620](https://github.com/containers/podman/issues/10620)). - Fixed a bug where the `podman run` command could panic when parsing the system's cgroup configuration ([#10666](https://github.com/containers/podman/issues/10666)). - Fixed a bug where the remote Podman client's `podman build -f - ...` command did not read a Containerfile from STDIN ([#10621](https://github.com/containers/podman/issues/10621)). - Fixed a bug where the `podman container restore --import` command would fail to restore checkpoints created from privileged containers ([#10615](https://github.com/containers/podman/issues/10615)). - Fixed a bug where Podman was not respecting the `TMPDIR` environment variable when pulling images ([#10698](https://github.com/containers/podman/issues/10698)). - Fixed a bug where a number of Podman commands did not properly support using Go templates as an argument to the `--format` option. [#]## API - Fixed a bug where the Compat Inspect endpoint for Containers did not include information on container healthchecks ([#10457](https://github.com/containers/podman/issues/10457)). - Fixed a bug where the Libpod and Compat Build endpoints for Images did not properly handle the `devices` query parameter ([#10614](https://github.com/containers/podman/issues/10614)). [#]## Misc - Fixed a bug where the Makefile's `make podman-remote-static` target to build a statically-linked `podman-remote` binary was instead producing dynamic binaries ([#10656](https://github.com/containers/podman/issues/10656)). - Updated the containers/common library to v0.38.11 3.2.1: [#]## Changes - Podman now allows corrupt images (e.g. from restarting the system during an image pull) to be replaced by a `podman pull` of the same image (instead of requiring they be removed first, then re-pulled). [#]## Bugfixes - Fixed a bug where Podman would fail to start containers if a Seccomp profile was not available at `/usr/share/containers/seccomp.json` ([#10556](https://github.com/containers/podman/issues/10556)). - Fixed a bug where the `podman machine start` command failed on OS X machines with the AMD64 architecture and certain QEMU versions ([#10555](https://github.com/containers/podman/issues/10555)). - Fixed a bug where Podman would always use the slow path for joining the rootless user namespace. - Fixed a bug where the `podman stats` command would fail on Cgroups v1 systems when run on a container running systemd ([#10602](https://github.com/containers/podman/issues/10602)). - Fixed a bug where pre-checkpoint support for `podman container checkpoint` did not function correctly. - Fixed a bug where the remote Podman client's `podman build` command did not properly handle the `-f` option ([#9871](https://github.com/containers/podman/issues/9871)). - Fixed a bug where the remote Podman client's `podman run` command would sometimes not resize the container's terminal before execution began ([#9859](https://github.com/containers/podman/issues/9859)). - Fixed a bug where the `--filter` option to the `podman image prune` command was nonfunctional. - Fixed a bug where the `podman logs -f` command would exit before all output for a container was printed when the `k8s-file` log driver was in use ([#10596](https://github.com/containers/podman/issues/10596)). - Fixed a bug where Podman would not correctly detect that systemd-resolved was in use on the host and adjust DNS servers in the container appropriately under some circumstances ([#10570](https://github.com/containers/podman/issues/10570)). - Fixed a bug where the `podman network connect` and `podman network disconnect` commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them. [#]## API - Fixed a bug where the Compat and Libpod Prune endpoints for Networks returned null, instead of an empty array, when nothing was pruned. - Fixed a bug where the Create API for Images would continue to pull images even if a client closed the connection mid-pull ([#7558](https://github.com/containers/podman/issues/7558)). - Fixed a bug where the Events API did not include some information (including labels) when sending events. - Fixed a bug where the Events API would, when streaming was not requested, send at most one event ([#10529](https://github.com/containers/podman/issues/10529)). [#]## Misc - Updated the containers/common library to v0.38.9 3.2.0: [#]## Features - Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)). - The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman. - An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman. - The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers. - The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)). - The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved. - The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`. - The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables. - Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`. - The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used. - Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy. - The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime. - The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)). - The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container. - The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself. - Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`. - Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard. - Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)). - The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names. - The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking. - The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container). - The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned. [#]## Changes - The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209). - Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)). - The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing. - The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)). - The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes. - Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes. - When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright). - The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally. - Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance. - The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment. - Podman now requires that Conmon v2.0.24 be available. [#]## Bugfixes - Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options. - Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)). - Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)). - Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)). - Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one. - Fixed a bug where the `podman generate systemd --new` command would generate unit files that did not include `RequiresMountsFor` lines ([#10493](https://github.com/containers/podman/issues/10493)). - Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)). - Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)). - Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use. - Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID. - Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)). - Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)). - Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results. - Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before). - Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead. - Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)). - Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)). - Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)). - Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)). - Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)). - Fixed a bug where filters to the `podman events` command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) ([#10507](https://github.com/containers/podman/issues/10507)). - Fixed a bug where Podman would include IPv6 nameservers in `resolv.conf` in containers without IPv6 connectivity ([#10158](https://github.com/containers/podman/issues/10158)). - Fixed a bug where containers could not be created with static IP addresses when connecting to a network using the `macvlan` driver ([#10283](https://github.com/containers/podman/issues/10283)). [#]## API - Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)). - Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)). - Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)). - Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted. - Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)). - Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket. - Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)). - Fixed a bug where the Compat Push endpoint for Images could leak goroutines if the remote end closed the connection prematurely. [#]## Misc - Updated Buildah to v1.21.0 - Updated the containers/common library to v0.38.5 - Updated the containers/storage library to v1.31.3 3.2.0-RC3: This is the third release candidate for Podman v3.2.0. We expect it will be the final RC. Preliminary release notes follow: [#]## Features - Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)). - The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman. - An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman. - The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers. - The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)). - The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved. - The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`. - The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables. - Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`. - The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used. - Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy. - The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime. - The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)). - The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container. - The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself. - Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`. - Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard. - Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)). - The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names. - The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking. - The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container). - The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned. [#]## Changes - The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209). - Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)). - The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing. - The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)). - The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes. - Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes. - When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright). - The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally. - Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance. - The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment. - Podman now requires that Conmon v2.0.24 be available. [#]## Bugfixes - Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options. - Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)). - Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)). - Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)). - Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one. - Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)). - Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)). - Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use. - Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID. - Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)). - Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)). - Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results. - Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before). - Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead. - Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)). - Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)). - Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)). - Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)). - Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)). [#]## API - Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)). - Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)). - Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)). - Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted. - Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)). - Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket. - Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)). [#]## Misc - Updated Buildah to v1.21.0 - Updated the containers/common library to v0.38.4 - Updated the containers/storage library to v1.31.1 3.2.0-RC2: This is the second release candidate for Podman v3.2.0. We expect a final RC early next week, and a final release late next week if all goes well Preliminary release notes follow: [#]## Features - Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)). - The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman. - An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman. - The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers. - The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)). - The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved. - The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`. - The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables. - Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`. - The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used. - Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy. - The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime. - The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)). - The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container. - The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself. - Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`. - Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard. - Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)). - The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names. - The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking. - The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container). - The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned. [#]## Changes - The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209). - Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)). - The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing. - The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)). - The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes. - Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes. - When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright). - The `podman info` command now includes the path of the Seccomp profile Podman is using, and whether Podman is connected to a remote service or running containers locally. - Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance. - The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment. - Podman now requires that Conmon v2.0.24 be available. [#]## Bugfixes - Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options. - Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)). - Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one. - Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)). - Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)). - Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use. - Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID. - Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)). - Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)). - Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results. - Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before). - Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead. - Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)). - Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)). - Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)). - Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)). - Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)). [#]## API - Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)). - Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)). - Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)). - Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted. - Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)). - Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket. - Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)). [#]## Misc - Updated Buildah to v1.21.0 - Updated the containers/common library to v0.38.4 - Updated the containers/storage library to v1.31.1 3.2.0-RC1: This is the first release candidate for the Podman v3.2.0 release. Podman 3.2.0 features improved rootless networking (including support for rootless Docker compose), a rewritten image backend, and numerous other changes. Full release notes will be available with the release of RC2 next week. - Update storage to 1.32.5 1.32.5: Fix handling of user namespace 1.32.4: Vendor in opencontainers/runc v1.0.0 overlay: fix check for rootless native diff 1.32.3: Reload layer storage if layers.json got externally modified build(deps): bump github.com/klauspost/compress from 1.13.0 to 1.13.1 Fix cancel deferred remove bug Cirrus: Fix references to master branch [CI:DOCS] Fix docs links due to branch rename 1.32.2: lockfile: merge Seek+Read/Write into Pread/Pwrite Added support for CONTAINERS_STORAGE_CONF override canUseShifting can segfault build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12 build(deps): bump github.com/klauspost/compress from 1.12.3 to 1.13.0 overlay: make userxattr,metacopy=on debug message build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 1.31.3: * store: ReloadIfChanged propagates errors from Modified() * store: load additional image stores once * store: fix graphLock reload 1.32.1: store: fix graphLock reload store: ReloadIfChanged propagates errors from Modified() store: load additional image stores once delete_internal: return error early build(deps): bump github.com/klauspost/compress from 1.12.2 to 1.12.3 1.32.0: chunked: fix build on other platforms Avoid failure when umount an unmounted mountpoint overlay: enable native diff for fuse-overlayfs Enable to export layers from Additional Layer Store 1.31.2: build(deps): bump github.com/Microsoft/go-winio from 0.4.17 to 0.5.0 build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 reintroduce store: allow shifting only with contiguous mappings overlay: check for unix.ENOTSUP archive/overlay: ignore failures from nested whiteouts overlay: honor DisableShifting store: allow shifting only with contiguous mappings 1.31.1: Revert "store: allow shifting only with contiguous mappings" - Update image to 5.13.2 v0.38.11: * Strip extra trailing newlines in templates * Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp v0.38.10: * libimage: pull: override even --pull=never with custom platfo * libimage: pull: enforce pull policy for custom platforms * libimage: pull: ignore platform for local image lookup * Allow /etc/containers/containers.conf to be read by non-root * [0.38] libimage: force remove: only untag on multi tag image v0.38.9: * libimage: fix Exists v0.38.8: * libmage: Exists: catch corrupted images v0.38.7: * libimage: pull: turn image-lookup errors non-fatal v0.38.6: * [0.38] Leave default seccomp path empty v0.38.5: * pull: don't resolve short names on explicit docker:// reference v0.38.4: * Revert "Do not emit warnings about OCI runtime paths" * libimage: lookup: tolerate corrupted image v0.38.3: * build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1 * libimage: fix manifest list lookup ++++ gcc11: - Update to gcc-11 branch head (62bbb113ae68a7e724255e1714), git400 * Fixes issue with legacy Fortran code. [gcc#101123, boo#1187273] ++++ qemu: - Fix an update-alternative warning when removing qemu-skiboot package bsc#1178678 ++++ suseconnect-ng: - Initial package of suseconnect-ng ++++ yast2-trans: - Update to version 84.87.20210624.bda5a6b0e5: * New POT for text domain 'bootloader'. * New POT for text domain 'firewall'. * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) ------------------------------------------------------------------ ------------------ 2021-6-24 - Jun 24 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) This patch was suggested as a git-fix for SLE15-SP2, but the commits it fixes are not present there. - commit fc1818c - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - cxgb4: fix wrong shift (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - vrf: fix maximum MTU (git-fixes). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - commit 060a647 - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - ethtool: strset: fix message length calculation (bsc#1176447). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - commit 3e01284 - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - commit af36159 - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - commit ce71c77 - PCI: aardvark: Don't rely on jiffies while holding spinlock (git-fixes). - commit 1bd7ff7 - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - commit 8ac9ce3 - cfg80211: make certificate generation more robust (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - commit ed194e5 ++++ keyutils: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) ++++ ceph: - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). But then, be happy with 8GB (bumping the current x86_64 worker pool from 16 to 64). (Dominique Leuenberger) ++++ systemd: - Import commit fcdb8dce591db2f5fc3c1e3eeb7abe9a2090b401 aa2d840a3b compat-rules: fix warning: "label ‘out’ defined but not used" in path_id_compat.c - Restore 61-persistent-storage-compat.rules that was mistakenly dropped during the merge of v248. ++++ zchunk: - Update to version 1.1.16 * Fix major bug when compressing with dictionary ++++ lshw: - Update to version B.02.19+git.20210619: * Fix typos in translatable messages - jsc#SLE-19399 ++++ python-pytz: - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink (bsc#1185748). ------------------------------------------------------------------ ------------------ 2021-6-23 - Jun 23 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) * grub2-fix-error-terminal-gfxterm-isn-t-found.patch ++++ kernel-default: - fix patches metadata - fix Patch-mainline: patches.suse/NFS-Fix-a-potential-NULL-dereference-in-nfs_get_clie.patch patches.suse/NFS-Fix-use-after-free-in-nfs4_init_client.patch patches.suse/NFSv4-Fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch patches.suse/SUNRPC-Handle-major-timeout-in-xprt_adjust_timeout.patch - commit e5e0666 - series.conf: cleanup - update upstream reference and resort: patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch - commit cafffbc - video: hgafb: correctly handle card detect failure during probe (git-fixes). - commit 55f7ec7 - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - Revert "video: hgafb: fix potential NULL pointer dereference" (git-fixes). - commit 83627e7 - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - commit d18513c - module: limit enabling module.sig_enforce (git-fixes). - commit 7f30f5d - Add dtb-microchip - commit c797107 - Bluetooth: use correct lock to prevent UAF of hdev object (bsc#1186666 CVE-2021-3573). - commit 6781ea8 - blacklist.conf: Add unwanted commits - commit 1da6dbc - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - commit 3478e99 ++++ qemu: - Use doc directive to build QEMU documentation ++++ yast2: - Y2Issues::Issue: renamed severity "fatal" to "error", to be more consistent with other parts of (Auto)YaST - Added options to configure the behavior of Y2Issues.report (related to jsc#SLE-20563 and bsc#1166743) - 4.4.14 ------------------------------------------------------------------ ------------------ 2021-6-22 - Jun 22 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - commit e31a7fc - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - commit ccd1ac3 - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - commit acc744b - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - Refresh patches.suse/blk-mq-call-commit_rqs-while-list-empty-but-error-ha.patch. - Refresh patches.suse/blk-mq-insert-request-not-through-queue_rq-into-sw-s.patch. - commit 4ba4b0f - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). Reduce delta to mainline Refresh patches.suse/lib-vdso-Prepare-for-time-namespace-support.patch. - commit 7b06299 - Update patch reference for net keys fix (CVE-2021-0605 bsc#1187601) - commit 7bb3e99 - Update patch reference for HID security fix (CVE-2021-0512 bsc#1187595) - commit 0506954 - bpf: Fix leakage under speculation on mispredicted branches (bsc#1187554,CVE-2021-33624). - bpf: Do not mark insn as seen under speculative path verification (bsc#1187554,CVE-2021-33624). - bpf: Inherit expanded/patched seen count from old aux data (bsc#1187554,CVE-2021-33624). - commit 06f1411 - bpf: Fix leakage under speculation on mispredicted branches (bsc#1187554,CVE-2021-33624). - commit 7949a37 ++++ Mesa: - no longer apply n_drirc-disable-rgb10-for-chromium-on-amd.patch on TW; no longer needed with gstreamer-plugins-vaapi 1.18.4; more details on https://gitlab.freedesktop.org/gstreamer/gstreamer-vaapi/-/merge_requests/410 ------------------------------------------------------------------ ------------------ 2021-6-21 - Jun 21 2021 ------------------- ------------------------------------------------------------------ ++++ combustion: - Set the exit status explicitly ++++ grub2: - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) * grub-install-force-journal-draining-to-ensure-data-i.patch - Patch refreshed * grub2-mkconfig-default-entry-correction.patch ++++ kernel-default: - patches.suse/0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - commit 349dc99 - Refresh patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch. Add Signed-off-by tag for author of the patch in the SLE branch to suppress error during branch merges. Example error is patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch An email address with @suse.de, @suse.com, @suse.cz, or @novell.com in the From, Signed-off-by, or Acked-by headers is required - commit acfd671 - blacklist.conf: 28e5e44aa3f4 x86/mm: Avoid truncating memblocks for SGX memory - commit ea06fd1 - x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1178134). - commit e509690 - tracing: Do no increment trace_clock_global() by one (git-fixes). - commit 17da93e - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - commit 7d357b1 - usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (git-fixes). - commit 9d5feb1 - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - commit 3306bfd - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - commit c5019d9 - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - commit cfc2db2 - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - commit 35719e0 - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - commit 9306e13 - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - commit 87fe1f5 - series.conf: cleanup - update upstream references and move into sorted section: patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch - commit 3bedaae ++++ fmt: - Update to version 8.0.0 * Enabled compile-time format string check by default. * Added compile-time formatting. * Optimized handling of format specifiers during format string compilation. * Added the ``_cf`` user-defined literal to represent a compiled format string. It can be used instead of the ``FMT_COMPILE`` macro. * Format string compilation now requires ``format`` functions of ``formatter`` specializations for user-defined types to be ``const``. * Added UDL-based named argument support to format string compilation. * Added format string compilation support to ``fmt::print``. * Added initial support for compiling {fmt} as a C++20 module. * Made symbols private by default reducing shared library size * Optimized includes making the result of preprocessing ``fmt/format.h``. * Added support of ranges with non-const ``begin`` / ``end`` * Added support of ``std::byte`` and other formattable types to ``fmt::join``. * Implemented the default format for ``std::chrono::system_clock``. * Made more chrono specifiers locale independent by default. Use the ``'L'`` specifier to get localized formatting. * Improved locale handling in chrono formatting. * Deprecated ``fmt/locale.h`` moving the formatting functions that take a locale to ``fmt/format.h`` (``char``) and ``fmt/xchar`` (other overloads). This doesn't introduce a dependency on ```` so there is virtually no compile time effect. * Made parameter order in ``vformat_to`` consistent with ``format_to``. * Added support for time points with arbitrary durations. * Formatting floating-point numbers no longer produces trailing zeros by default. for consistency with ``std::format``. * Dropped a limit on the number of elements in a range and replaced ``{}`` with ``[]`` as range delimiters for consistency with Python's ``str.format``. * The ``'L'`` specifier for locale-specific numeric formatting can now be combined with presentation specifiers as in ``std::format``. * Made the ``0`` specifier ignored for infinity and NaN. * Made the hexfloat formatting use the right alignment by default. * Removed the deprecated numeric alignment (``'='``). Use the ``'0'`` specifier instead. * Removed the deprecated ``fmt/posix.h`` header that has been replaced with ``fmt/os.h``. * Removed the deprecated ``format_to_n_context``, ``format_to_n_args`` and ``make_format_to_n_args``. They have been replaced with ``format_context``, ``format_args` and ``make_format_args`` respectively. * Moved ``wchar_t``-specific functions and types to ``fmt/wchar.h``. You can define ``FMT_DEPRECATED_INCLUDE_WCHAR`` to automatically include ``fmt/wchar.h`` from ``fmt/format.h`` but this will be disabled in the next major release. * Fixed handling of the ``'+'`` specifier in localized formatting. * Added support for the ``'s'`` format specifier that gives textual representation of ``bool``. * Made ``fmt::ptr`` work with function pointers. * Fixed ``fmt::formatted_size`` with format string compilation * Fixed handling of empty format strings during format string compilation. * Fixed handling of enums in ``fmt::to_string``. * Improved width computation. * The experimental fast output stream (``fmt::ostream``) is now truncated by default for consistency with ``fopen``. * Fixed moving of ``fmt::ostream`` that holds buffered data * Replaced the ``fmt::system_error`` exception with a function of the same name that constructs ``std::system_error``. * Replaced the ``fmt::windows_error`` exception with a function of the same name that constructs ``std::system_error`` with the category returned by ``fmt::system_category()``. * Replaced ``fmt::error_code`` with ``std::error_code`` and made it formattable. * Added speech synthesis support. * Made ``format_to`` work with a memory buffer that has a custom allocator. * Added ``Allocator::max_size`` support to ``basic_memory_buffer``. * Added wide string support to ``fmt::join`` * Made iterators passed to ``formatter`` specializations via a format context satisfy C++20 ``std::output_iterator`` requirements. * Optimized the ``printf`` implementation. * Improved detection of ``constexpr`` ``char_traits``. * Fixed exception propagation from iterators. * Improved ``strftime`` error handling. * Stopped using deprecated GCC UDL template extension. * Added ``fmt/args.h`` to the install target. * Error messages are now passed to assert when exceptions are disabled. * Added the ``FMT_MASTER_PROJECT`` CMake option to control build and install targets when {fmt} is included via ``add_subdirectory``. * Improved build configuration. * Fixed various warnings and compilation issues. * Improved documentation. * Continuous integration and test improvements. - Bump soversion to 8 ++++ osinfo-db: - Update to database version 20210621 osinfo-db-20210621.tar.xz - Drop patches contained in new tarball SLE-add-info-about-UEFI-support.patch add-sle15sp3-support.patch add-slem50-support.patch fix-sle15sp1-volume-id-string.patch ++++ shim: - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz - Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch to handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the maximum variable size check for u-boot (bsc#1185621) + Also drop AArch64 suse-signed shim since we merged this patch - Add shim-bsc1185261-relax-import_mok_state-check.patch to relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) - Add shim-bsc1185232-relax-loadoptions-length-check.patch to ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist - Add shim-fix-aa64-relsz.patch to fix the size of rela sections for AArch64 Fix: https://github.com/rhboot/shim/issues/371 - Add shim-disable-export-vendor-dbx.patch to disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Add shim-bsc1185232-fix-config-table-copying.patch to avoid buffer overflow when copying data to the MOK config table (bsc#1185232) ++++ sysuser-tools: - Bump version up to 3.1. The --replace parameter only appeared in systemd 238, so we need to ensure to get the update order correct for sysuser-generate when using the 3rd command line parameters: * systemd -> sysuser-tools -> system-{user|group}-FOO. - Add dependency on systemd >=238 if systemd is installed to sysuser-shadow - update sysuser_requires to request sysuser-shadow 3.1 ++++ virt-manager: - Upstream bug fixes (bsc#1027942) d3c627f1-volumeupload-Use-1MiB-read-size.patch cf93e2db-console-fix-error-with-old-pygobject.patch 143c6bef-virtinst-fix-error-message-format-string.patch fe8722e7-createnet-Remove-some-unnecessary-max_length-annotations.patch d9b5090e-Fix-forgetting-password-from-keyring.patch ++++ yast2: - Y2Issues::List: Add methods size and concat (related to bsc#1181295). - 4.4.13 ++++ yast2-trans: - Update to version 84.87.20210620.b9c691b1c1: * New POT for text domain 'gtk'. * New POT for text domain 'packager'. * Translated using Weblate (Czech) * New POT for text domain 'firstboot'. * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Finnish) * Translated using Weblate (Czech) * Translated using Weblate (Czech) ------------------------------------------------------------------ ------------------ 2021-6-19 - Jun 19 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - net/x25: Return the correct errno code (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - commit be65fa1 - cfg80211: avoid double free of PMSR request (git-fixes). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - commit c7889a3 - can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693 bsc#1187452). - commit 02583ee ++++ Mesa: - update to 21.1.3 * third bugfix * mostly AMD fixes ------------------------------------------------------------------ ------------------ 2021-6-18 - Jun 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - commit 9bd57ed ++++ libgpg-error: - Drop --with-pic (no effect with --disable-static). ++++ systemd: - Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Paths under /run/lock are still managed by systemd for lack of better place. ++++ tpm2.0-tools: - Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the tpm2_eventlog command (boo#1187360) ------------------------------------------------------------------ ------------------ 2021-6-17 - Jun 17 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.106.g760b0c69: * chore(suse): add Conflicts for old suse-module-tools to specfile (bsc#1187115) - Update to version 055+suse.104.g9d45c1df: * feat(suse-initrd): add INITRD_MODULES from /etc/sysconfig/kernel, too * fix(suse-initrd): call dracut_instmods with hostonly= * fix(suse-initrd): use $kernel rather than $(uname -r) ++++ haproxy: - Update to version 2.4.1+git0.1ce7d4925: * [RELEASE] Released version 2.4.1 * BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces * BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace * MINOR: mux-h2: obey http-ignore-probes during the preface * BUG/MINOR: stats: make "show stat typed desc" work again * CLEANUP: mux-h2/traces: better align user messages * MINOR: mux-h2/trace: report a few connection-level info during h2_init() * MINOR: connection: add helper conn_append_debug_info() * BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers * BUG/MINOR: mux-h1: do not skip the error response on bad requests * MINOR: backend: only skip LB when there are actual connections * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue * CLEANUP: global: remove unused definition of stopping_task[] * BUG/MINOR: mworker: fix typo in chroot error message * BUG/MINOR: ssl: use atomic ops to update global shctx stats * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE * BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node * BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree * BUG/MEDIUM: server: do not forget to generate the dynamic servers ids * BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees * BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server' * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id * DOC: lua: Add a warning about buffers modification in HTTP * BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs * MEDIUM: resolvers: add a ref between servers and srv request or used SRV record * MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item * BUG/MINOR: resolvers: answser item list was randomly purged or errors * CLEANUP: l7-retries: do not test the buffer before calling b_alloc() * BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded * CLEANUP: pools: remove now unused seq and pool_free_list * BUG/MAJOR: pools: fix possible race with free() in the lockless variant * MEDIUM: pools: use a single pool_gc() function for locked and lockless * MINOR: pools: call malloc_trim() under thread isolation * MINOR: pools: do not maintain the lock during pool_flush() * BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data * BUG/MEDIUM: compression: Properly get the next block to iterate on payload * BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block * BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode * Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode" * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future * BUILD: make tune.ssl.keylog available again * DOC: use the req.ssl_sni in examples * MINOR: errors: allow empty va_args for diag variadic macro * BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry * DOC/MINOR: move uuid in the configuration to the right alphabetical order * BUG/MINOR: vars: Be sure to have a session to get checks variables * CLEANUP: http-ana: Remove useless if statement about L7 retries * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree * BUG/MINOR: http: Missing calloc return value check in make_arg_list * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine * BUG/MINOR: peers: Missing calloc return value check in peers_register_table * BUG/MINOR: server: Missing calloc return value check in srv_parse_source * DOC: intro: Fix typo in starter guide * MINOR: cfgparse: Fail when encountering extra arguments in macro * MINOR: http-ana: Perform L7 retries because of status codes in response analyser * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts * BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry * Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers" * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter * BUILD/MINOR: opentracing: fixed build when using clang * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry ++++ kernel-default: - ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config (git-fixes). - commit 85be7e7 - blacklist.conf: the driver has not been converted to new error codes - commit 5e49259 - UsrMerge the kernel (boo#1184804) - Move files in /boot to modules dir The file names in /boot are included as %ghost links. The %post script creates symlinks for the kernel, sysctl.conf and System.map in /boot for compatibility. Some tools require adjustments before we can drop those links. If boot is a separate partition, a copy is used instead of a link. The logic for /boot/vmlinuz and /boot/initrd doesn't change with this patch. - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - commit 6f5ed04 - x86/sev: Check SME/SEV support in CPUID first (jsc#SLE-14337). - iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1187348). - iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1187345). - x86/sev-es: Use __put_user()/__get_user() for data accesses (bsc#1187351). - x86/sev-es: Forward page-faults which happen during emulation (bsc#1187350). - x86/sev-es: Don't return NULL from sev_es_get_ghcb() (bsc#1187349). - iommu/vt-d: Remove WO permissions on second-level paging entries (bsc#1187346). - iommu/vt-d: Report right snoop capability when using FL for IOVA (bsc#1187347). - iommu: Fix a boundary issue to avoid performance drop (bsc#1187344). - x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Add 32-bit boot #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Setup IDT in startup_32 boot path (jsc#SLE-14337). - x86/boot/compressed/64: Reload CS in startup_32 (jsc#SLE-14337). - x86/sev: Do not require Hypervisor CPUID bit for SEV guests (jsc#SLE-14337). - x86/boot/compressed/64: Cleanup exception handling before booting kernel (jsc#SLE-14337). - iommu/amd: Keep track of amd_iommu_irq_remap state (https://bugzilla.kernel.org/show_bug.cgi?id=212133). - x86/sev-es: Do not support MMIO to/from encrypted memory (jsc#SLE-14337). - x86/head/64: Check SEV encryption before switching to kernel page-table (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Introduce sev_status (jsc#SLE-14337). - x86/boot/64: Explicitly map boot_params and command line (jsc#SLE-14337). - x86/head/64: Disable stack protection for head$(BITS).o (jsc#SLE-14337). - commit 9810251 - usb: gadget: eem: fix wrong eem header operation (git-fixes). - commit 88ac26b - usb: fix various gadget panics on 10gbps cabling (git-fixes). - commit 43c2b75 - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - commit 6960da4 - dmaengine: idxd: add missing dsa driver unregister (git-fixes). - ALSA: seq: Fix race of snd_seq_timer_open() (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8 (git-fixes). - ALSA: hda/realtek: headphone and mic don't work on an Acer laptop (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360 1040 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly G2 (git-fixes). - ASoC: amd: fix for pcm_read() error (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - commit 4d314e7 - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - commit 4b0a18c - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - commit a61b441 - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - commit f1cf5e2 - usb: dwc3: ep0: fix NULL pointer exception (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - commit 6edf7f4 - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - commit 623c00b - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - commit 2b181d0 ++++ kernel-firmware: - Update to version 20210609 (git commit 0f66b74b6267): * cypress: update firmware for cyw54591 pcie * cypress: update firmware for cyw4373 sdio * cypress: update firmware for cyw43570 pcie * cypress: update firmware for cyw4356 sdio * cypress: update firmware for cyw4354 sdio * cypress: update firmware for cyw43455 sdio * cypress: update firmware for cyw43430 sdio * cypress: update firmware for cyw43340 sdio * cypress: update firmware for cyw43012 sdio * rtl_bt: Add rtl8761bu firmware * rtl_bt: Add rtl8761b firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2946 * mediatek: update MT7915 firmware to 20201105 * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x05A8_A0CB * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x09A8_A0CB * linux-firmware: update firmware for MT7921 WiFi device * QCA: Add Bluetooth firmware for WCN685x * QCA: Update Bluetooth firmware for QCA6174 * QCA: Update Bluetooth firmware for QCA6390 * cxgb4: Update firmware to revision 1.25.6.0 ++++ less: - update to 590: * Make less able to read lesskey source files (deprecating lesskey). * If XDG_CONFIG_HOME is set, find lesskey source file in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey. * If XDG_DATA_HOME is set, find and store history file in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst. * Add the --lesskey-src option. * Add the --file-size option. * With -F, if screen is resized to make file fit on one screen, don't exit. ++++ gcc11: - Update to gcc-11 branch head (79c1185de4a05fdea13b6b0207), git340 * Fixes ceph build failure. [gcc#101078] ++++ patterns-microos: - create pattern for k3s (jsc#SMO-40) ++++ python-ordered-set: - Add Provides: for python*dist(ordered-set): work around boo#1186870 ++++ suse-module-tools: - Update to version 15.3.7: * Fix treatment of compressed modules (bsc#1187093) ++++ tpm2.0-tools: - Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better fix of boo#1187316 - Re-enable lto ++++ yast2: - add riscv64 architecture helper (jsc#SLE-19562) - 4.4.12 ------------------------------------------------------------------ ------------------ 2021-6-16 - Jun 16 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.0: + Now NetworkManager uses systemd-resolved API to lookup the system hostname via reverse DNS. If systemd-resolved is not available, a 'nm-daemon-helper' binary is spawned to perform the lookup using the 'dns' NSS module. - Rebase patches. ++++ btrfsprogs: - Add --disable-zoned for leap ++++ kernel-default: - bcache: avoid oversized read request in cache missing code path (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1187357, bsc#1185570, bsc#1184631). - lib: crc64: fix kernel-doc warning (bsc#1187357). - bcache: fix a regression of code compiling failure in debug.c (bsc#1187357). - bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1187357). - md: bcache: Trivial typo fixes in the file journal.c (bsc#1187357). - md: bcache: avoid -Wempty-body warnings (bsc#1187357). - bcache: use NULL instead of using plain integer as pointer (bsc#1187357). - bcache: remove PTR_CACHE (bsc#1187357). - bcache: reduce redundant code in bch_cached_dev_run() (bsc#1187357). - bcache: don't pass BIOSET_NEED_BVECS for the 'bio_set' embedded in 'cache_set' (bsc#1187357). - bcache: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1187357). - bcache: inherit the optimal I/O size (bsc#1187357). - commit ce1a322 - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - commit 1d82c71 - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - commit f37fbe9 - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - commit 08513d7 - usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - commit 08559a5 - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - commit 31da646 - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - commit 1d4c2a3 - tracing: Correct the length check which causes memory corruption (git-fixes). - commit 0072a4b - tracing: Restructure trace_clock_global() to never block (git-fixes). - commit 6d6d42d - Refresh patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch. - commit f631d93 - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - commit 533e192 - blacklist.conf: 75d3e7f4769d ("s390/test_unwind: fix possible memleak in test_unwind()") We build test_unwind kernel module out of tree. - commit abf9977 - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - commit 31cd567 - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413). - commit 7387ee5 - ocfs2: fix data corruption by fallocate (bsc#1187412). - commit 684ec92 - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - commit 42391aa - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - commit 36f6f1f - Update config files: CONFIG_SND_HDA_INTEL=m for armv7hl, too (bsc#1187334) It's used by openQA. - commit c363e06 - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - commit d8152b1 - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - commit 41eb311 - ext4: fix error code in ext4_commit_super (bsc#1187407). - commit 350d1b1 - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - commit 57c9a0a - kyber: fix out of bounds access when preempted (bsc#1187403). - commit 491df1f - block: Discard page cache of zone reset target range (bsc#1187402). - commit 74c08d5 - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - commit 372fbf0 - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - commit 6b30fe5 - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - commit 96f285d - cifs: constify get_normalized_path() properly (bsc#1185902). - commit f4ccabe - cifs: don't cargo-cult strndup() (bsc#1185902). - commit 2296da2 ++++ efivar: - Add efivar-bsc1187386-fix-emmc-parsing.patch to fix the eMMC sysfs parsing (bsc#1187386) ++++ openldap2: - bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch ++++ microos-tools: - Update to version 2.11 - Fix unwritable /var / /etc after SELinux relabel [bsc#1186563] ------------------------------------------------------------------ ------------------ 2021-6-15 - Jun 15 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - revert previous change, unintentionally disables zstd on tumbleweed - Fix build for leap * --disable-zstd if leap < 42.3 * --disable-zoned for leap ++++ cloud-regionsrv-client: - Update to version 9.2.0 (bsc#1029162) + Support IPv6 as best-effort, with fallback to IPv4 ++++ kernel-default: - Updated patch-mainline tags. Also moved the affected patches into the sorted section. Change in patch order moved devm_rpi_firmware_put but it aligns with mainline. - commit bb0636f - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - commit d2e5d40 - Update config files: enable zstd decompression for initramfs (bsc#1187483, jsc#SLE-18766) - commit 0fe9f47 - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - commit a9bf6b8 - sched/debug: Fix cgroup_path[] serialization (git-fixes) - commit 24c7edf - blacklist.conf: We don't support uclamp - commit 0b70e65 - blacklist.conf: We have CONFIG_JUMP_LABEL - commit 093a643 - series.conf: cleanup - update upstream references and move into sorted section: patches.suse/mac80211-add-fragment-cache-to-sta_info.patch patches.suse/mac80211-assure-all-fragments-are-encrypted.patch patches.suse/mac80211-check-defrag-PN-against-current-frame.patch patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch No effect on expanded tree. - commit 9fdca2b - series.conf: cleanup Move a SUSE specific patch ("Patch-mainline: Never...") to corresponding per-subsystem section. - commit 811dc9a - fix patch metadata - fix Patch-mainline: patches.suse/RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch - commit c80eef0 ++++ gcc11: - Change disable_32bit to only disable multilibs for arhcs subject to 32bit/64bit handling and make it effective on x86_64. - Remove the duplicate spec header from cross.spec.in ++++ netcontrol: - version 0.3.2 - use SPDX shortname lincense and PKG_INSTALLDIR autoconf macro - virsh iface-list takes too long with many interfaces (bsc#1179144) - Cleanup netcf functions, include elapsed time in debug messages - Changed to refresh config and system info to keep them consistent - Add (fix or) adaptive refresh caching, set to double refresh-time - Implemented new backend refresh using wicked config/system queries - remove packages included in 0.3.2 source archive: [- 0005-bonding-don-t-complain-about-unknown-options.1132794.patch] [- 0004-udev-use-correct-udev-rule-write-lock-directory.patch] [- 0003-sysconfig-fix-segfault-on-missed-end-quote-bsc-10277.patch] [- 0002-Fix-invalid-check-in-route-creation-bsc-1148646.patch] [- 0001-virsh-iface-list-not-working-as-expected-bsc-1029201.patch] ++++ tpm2.0-tools: - Disable lto to fix tpm2_checkquote error (boo#1187316) - Update service file to point to the correct revision ++++ wicked: - version 0.6.66 - wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920) - support multiple networks configurations per interface - show connection status and scan-results (bsc#1160654) - corrected eap-tls,ttls cetificate handling and open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - cleanups and several other improvements, see changes - updated man ifcfg-wireless manual pages - nanny: fix identify node owner exit condition - schema: several xml-schema and dbus/property improvements - utils: format/parse bitmap to array and string alternatives - client: expose ethtool --get-permanent-address option - removed sle15-sp3 patches included in the master sources (bsc#1181812) [- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] [- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] ------------------------------------------------------------------ ------------------ 2021-6-14 - Jun 14 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomáš Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Removes audit-fno-common.patch: fixed in upstream - Removes audit-python3.patch: fixed in upstream ++++ dracut: - Update to version 055+suse.100.ga2700279: * fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115) * chore(suse): erase conditional for usrmerge from specfile * chore(suse): fix specfile for usrmerge ++++ kernel-default: - series.conf: cleanup Move a queued patch to "almost mainline" section. - commit a847492 - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - commit 8fa709b - x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid() (bsc#1178134). - commit 08621e3 - blacklist: add commit 4f06dd92b5d0 ("fuse: fix write deadlock") This is an ancient bug (from v2.6.26) which require extra backports. Not worth the risk introducing new regressions. - commit f0ede60 - efi/libstub: prevent read overflow in find_file_option() (git-fixes). - commit 9d1183c - kABI workaround for rtw88 (git-fixes). - commit 8a7edfc - usb: typec: intel_pmc_mux: Put fwnode in error case during - >probe() (git-fixes). - thunderbolt: usb4: Fix NVM read buffer bounds and offset issue (git-fixes). - rtw88: 8822c: add LC calibration for RTL8822C (git-fixes). - commit 3f6037a - mmc: sdhci: Clear unused bounce buffer at DMA mmap error path (bsc#1187039). - commit 757ad8a - rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672) The previous commit made a module wrongly into Module.optional. Although it didn't influence on the end result, better to fix it. Also, add a comment to explain the markers briefly. - commit 8f79742 - block: return the correct bvec when checking for gaps (bsc#1187144). - commit 22678f9 - Update patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch (bsc#1184436 bsc#1186286). - commit 3b95648 - sched/fair: Make sure to update tg contrib for blocked load (git-fixes) - commit 9eeb58b - sched/fair: Keep load_avg and load_sum synced (git-fixes) - commit 8888330 - Refresh patches.suse/bpf-Fix-alu32-const-subreg-bound-tracking-on-bitwise.patch. - Refresh patches.suse/bpf-Prevent-writable-memory-mapping-of-read-only-rin.patch. - Refresh patches.suse/bpf-ringbuf-Deny-reserve-of-buffers-larger-than-ring.patch. - commit da26c78 - gpio: wcd934x: Fix shift-out-of-bounds error (git-fixes). - drm/mcde: Fix off by 10^3 in calculation (git-fixes). - drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650 (git-fixes). - drm/msm/a6xx: update/fix CP_PROTECT initialization (git-fixes). - Revert "ACPI: sleep: Put the FACS table after using it" (git-fixes). - commit e1018b7 - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - commit b524f7e ++++ less: - Remove --with-pic (no static libs are ever produced). ++++ alsa: - Update to version 1.2.5.1: a bug fix release, including previous patches: https://www.alsa-project.org/wiki/Changes_v1.2.5_v1.2.5.1 - Drop obsoleted patches: 0001-conf-fix-load_for_all_cards.patch 0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch 0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch ++++ audit: - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomáš Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Remove audit-fno-common.patch: fixed in upstream - Remove audit-python3.patch: fixed in upstream ++++ podman: - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert "Ensure minimum API version is set correctly in tests" * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common@v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common@v0.38.7 * [v3.2] vendor containers/common@v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev ++++ python-M2Crypto: - Update to 0.38.0: - Remove the last use of setup.py test idiom. - Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer. - Add support for arm64 big endian - Make support of RSA_SSLV23_PADDING optional (it has been deprecated). - Move project to src/ layout - Allow verify_cb_* to be called with ok=True - Be prepared if any of constants in x509_vfy.h is not available. - But we do support 3.8 - We DO NOT support Python 2.6. - All patches were upstreamed: - 293_sslv23_padding.patch - no-need-parameterized.patch - python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch ++++ yast2-trans: - Update to version 84.87.20210612.ff10a453ed: * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'proxy'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Italian) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'ftp-server'. * New POT for text domain 'bootloader'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) ------------------------------------------------------------------ ------------------ 2021-6-13 - Jun 13 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Add now working CONFIG parameter to sysusers generator ++++ dnsmasq: - Add now working CONFIG parameter to sysusers generator ++++ transactional-update: - Version 3.4.0 - Apply SElinux context on /etc in transaction [boo#1185625], [boo#1185766] [bsc#1186842], [boo#1186775] - Implement inotify handling in C instead of Bash; this makes the - -drop-if-no-change option work on SLE Micro [bsc#1184529] - Use `tukit call` for up, dup and patch to allow resuming an update after zypper updated itself in the snapshot [bsc#1185226] - Fix obsolete output type messages in initrd [boo#1177149] - Make different base snapshot warning more visible [bsc#1185224] ------------------------------------------------------------------ ------------------ 2021-6-11 - Jun 11 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Add dracut modules for afterburn ++++ glib2: - Update to version 2.68.3: + Bugs fixed: - testfilemonitor test leaks ip_watched_file_t struct - GFile: `g_file_replace_contents()` reports `G_IO_ERROR_WRONG_ETAG` when saving from a symlink - Backport !2128 “inotify: Fix a memory leak” to glib-2-68 - Backport !2136 “tlscertificate: Avoid possible invalid read” to glib-2-68 - Backport !2138 “glocalfileoutputstream: Fix ETag check when replacing through a symlink” to glib-2-68. ++++ kernel-default: - Add arch-dependent support markers in supported.conf (bsc#1186672) We may need to put some modules as supported only on specific archs. This extends the supported.conf syntax to allow to put +arch additionally after the unsupported marker, then it'll be conditionally supported on that arch. - commit 75113c7 - Create Symbols.list and ipa-clones.list determistically without this patch, filesystem readdir order would influence order of entries in these files. This patch was done while working on reproducible builds for SLE. - commit a898b6d - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (bsc#1187050, CVE-2020-36385) - commit d630126 - Update patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch (bsc#1186463 CVE-2021-0129 CVE-2020-26558). - commit 3b40194 - Update config files (bsc#1187167) Set empty to CONFIG_MODULE_SIG_KEY for reproducible builds - commit d4c1c78 - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (git-fixes). - commit fbebaf6 - Bluetooth: fix the erroneous flush_work() order (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - commit 64bd478 ++++ libgcrypt: - Security fix: [bsc#1187212, CVE-2021-33560] * Libgcrypt mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm - Add patches: * libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch * libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch ++++ libpcap: - Update to 1.10.1 * Fix "type XXX subtype YYY" giving a parse error * Add PCAP_AVAILABLE_1_11. * Rename struct bpf_aux_data to avoid NetBSD compile errors * Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR * Fix Bison detection for minor version 0. * Fix parallel build with FreeBSD make. * Get DLT_MATCHING_MAX right in gencode.c on NetBSD. * Define timeradd() and timersub() if necessary. * Fix Cygwin/MSYS target directories. * Fix symlinking with DESTDIR. * Fix generation of libpcap.pc with CMake when not building a shared library. * Support reading version 1.2, which some writers produce, and which is the same as 1.0 * Drop support for text-mode USB captures, as we require a 2.6.27 or later kernel * Bluetooth: fix non-blocking mode. Don't assume that all compilers used to build for Linux support the __atomic builtins ++++ osinfo-db: - Update to database version 20210531 osinfo-db-20210531.tar.xz - Drop add-leap15.3-support.patch ++++ python-urllib3: - Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503) * Improve performance of sub-authority splitting in URL ++++ qemu: - Improve compatibility with gcc 11: target-sh4-Return-error-if-CPUClass-get_.patch tcg-arm-Fix-tcg_out_op-function-signatur.patch ++++ yast2: - Yast2::AutoClient.run: Ensure that Reset, Read, and SetModified return nil regardless of their implementation, to prevent a crash in the component system (bsc#1187233) - 4.4.11 ------------------------------------------------------------------ ------------------ 2021-6-10 - Jun 10 2021 ------------------- ------------------------------------------------------------------ ++++ gptfdisk: - Update to 1.0.8 * Fixed double byte swap operation on writes of partition name data on big-endian systems; this is in addition to the double byte swap fix on reading partition label data fixed in 1.0.7. (Thanks to Erik Larsson for both fixes.) * Added feature to gdisk and sgdisk to enable swapping the byte order of partition names, so as to correct disks already affected by the preceding bug. This option is 'b' on the experts' menu in gdisk and - b/--byte-swap-name in sgdisk. This seems advanced/obscure enough that I don't want to clutter cgdisk's menu with this option, so I haven't added it there. * Added type code for the Barebox boot loader (0xbb00; 4778ED65-BF42-45FA-9C5B-287A1DC4AAB1). * Fixed bug that caused spurious warnings about the partition table header claiming an invalid size of partition entries when reading some MBR disks. * Added ARM64 as an architecture for the Mac builds of gdisk and fixparts. The official GPT fdisk binaries of these files for macOS are now "universal" x86-64/ARM64 binaries, so they will run natively on the new M1 (ARM64) Macs. The sgdisk and cgdisk binaries, though, remain built only for x86-64, because they rely on libraries that are not easily built in "universal" form. * Fixed double byte swap operation on partition label data on big-endian CPUs. This resulted in partition names becoming gibberish on such CPUs. * Added three new type codes: - 0x0701 - Microsoft Storage Replica - 0x0702 - ArcaOS Type 1 - 0x8401 - Storage Performance Development Kit (SPDK) block device - Drop fix-spurious-warnings.patch ++++ kernel-default: - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - commit 36cc9f2 - kernel-binary.spec.in: Add Supplements: for -extra package on Leap kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does on SLED, and like the kernel-$flavor-optional package does. - commit c60d87f - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - commit 1c4876a - block: return the correct bvec when checking for gaps (bsc#1187143). - commit 1a99a11 - series: Resort and update metadata Resort series.conf and update meta data: patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch - commit f894385 ++++ gcc11: - Add newlib-4.1.0-aligned_alloc.patch to fix nvptx cross build fail. [bsc#1187153] ++++ libnettle: - Security fix: [CVE-2021-3580, bsc#1187060] * Remote crash in RSA decryption via manipulated ciphertext - Add patches: * libnettle-CVE-2021-3580-rsa_sec.patch * libnettle-CVE-2021-3580-rsa_decrypt.patch ++++ libxslt: - Backport upstream xsltproc manpage fix f165525f Recreate xsltproc man page with old Docbook stylesheet URL Recreate-xsltproc-man-page-with-old-Docbook-styleshe.patch ++++ libzypp: - Enhance XML output of repo GPG options (fixes openSUSE/zypper#390) In addition to the effective values, add optional attributes showing the raw values actually present in the .repo file. (raw_gpgcheck, raw_repo_gpgcheck, raw_pkg_gpgcheck) - Link all executables with -pie (bsc#1186447) - Ship an empty /etc/zypp/needreboot per default (fixes #311, jsc#PM-2645) If packages want to trigger the reboot-needed hiint upon installation they may provide 'installhint(reboot-needed)'. Builtin packages triggering the hint without the provides are only kernel and kernel-firmware related. - Add Solvable::isBlacklisted as superset of retracted and ptf packages (bsc#1186503) - Fix segv if ZYPP_FULLOG is set (fixes #317) - version 17.27.0 (22) ++++ systemd-presets-common-SUSE: - To make update of package man work with its new upstream timer and service units both called man-db enable also man-db.timer ++++ zypper: - Link all executables with -pie (bsc#1186447) - Tag PTF packages in the status column (bsc#1186503) Like retracted packages, a program temporary fix must be explicitly selected and will otherwise not be considered in dependency resolution. - BuildRequires: libzypp-devel >= 17.26.1. - version 1.14.46 ------------------------------------------------------------------ ------------------ 2021-6-9 - Jun 9 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - ixgbe: fix large MTU request from VF (git-fixes). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - gve: Correct SKB queue index validation (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net/mlx4: Fix EEPROM dump support (git-fixes). - Revert "net: liquidio: fix a NULL pointer dereference" (git-fixes). - Revert "qlcnic: Avoid potential NULL pointer dereference" (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - commit 4451268 - btrfs: open device without device_list_mutex (bsc#1176771). - commit c922550 - UCSI fixup of array of PDOs (git-fixes). - commit 554911b - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 (git-fixes). - commit 62a78a2 - i2c: imx: fix reference leak when pm_runtime_get_sync fails (git-fixes). - commit 7b525ce - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - commit 50e12e5 - ice: handle the VF VSI rebuild failure (jsc#SLE-12878). - ice: Fix allowing VF to request more/less queues via virtchnl (jsc#SLE-12878). - cxgb4: fix regression with HASH tc prio value update (jsc#SLE-15131). - net/mlx5e: Fix incompatible casting (jsc#SLE-15172). - netfilter: nf_tables: missing error reporting for not selected expressions (bsc#1176447). - net/sched: act_ct: Offload connections with commit action (jsc#SLE-15172). - devlink: Correct VIRTUAL port to not have phys_port attributes (jsc#SLE-15172). - net: zero-initialize tc skb extension on allocation (bsc#1176447). - net/sched: fq_pie: fix OOB access in the traffic path (jsc#SLE-15172). - net/sched: fq_pie: re-factor fix for fq_pie endless loop (jsc#SLE-15172). - net/mlx5: Set term table as an unmanaged flow table (jsc#SLE-15172). - net/mlx5e: Fix error path of updating netdev queues (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (jsc#SLE-15172). - net/mlx5e: Fix null deref accessing lag dev (jsc#SLE-15172). - net/mlx5: Set reformat action when needed for termination rules (jsc#SLE-15172). - net: hns3: fix incorrect resp_msg issue (jsc#SLE-14777). - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version (bsc#1176447). - cxgb4/ch_ktls: Clear resources when pf4 device is removed (jsc#SLE-15129). - chelsio/chtls: unlock on error in chtls_pt_recvmsg() (jsc#SLE-15129). - commit 9e162d7 - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - commit a6466ca ++++ alsa: - Fix regression in config read and UCM handling on pipewire and pulseaudio (boo#1187079, boo#1187033): 0001-conf-fix-load_for_all_cards.patch 0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch 0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch ++++ fuse3: - Update to release 3.10.4 * Source code: fixed memory leaks in examples. ++++ gcc11: - Update to gcc-11 branch head (c6d2487098f9dde4f9ac59e5be), git273 ++++ libnettle: - GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060] * Fix crash for zero input to rsa_sec_decrypt and rsa_decrypt_tr. Potential denial of service vector. * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return failure for out of range inputs, instead of either crashing, or silently reducing input modulo n. Potential denial of service vector. * Ensure that rsa_decrypt returns failure for out of range inputs, instead of silently reducing input modulo n. * Ensure that rsa_sec_decrypt returns failure if the message size is too large for the given key. Unlike the other bugs, this would typically be triggered by invalid local configuration, rather than by processing untrusted remote data. ++++ tpm2.0-abrmd: - Requires libtss2-tcti-{device0,tabrmd0} (bsc#1187077). In MicroOS systems the recommendations are not installed, making the service fail to initialize: Failed to instantiate TCTI ++++ pam-config: - Add "revoke" to the option list for pam_keyinit (Remove some leftover debugs while we're at it) [pam-config-fix-pam_keyinit-options.patch] - prior to writing an service-specific config file, the main function calls access() on the destination file in /etc/pam.d. This will fail and no config file will be written when the original config file was installed in /usr/etc/pam.d. A similar problem exists when creating the new service file: create_service_file() wants to give the new service file the same user, group and mode as the old one, but the old one may not exist. In that case, set these to 0(root), 0(root), and 0644. [pam-config-remove-bad-access-call.patch, bsc#1187091] ++++ python-dbus-python: - Update to latest version from tumbleweed jira#OPENSUSE-22 boo#1183818 - Enable testsuite ++++ qemu: - Enable zstd compression option to qcow2 ++++ ovmf: - Add ovmf-bsc1186151-fix-iscsi-overflows.patch to fix the possible overflows in IScsiDxe (bsc#1186151) ++++ tar: - Link /var/lib/tests/tar/bin/genfile as Position-Independent Executable (bsc#1184124). + tar-PIE.patch ++++ thin-provisioning-tools: - Link as position-independent executable (bsc#1184124). ++++ u-boot-rpiarm64: Fix Ethernet PHY initialization on OdroidC2 (boo#1187095) Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches added: 0015-arm64-dts-meson-odroidc2-readd-PHY-.patch ------------------------------------------------------------------ ------------------ 2021-6-8 - Jun 8 2021 ------------------- ------------------------------------------------------------------ ++++ augeas: - add remove-unportable-tests.patch to fix build ++++ gobject-introspection: - gi-find-deps.sh: Don't use HOSTTYPE, use RPM_ARCH. - ia64 never used ()(64bit) markers, do drop that from gi-find-deps. - gi-find-deps.sh: on Tumbleweed, HOSTTYPE on ppc64/ppc64le reports powerpc64 and powerpc64le: accept those strings as 64bit archs. ++++ kernel-default: - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" (bsc#1187067). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - commit a34cc53 - x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186885). - commit c1bc56f - Update kabi files. - Update from the June 2021 maintenance update submission (commit eaf040d1bea) - commit ff2915c - Update patch reference for a BT fix (CVE-2020-36386 bsc#1187038) - commit 673eac4 - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - commit 12081a6 - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: megaraid_sas: Don't call disable_irq from process IRQ poll (bsc#1186972). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: ufs: Don't update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle" (bsc#1186949). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - commit 063da01 ++++ multipath-tools: - install to /usr on Tumbleweed (boo#1029961) ++++ gcc11: - tune armv7 to generic-armv7-a - enable build for arm-none cross builders in rings, needed by arm-trusted-firmware ++++ python3-core: - add 22198.patch to build with Sphinx 4 ++++ podman: - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage@v1.31.3 * vendor containers/common@v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print "extracting" only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved "containers/{name}/wait" endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API "images/get" for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting "/" and "/root" * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag "--pidfile" for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume "U" option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes ++++ python3: - add 22198.patch to build with Sphinx 4 ++++ python-pyzmq: - update to version 17.1.2 (fixes boo#1186945) * Fix possible hang when working with asyncio * Remove some outdated workarounds for old Cython versions * Fix some compilation with custom compilers * Remove unneeded link of libstdc++ on PyPy ++++ rust-keylime: - Update to version 0.0.1+git.1620935374.4df2148: * Add function to read PCR mask * Small fixes in TPM functions * Send quote data to actixweb handlers ++++ sysconfig: - Link as Position Independent Executable (bsc#1184124). - version 0.85.7 ++++ system-users: - Add default hardware group for 'sgx' enclave access Since udev v248, a default rule for /dev/sgx_enclave is provided to give rw access to the new group hopefully making 'sgx' the standard group name for such devices. [bsc#1190572] ++++ yast2: - Ignore sysctl configuration files that do not have the .conf extension. The only exception are kernel files (/boot/sysctl.conf-*) (bsc#1187018). - 4.4.10 ------------------------------------------------------------------ ------------------ 2021-6-7 - Jun 7 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils ++++ bzip2: - Drop --with-pic (no effect with --disable-static) - Use %autosetup (rediff bzip2-1.0.6.2-autoconfiscated.patch to p1) ++++ combustion: - combustion: Relabel the old snapshot (if necessary) and explicitly trigger autorelabel for the new snapshot ++++ kernel-default: - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - commit df14b8a - blacklist: Add not necessary git-fixes - commit 203b357 - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - commit f17f786 - pid: take a reference when initializing `cad_pid` (bsc#1152489). - commit 7fbca02 - rpm/config.sh: Build device trees (boo#1186928). - commit 0645dbf - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - commit 76a898b - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - commit c32c592 - brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186677). - commit abced70 - x86/fault: Don't send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - commit e986350 - powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR (jsc#SLE-13847 git-fixes). - commit c646236 - powerpc/kprobes: Fix validation of prefixed instructions across page boundary (jsc#SLE-13847 git-fixes). - commit 1cefe80 - Refresh patches.suse/cpuidle-pseries-Fixup-CEDE0-latency-only-for-POWER10.patch. Update to v4 submission. - commit 1222430 - config: refresh - drop PCIE_BW (removed by a backported patch) - commit 8a54d2d - fix patches metadata - fix Patch-mainline: patches.suse/NFS-Deal-correctly-with-attribute-generation-counter.patch patches.suse/NFS-Don-t-corrupt-the-value-of-pg_bytes_written-in-n.patch patches.suse/NFS-Don-t-discard-pNFS-layout-segments-that-are-mark.patch patches.suse/NFS-Don-t-gratuitously-clear-the-inode-cache-when-lo.patch patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch patches.suse/NFS-Fix-an-Oopsable-condition-in-__nfs_pageio_add_re.patch patches.suse/NFS-fix-an-incorrect-limit-in-filelayout_decode_layo.patch patches.suse/NFSD-Repair-misuse-of-sv_lock-in-5.10.16-rt30.patch patches.suse/NFSv4-Don-t-discard-segments-marked-for-return-in-_p.patch patches.suse/NFSv4-Fix-a-NULL-pointer-dereference-in-pnfs_mark_ma.patch patches.suse/NFSv4-Fix-v4.0-v4.1-SEEK_DATA-return-ENOTSUPP-when-s.patch patches.suse/NFSv4.2-Always-flush-out-writes-in-nfs42_proc_falloc.patch patches.suse/NFSv4.2-fix-handling-of-sr_eof-in-SEEK-s-reply.patch patches.suse/NFSv4.2-fix-return-value-of-_nfs4_get_security_label.patch patches.suse/NFSv42-Copy-offload-should-update-the-file-size-when.patch patches.suse/SUNRPC-Move-fault-injection-call-sites.patch patches.suse/SUNRPC-Set-memalloc_nofs_save-for-sync-tasks.patch patches.suse/fs-nfs-Use-fatal_signal_pending-instead-of-signal_pe.patch patches.suse/md-Fix-missing-unused-status-line-of-proc-mdstat.patch patches.suse/nfsd-register-pernet-ops-last-unregister-first.patch patches.suse/pNFS-NFSv4-Fix-a-layout-segment-leak-in-pnfs_layout_.patch patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch patches.suse/sunrpc-fix-refcount-leak-for-rpc-auth-modules.patch patches.suse/svcrdma-disable-timeouts-on-rdma-backchannel.patch patches.suse/x86-fix-seq_file-iteration-for-pat-memtype.c.patch patches.suse/xprtrdma-Avoid-Receive-Queue-wrapping.patch patches.suse/xprtrdma-rpcrdma_mr_pop-already-does-list_del_init.patch - commit 08c81db - fix patch metadata - fix Patch-mainline: patches.suse/pm-sleep-add-pm_debug_messages-kernel-command-line-option.patch - commit 9d4ad2b - kABI workaround for struct lis3lv02d change (git-fixes). - commit b20df4c - dmaengine: idxd: Use cpu_feature_enabled() (git-fixes). - ALSA: hda: update the power_state during the direct-complete (git-fixes). - drm/amdgpu: Don't query CE and UE errors (git-fixes). - drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (git-fixes). - serial: 8250_pci: handle FL_NOIRQ board flag (git-fixes). - drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (git-fixes). - drm/amdgpu: stop touching sched.ready in the backend (git-fixes). - ASoC: cs43130: handle errors in cs43130_probe() properly (git-fixes). - Revert "ASoC: cs43130: fix a NULL pointer dereference" (git-fixes). - commit f261b0d - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - commit 9592735 - Add No-fix tag to already backported sound fixes - commit 96fc983 - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - commit 957e0af - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: usbfs: Don't WARN about excessively large memory allocations (git-fixes). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - Revert "serial: max310x: pass return value of spi_register_driver" (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - commit 5cd70a0 - mei: request autosuspend after sending rx flow control (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - Revert "media: gspca: Check the return value of write_bridge for timeout" (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - commit c7b5e47 - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - Revert "media: dvb: Add check on sp8870_readreg" (git-fixes). - libertas: register sysfs groups properly (git-fixes). - Revert "libertas: add checks for the return value of sysfs_create_group" (git-fixes). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc" (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference" (git-fixes). - Revert "media: usb: gspca: add a missed check for goto_low_power" (git-fixes). - commit 337d971 - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588 bsc#1185861). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - Revert "dmaengine: qcom_hidma: Check for driver register failure" (git-fixes). - char: hpet: add checks after calling ioremap (git-fixes). - Revert "char: hpet: fix a missing check of ioremap" (git-fixes). - commit 17141be - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - ACPICA: Clean up context mutex during object deletion (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - brcmfmac: properly check for bus register errors (git-fixes). - Revert "brcmfmac: add a check for the status of usb_register" (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()" (git-fixes). - commit d3cc1eb ++++ kmod: - Enable support for ZSTD compressed modules ++++ libapparmor: - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils ++++ libxslt: - Don't disable testsuite under QEMU ++++ qemu: - Fix out-of-bounds write in virgl_cmd_get_capset CVE-2021-3546 bsc#1185981 vhost-user-gpu-abstract-vg_cleanup_mappi.patch - Fix memory leaks found in the virtio vhost-user GPU device CVE-2021-3544 bsc#1186010 vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch - Fix information disclosure due to uninitialized memory read CVE-2021-3545 bsc#1185990 vhost-user-gpu-fix-resource-leak-in-vg_r.patch ++++ supportutils: - Changes to version 3.1.16 + lsof options to improve performance (bsc#1186687) ++++ sysuser-tools: - Support systemd-sysusers --replace=/usr/lib/sysusers.d/ option - sysusers-generate-pre: only use first argument for grep - sysusers2shadow.sh: use "run" prefix for systemd-sysusers call - macros.sysusers: fix typo ++++ tpm2.0-tools: - Do not BuildRequire pandoc on ix86 architectures: the haskell stack is not supported on intel 32bit archs. ++++ yast2-trans: - Update to version 84.87.20210606.38199687e1: * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * New POT for text domain 'installation'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'registration'. * New POT for text domain 'apparmor'. * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-6-6 - Jun 6 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.40.2: + README: Remove outdated links. + Key grab fixes for the new API. + registryd: Add a missing call to va_end. ++++ distribution-logos-openSUSE: - Add icons package to handle systemd branding better ------------------------------------------------------------------ ------------------ 2021-6-5 - Jun 5 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.50.7: + Two cairo-related bug fixes: - glgo#GNOME/librsvg#745: Fix mismatched cairo_save/restore when running in inside the Cairo test suite. - glgo#GNOME/librsvg#746: Possible cairo_save() without cairo_restore() in render_layer(). ++++ libqmi: - Update to version 1.28.6 * New request/responses: - dms: implement "Foxconn Set FCC authentication" request/response. * libqmi-glib: - Fix transport detection in the 'wwan' subsystem. * build: - Fix build with GCC 11 and -Wincompatible-pointer-types. * Several other minor improvements and fixes. ------------------------------------------------------------------ ------------------ 2021-6-4 - Jun 4 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "char: hpet: fix a missing check of ioremap" (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - commit dac98b4 ++++ systemd: - Drop systemd's dependency on udev (jsc#PM-2677) In some environments (i.e. containers) udev is usually not necessary but pulls in unnecessary packages. - Now that chkconfig/insserv are history, let's implement the strict minimum in systemd-sysv-install to enable/disable SysV init scripts (bsc#1186595 bsc#1186359) Indeed there's no much point in dropping SysV support completely until upstream will do especially since 3rd party applications such as vmware still rely on it, see bsc#1186359). ------------------------------------------------------------------ ------------------ 2021-6-3 - Jun 3 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Version bump to 2.06 * rediff - 0001-add-support-for-UEFI-network-protocols.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - 0003-Make-grub_error-more-verbose.patch - 0003-bootp-New-net_bootp6-command.patch - 0005-grub.texi-Add-net_bootp6-doument.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - grub-install-force-journal-draining-to-ensure-data-i.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-diskfilter-support-pv-without-metadatacopies.patch - grub2-efi-HP-workaround.patch - grub2-efi-xen-cfg-unquote.patch - grub2-efi-xen-chainload.patch - grub2-fix-menu-in-xen-host-server.patch - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch - grub2-install-remove-useless-check-PReP-partition-is-empty.patch - grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch - grub2-mkconfig-default-entry-correction.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-s390x-03-output-7-bit-ascii.patch - grub2-s390x-04-grub2-install.patch - grub2-secureboot-install-signed-grub.patch - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch - use-grub2-as-a-package-name.patch * update by patch squashed: - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch - grub2-efi-chainload-harder.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-chainloader.patch - grub2-secureboot-add-linuxefi.patch * remove squashed patches: - 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch - 0009-squash-Add-support-for-linuxefi.patch - 0041-squash-Add-secureboot-support-on-efi-chainloader.patch - 0042-squash-grub2-efi-chainload-harder.patch - 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch - 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * drop upstream patches: - 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch - 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch - 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch - 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch - 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch - 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch - 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch - 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch - 0002-kern-Add-X-option-to-printf-functions.patch - 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch - 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch - 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch - 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch - 0003-normal-main-Search-for-specific-config-files-for-net.patch - 0004-calloc-Use-calloc-at-most-places.patch - 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch - 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch - 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch - 0005-efi-Add-secure-boot-detection.patch - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch - 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch - 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch - 0007-font-Do-not-load-more-than-one-NAME-section.patch - 0007-verifiers-Move-verifiers-API-to-kernel-image.patch - 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch - 0008-script-Remove-unused-fields-from-grub_script_functio.patch - 0009-kern-Add-lockdown-support.patch - 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch - 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch - 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch - 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch - 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch - 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch - 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch - 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch - 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch - 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch - 0018-gdb-Restrict-GDB-access-when-locked-down.patch - 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch - 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - 0024-kern-parser-Fix-resource-leak-if-argc-0.patch - 0025-kern-parser-Fix-a-memory-leak.patch - 0026-kern-parser-Introduce-process_char-helper.patch - 0027-kern-parser-Introduce-terminate_arg-helper.patch - 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch - 0029-kern-buffer-Add-variable-sized-heap-buffer.patch - 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch - 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch - 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch - 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch - 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch - 0036-util-mkimage-Improve-data_size-value-calculation.patch - 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch - 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch - 0039-grub-install-common-Add-sbat-option.patch - 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch - grub-install-define-default-platform-for-risc-v.patch - grub2-editenv-add-warning-message.patch - grub2-efi-gop-add-blt.patch - grub2-efi-uga-64bit-fb.patch - grub2-verifiers-fix-system-freeze-if-verify-failed.patch - risc-v-add-clzdi2-symbol.patch - risc-v-fix-computation-of-pc-relative-relocation-offset.patch - Add grub2-instdev-fixup.pl for correcting /etc/default/grub_installdevice to use disk devie if grub has been installed to it - Add 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch to fix detection of efi fwsetup support ++++ kernel-default: - kernel-binary.spec.in: build-id check requires elfutils. - commit 01569b3 - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - commit 33829e2 - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFS: Don't discard pNFS layout segments that are marked for return (git-fixes). - NFSv42: Copy offload should update the file size when appropriate (git-fixes). - SUNRPC: Move fault injection call sites (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFS: Don't gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Don't revalidate the directory permissions on a lookup failure (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - x86: fix seq_file iteration for pat.c (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - commit 60296fb ++++ Mesa: - update to 21.1.2 * second bugfix * mostly AMD and Intel changes as usual, but also a decent amount of ARM fixes and more. ++++ patterns-microos: - add zypper-migration-plugin to the default pattern (bsc#1186791) ++++ qemu: - disable sheepdog, it was dropped upstream ( https://gitlab.com/qemu-project/qemu/-/commit/09ec85176e4095be15f233ebc870d5680123f024) and fails to build with gcc 11 on non-x86 ++++ ovmf: - Correct the path to copy the Xen flavor ++++ yast2: - AutoYaST: SectionWithAttributes allows to indicate whether an attribute accepts blank values (related to jsc#PM-2620). - 4.4.9 - revert disable of hibernation based on product and virtual machines (bsc#1184470) - 4.4.8 ------------------------------------------------------------------ ------------------ 2021-6-2 - Jun 2 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Fix libavahi-devel requirements. The devel package installs libavahi-libevent.so but didn't require the library it's pointing to. ++++ chrony: - Change to using systemd-sysusers - Remove otherproviders, not needed anymore ++++ dnsmasq: - Change to using systemd-sysusers on TW ++++ e2fsprogs: - Fix the %doc files. RELEASE-NOTES is a symlink to doc/RelNotes/v%version. ++++ hwdata: - Update to version 0.348 (bsc#1186749): + Updated pci, usb and vendor ids. ++++ kbd: - Update the installed license file. COPYING is a symlink to LICENSE. Let's use this file directly. ++++ kernel-default: - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer has a mkmakefile script - commit b453c7b - scsi: smartpqi: Remove unused functions (bsc#1186472). - scsi: smartpqi: Fix device pointer variable reference static checker issue (bsc#1186472). - scsi: smartpqi: Fix blocks_per_row static checker issue (bsc#1186472). - scsi: smartpqi: Update version to 2.1.8-045 (bsc#1186472). - scsi: smartpqi: Add new PCI IDs (bsc#1186472). - scsi: smartpqi: Correct system hangs when resuming from hibernation (bsc#1186472). - scsi: smartpqi: Update enclosure identifier in sysfs (bsc#1186472). - scsi: smartpqi: Add additional logging for LUN resets (bsc#1186472). - scsi: smartpqi: Update SAS initiator_port_protocols and target_port_protocols (bsc#1186472). - scsi: smartpqi: Add phy ID support for the physical drives (bsc#1186472). - scsi: smartpqi: Convert snprintf() to scnprintf() (bsc#1186472). - scsi: smartpqi: Fix driver synchronization issues (bsc#1186472). - scsi: smartpqi: Update device scan operations (bsc#1186472). - scsi: smartpqi: Update OFA management (bsc#1186472). - scsi: smartpqi: Update RAID bypass handling (bsc#1186472). - scsi: smartpqi: Update suspend/resume and shutdown (bsc#1186472). - scsi: smartpqi: Synchronize device resets with mutex (bsc#1186472). - scsi: smartpqi: Update soft reset management for OFA (bsc#1186472). - scsi: smartpqi: Update event handler (bsc#1186472). - scsi: smartpqi: Add support for wwid (bsc#1186472). - scsi: smartpqi: Remove timeouts from internal cmds (bsc#1186472). - scsi: smartpqi: Disable WRITE SAME for HBA NVMe disks (bsc#1186472). - scsi: smartpqi: Add host level stream detection enable (bsc#1186472). - scsi: smartpqi: Add stream detection (bsc#1186472). - scsi: smartpqi: Align code with oob driver (bsc#1186472). - scsi: smartpqi: Add support for long firmware version (bsc#1186472). - scsi: smartpqi: Add support for BMIC sense feature cmd and feature bits (bsc#1186472). - scsi: smartpqi: Add support for RAID1 writes (bsc#1186472). - scsi: smartpqi: Add support for RAID5 and RAID6 writes (bsc#1186472). - scsi: smartpqi: Refactor scatterlist code (bsc#1186472). - scsi: smartpqi: Refactor aio submission code (bsc#1186472). - scsi: smartpqi: Add support for new product ids (bsc#1186472). - scsi: smartpqi: Correct request leakage during reset operations (bsc#1186472). - scsi: smartpqi: Use host-wide tag space (bsc#1186472). - commit b561ca9 - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - commit 735920b - media: dvb: Add check on sp8870_readreg return (git-fixes). - commit 2133cbd - blacklist.conf: cosmetic fix - commit ce72d5a - media: gspca: properly check for errors in po1030_probe() (git-fixes). - commit 1750a2e - Revert "media: gspca: Check the return value of write_bridge for timeout" (git-fixes). - commit b97e22b - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - commit 7f3a7f1 - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes). - commit d087481 - blacklist.conf: depends on PD 3.0 which we don't have and cannot be backported - commit a396f2f - Update kabi files. - update from June 2021 maitenance update submission (commit f0fe006fa3e1) - commit 3b5c05b - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - commit e5695e4 - partitions/ibm: fix non-DASD devices (bsc#1185857 LTC#192526). - commit 0f96f57 ++++ kernel-default-base: - Add nfsd for nfs server support (boo#1186363 bsc#1089118) ++++ libcap: - Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to. ++++ Mesa: - no longer autoselect Mesa-dri-nouveau at all; autoselect libvdpau_nouveau depending on PCI ID (boo#1186721) ++++ libxslt: - Move the Copyright file to %_defaultlicensedir Configure.ac replaces the COPYING file with a symlink. ++++ yast2: - Improve Yast2::Equatable mixin making the #hash method to be fine tuned easily (related to bsc#1186082). - 4.4.7 ++++ zypper: - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) - version 1.14.45 ------------------------------------------------------------------ ------------------ 2021-6-1 - Jun 1 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). ++++ gnutls: - Update to version 3.7.2 * Added Linux kernel AF_ALG based acceleration * Fixed timing of early data exchange * The priority string option DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose * certtool: * When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default * When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale ++++ kernel-default: - Fix patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch (bsc#1186681) The backport for bsc#1182999 bsc#1178378 introduced a bug. It's not possible to use bdget_disk() in nvme_failover_req() as this can run in IRQ context and bdget_disk() can sleep. Luckily, we don't need to set bdev via bio_set_dev() as we can set bi_disk directly. - commit cee62aa - Revert "media: dvb: Add check on sp8870_readreg" (git-fixes). - commit 3655f21 - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - commit f61bf4c - xen-pciback: redo VF placement in the virtual topology (git-fixes). - commit 323098d - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - commit 2c2aed2 - Fix patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch (bsc#1186681) The backport for bsc#1182999 bsc#1178378 introduced a bug. It's not possible to use bdget_disk() in nvme_failover_req() as this can run in IRQ context and bdget_disk() can sleep. Luckily, we don't need to set bdev via bio_set_dev() as we can set bi_disk directly. Refresh: - patches.suse/nvme-multipath-retry-commands-for-dying-queues.patch - commit f0fe006 - series.conf: cleanup - move unsortable patch out of sorted section patches.suse/nxp-nci-add-NXP1002-id.patch - commit d0ca1ba - Refresh patches.suse/scsi-ibmvfc-Reinit-target-retries.patch. Update patch metadata. - commit e269098 - nxp-i2c: restore includes for kABI (bsc#1185589). - commit 1786af1 - nxp-nci: add NXP1002 id (bsc#1185589). - commit 9d43526 - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - commit 57427b3 - s390/ipl: support NVMe IPL kernel parameters (bsc#1185980 LTC#192679). - commit 36a59d3 ++++ lua53: - Sync with Factory (5.3.6), includes fixes for - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. - bsc#1123043 CVE-2019-6706 Fix free-after-use bug in lua_upvaluejoin function of lapi.c - Remove upstreamed patches: - CVE-2019-6706-use-after-free-lua_upvaluejoin.patch ++++ sssd: - Fix sss_cache spurious error messages when invoked from shadow-utils; (bsc#1185017); Add 0039-sss_cache-Do-not-fail-for-missing-domains.patch ++++ libxml2: - Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch - Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++ libxslt: - Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit - Add upstream patches: * libxslt-Stop-using-maxParserDepth-XPath-limit.patch * libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch ++++ libzypp: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name ".*-kmp(-.*)?" but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. - version 17.26.0 (22) ++++ libxml2-python: - Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch - Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++ salt: - Check if dpkgnotify is executable (bsc#1186674) - Added: * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch ++++ runc: - Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert "number of IOs" statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94 * cgroups/systemd: fixed returning "unit already exists" error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make "runc --version" output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. ++++ yast2: - Added some names to the list of parameters handled by CFA for the login.defs configuration (related to jsc#PM-2620). - 4.4.6 ------------------------------------------------------------------ ------------------ 2021-5-31 - May 31 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.97.gb98506b2: * docs: update NEWS.md and AUTHORS * fix(fs-lib): install fsck utilities * fix(integrity): require ALLOW_METADATA_WRITES to come from EVM config file * fix(install): configure logging earlier * fix(warpclock): minor cleanups * fix(dash): minor cleanups * fix(mksh): minor cleanups * feat(install): add default value for --firmwaredirs * fix(dracut-functions): get_maj_min without get_maj_min_cache_file set * fix(dracut): pipe hardlink output to `dinfo` * fix(install): sane default --kerneldir * fix(bash): minor cleanups * fix(squash): don't mount the mount points if already mounted * ci: add shfmt to Fedora containers * fix(base): add missing `str_replace` to `dracut-dev-lib.sh` * feat(dracut.sh): detect running in a container * fix(base): split out `dracut-dev-lib.sh` * fix(dracut-util): print error message with trailing newline * fix(packit): downstream has renamed the master branch to main - Update to version 054+suse.96.gb5aa64d2: * fix(suse-initrd) fix list of modprobe.d directories * fix(suse-initrd): exclude modules that are built-in (bsc#1185646) * fix(systemd-coredump): shellcheck for modules.d/01systemd-coredump (bsc#1190845) ++++ grub2: - Fix running grub2-once leads to failure of starting systemd service in the boot sequence (bsc#1169460) * grub2-once * grub2-once.service ++++ ignition: - Update to version 2.10.1: * Breaking Changes: * Rename Custom struct to ClevisCustom * Embed Clevis and ClevisCustom structs in parents * Always include interior nodes in merge transcript * Add kernel argument support * Fix fetching userdata on AWS when IMDSv1 is disabled * Fix creating Tang-based LUKS volumes before network is up * Document storage.filesystems.wipeFilesystem default * Fix file mode of ignition-kargs-helper script - Fix Go dependency, 1.13+ is required ++++ kernel-default: - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - commit 1931741 - Update config files: build W1 modules for x86-64, too (bsc#1186672) The core w1 and a couple of modules are needed to be in kernel core package for Arm (for RPi) while they are put into leap package for other archs. - commit 5ae0be0 - xen-pciback: reconfigure also from backend watch handler (git-fixes). - commit 5795686 - xen-blkback: fix compatibility bug with single page rings (git-fixes). - commit c1a440a - x86/sev-es: Invalidate the GHCB after completing VMGEXIT (bsc#1178134). - commit 2ed6303 - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - commit 085f359 - tty: serial: ucc_uart: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - commit 845115a - soc: fsl: qe: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - commit d4c6a74 - series.conf: cleanup update upstream references and resort: patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch - commit a8331c9 - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - Refresh patches.suse/nvme-fabrics-reject-I-O-to-offline-device.patch. - commit 4805fdc - arm64: vdso32: make vdso32 install conditional (git-fixes). - commit de92552 - blacklist.conf: arm64: add fix for unsupported SOC - commit 7c4e5f6 - x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch (bsc#1178134). - commit 61a3120 - nvme: document nvme controller states (git-fixes). - commit 495f482 - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix "slimmer CQ head update" (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - commit dd74a78 - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: i801: Don't generate an interrupt on bus reset (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - Revert "gdrom: fix a memory leak bug" (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - commit 62c76a6 - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - block: Fix three kernel-doc warnings (git-fixes). - commit e222970 - Rename duplicate patches to their SLE15-SP2 equivalents. This is to prepare for the next SLE15-SP2 -> SLE15-SP3 merge. - commit e32f455 - SUNRPC: More fixes for backlog congestion (bsc#1185428). - commit c0de1ec - series.conf: cleanup - update upstream references and resort: patches.suse/nvme-fabrics-decode-host-pathing-error-for-connect.patch patches.suse/nvme-fc-short-circuit-reconnect-retries.patch - whitespace cleanup - commit 03158d3 ++++ libX11: - redone U_CVE-2021-31535.patch due to regressions (boo#1186643) * fixes segfaults for xforms applications like fdesign ++++ alsa: - Update to version 1.2.5 * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib - Drop upstream fixed patches * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch * 0004-topology-use-inclusive-language-for-bclk.patch * 0005-topology-use-inclusive-language-for-fsync.patch * 0006-topology-use-inclusive-language-in-documentation.patch * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch * 0019-pcm-fix-__snd_pcm_state-return-value.patch * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch * 0026-Revert-pcm_plugin-fix-delay.patch * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch * 0023-pcm-plugin-status-revert-the-recent-changes.patch * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch * 0033-pcm-rate-fix-the-capture-delay-values.patch * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch * 0018-conf-fix-get_hexachar-return-value.patch * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch * 0031-pcm-plugin-fix-status-code-for-capture.patch * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch * 0022-pcm-plugin-status-fix-the-return-value-regression.patch ++++ ovmf: - Update to edk2-stable202105 * MdeModulePkg/UfsPassThruDxe: Improve Device initialization polling Loop * MdePkg: MmUnblockMemoryLib: Added definition and null instance * OvmfPkg: resolve MmUnblockMemoryLib (mainly for VariableSmmRuntimeDxe) * MdeModulePkg: VariableSmmRuntimeDxe: Added request unblock memory interface * SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst * SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules * SecurityPkg: Tcg2Smm: Added support for Standalone Mm * SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region * UefiCpuPkg/MpInitLib: Use NASM struc to avoid hardcode offset * UefiCpuPkg/MpInitLib: Remove unused Lock from MP_CPU_EXCHANGE_INFO * UefiCpuPkg/SmmCpuFeaturesLib: Move multi-instance function decl to header * UefiCpuPkg/SmmCpuFeaturesLib: Rename SmmCpuFeaturesLib.c * UefiCpuPkg/SmmCpuFeaturesLib: Cleanup library constructors * UefiCpuPkg/SmmCpuFeaturesLib: Abstract PcdCpuMaxLogicalProcessorNumber * UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support * UefiCpuPkg/PiSmmCpu: Don't allocate Token for SmmStartupThisAp * RedfishPkg/Library: RedfishLib * OvmfPkg/CpuHotplugSmm: refactor hotplug logic * OvmfPkg/CpuHotplugSmm: collect hot-unplug events * OvmfPkg/CpuHotplugSmm: add Qemu Cpu Status helper * OvmfPkg/CpuHotplugSmm: introduce UnplugCpus() * OvmfPkg: define CPU_HOT_EJECT_DATA * OvmfPkg/SmmCpuFeaturesLib: init CPU ejection state * OvmfPkg/SmmCpuFeaturesLib: call CPU hot-eject handler * OvmfPkg/CpuHotplugSmm: add EjectCpu() * OvmfPkg/CpuHotplugSmm: do actual CPU hot-eject * OvmfPkg/SmmControl2Dxe: negotiate CPU hot-unplug * EmbeddedPkg/PrePiHobLib: replace duplicate GUID * MdePkg/UefiLib: Correct the arguments passed to IsLanguageSupported() * UefiCpuPkg/CpuCacheInfoLib: Collect cache associative type * UefiCpuPkg/MpInitLib: avoid printing debug messages in AP * UefiCpuPkg/CpuDxe: Rename variables to follow EDKII coding standard * UefiCpuPkg/CpuDxe: Guarantee GDT is below 4GB * BaseTools/Ecc: Make Ecc only check first include guard * ShellPkg/SmbiosView: add more items for smbiosview -t 3 * MdePkg: Support standalone MM Driver Unload capability * OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for CommandLine * ShellPkg/Pci: Add valid check for PCI extended config space parser * CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j * OvmfPkg: strip build paths in release builds * MdeModulePkg: Initialize local variable value before they are used * UefiCpuPkg/SmmCommunication: Remove out-dated comments * MdePkg: use CpuPause() in CpuDeadLoop() * MdePkg/Include: EFI Redfish Discover protocol * ShellPkg/UefiHandleParsingLib: Support EFI Redfish protocols * MdePkg/Include/Protocol: EFI_HII POPUP_PROTOCOL duplicate declaration * MdePkg/Include/Protocol: EFI_RESET_NOTIFICATION_PROTOCOL duplicate * CryptoPkg/Private/Protocol/Crypto.h: Remove duplicate function type * MdePkg/BaseLib: Add support for the XSETBV instruction * MdeModulePkg/PiDxeS3BootScriptLib: Rename mAcpiS3Enable to avoid dup symbol * MdePkg/IoLib: Filter/trace port IO/MMIO access * MdePkg/Baseib: Filter/trace MSR access for IA32/X64 * UefiCpuPkg: Remove PEI/DXE instances of CpuTimerLib. * UefiCpuPkg: Add MicrocodeLib for loading microcode * OvmfPkg: Add MicrocodeLib in DSC files. * UefiPayloadPkg/UefiPayloadPkg.dsc: Consume MicrocodeLib * UefiCpuPkg/MpInitLib: Consume MicrocodeLib to remove duplicated code * UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow * ShellPkg: Fix smbiosview system enclosure type table * UefiCpuPkg/CpuTimerLib: Update LIBRARY_CLASS of Base instance. * RedfishPkg/RedfishDiscoverDxe: EFI Redfish Discover Protocol * RedfishPkg/RedfishConfigHandler: EDKII RedfishConfigHandler Protocol * UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing * BaseTools/Conf: Fix MAKE_FLAGS typos in tools_def.template * MdeModulePkg: Initialize temp variable in VarCheckPolicyLib * SecurityPkg/Tcg2Smm: Initialize local Status variable * DynamicTablesPkg: add validation for PcdNonBsaCompliant16550SerialHid * OvmfPkg/XenResetVector: Silent a warning from nasm * MdePkg: Allow PcdFSBClock to by Dynamic * OvmfPkg/IndustryStandard/Xen: Apply EDK2 coding style to XEN_VCPU_TIME_INFO * OvmfPkg/IndustryStandard: Introduce PageTable.h * OvmfPkg/XenPlatformPei: Map extra physical address * OvmfPkg/XenPlatformPei: Calibrate APIC timer frequency * OvmfPkg/OvmfXen: Set PcdFSBClock * DynamicTablesPkg: Re-order GicItsIdentifierArray struct * DynamicTablesPkg: Remove EArmObjExtendedInterruptInfo * MdePkg: Fix AsmReadMsr64() and AsmWriteMsr64() with GCC toolchain * BaseTools/PlatformAutoGen: MAKE_FLAGS and MAKE_PATH fixes * RedfishPkg/RestJsonStructureDxe: Fix typo in function header * MdePkg/Include: Allow CPU specific defines to be predefined * CryptoPkg/Library/Include: Allow CPU specific defines to be predefined * ArmPlatformPkg: Fix Ecc error 8001 * ArmPlatformPkg: Fix Ecc error 9001 * ArmPlatformPkg: Remove package dependency in NorFlashStandaloneMm * ArmPkg: Fix Ecc error 8001 in Chipset * ArmPkg: Fix Ecc error 8001 in SemihostLib * ArmPkg: Fix Ecc error 8001 in ArmArchTimerLib * ArmPkg: Fix Ecc error 9005 in CpuDxe * ArmPkg: Fix Ecc error 10006 in ArmPkg.dsc * ArmPkg: Fix Ecc error 10016 in StandaloneMmMmuLib * ArmPkg: Fix Ecc error 10014 in ArmScmiDxe * ArmPkg: Fix Ecc error 10014 in GenericWatchdogDxe * ArmPkg: Fix Ecc error 10014 in MmCommunicationDxe * ArmPkg: Fix Ecc error 10014 in SemihostLib * ArmPkg: Remove ArmGic/ArmGicSecLib.c * ArmPkg: Fix Ecc error 5003 in ArmExceptionLib * ArmPkg: Fix Ecc error 6001 in MmCommunicationDxe * ArmPkg: Fix Ecc error 6001 in ArmSoftFloatLib * ArmPkg: Rename include guard in ArmGicLib.h * ArmPkg: Fix Ecc error 7008 for SCMI_CLOCK_RATE * ArmPkg: Fix Ecc error 7008 for OPTEE_MESSAGE_PARAM * ArmPkg: Fix Ecc error 8005/8007 in ArmDisassemblerLib * ArmPkg: Fix Ecc error 8005 for SCMI_PROTOCOL_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_TYPE * ArmPkg: Fix Ecc error 8005 for SCMI_STATUS * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_BASE * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_CLOCK * ArmPkg: Fix Ecc error 8005 for SCMI_CLOCK_RATE_FORMAT * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_PERFORMANCE * RedfishPkg: Add EDK2 Redfish Foundation diagrams * SecurityPkg/FvReportPei: remove redundant sizeof * ShellPkg: Rename Address Size to Access size * DynamicTablesPkg: Add access size to CM_ARM_SERIAL_PORT_INFO * DynamicTablesPkg: Set the Access size for the SPCR table * DynamicTablesPkg: Set the Access size for the DBG2 table * UefiCpuPkg: PiSmmCpuDxeSmm: Not to Change Bitwidth During Static Paging * MdePkg/Cpuid.h: Define new element in CPUID Leaf(07h) data structure. * SecurityPkg: Add constraints on PK strength * ArmPkg: Allow platforms to supply more data for SMBIOS Type3 record * ArmPkg: Allow platforms to report their boot status via OemMiscLib call * ArmPkg: Fix calculation of offset of chassis SKU Number in SmbiosMiscDxe * ArmPkg: Fix typo of Manufacturer in comment in SmbiosMiscDxe * ArmPkg: Fix Ecc error 8003 * ArmPkg: Fix Ecc error 3002 in StandaloneMmMmuLib * ArmPkg: Add missing library headers to ArmPkg.dec * ArmPlatformPkg: Document libraries in ArmPlatformPkg.dec * ArmPkg: Add OemMiscLibNull library to ArmPkg.dsc * ArmPkg: Correct small typos * ArmPlatformPkg: Add ArmPlatformPkg.ci.yaml * OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes * OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes * OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability * OvmfPkg/TpmMmioSevDecryptPei: Mark TPM MMIO range as unencrypted for SEV-ES * OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64 * ArmPkg: Update SCMI Base Protocol version to 0x20000 * MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions * SecurityPkg: Add support for RngDxe on AARCH64 * UefiCpuPkg/MpInitLib: Properly cast from PCD to SEV-ES jump table pointer * BaseTools: Add support for version 3 of FMP Image Header structure * CryptoPkg: BaseCryptLib: Add RSA PSS verify support * ShellPkg/UefiShellCommandLib: suppress incorrect gcc warning * OvmfPkg/VirtioFsDxe: suppress incorrect gcc warnings * UefiCpuPkg/CpuExceptionHandler: Add missing comma to exception name array * UefiCpuPkg/PiSmmCpu: Remove hardcode 48 address size limitation * MdeModulePkg: Retrieve boot manager menu from any fv * ShellPkg/HttpDynamicCommand: Fix possible uninitialized use * MdeModulePkg/PciBusDxe: Fix possible uninitialized use * CryptoPkg/BaseCryptLib: Fix possible uninitialized use * MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition check * MdeModulePkg/VariableLock: downgrade compatibility warnings to DEBUG_WARN * ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3 - Update openssl to 1.1.1j - Drop upstreamed patch: ovmf-bsc1184801-fix-sev-with-tpm.patch - Add the new Xen flavor for x86_64 + Update 50-xen-hvm-x86_64.json to use ovmf-x86_64-xen-4m.bin as the default firmware for Xen ------------------------------------------------------------------ ------------------ 2021-5-30 - May 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - series.conf: cleanup - fix Patch-mainline and move unsortable patches out of sorted section patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch - commit 9d82526 - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 (git-fixes). - ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 (git-fixes). - ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i (git-fixes). - commit 7ba5be9 - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - commit 72126c6 - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - commit ad502bc ------------------------------------------------------------------ ------------------ 2021-5-29 - May 29 2021 ------------------- ------------------------------------------------------------------ ++++ kmod: - /usr/lib should override /lib where both are available. Support /usr/lib for depmod.d as well. * Refresh usr-lib-modprobe.patch - Remove test patches included in release 29 - kmod-populate-modules-Use-more-bash-more-quotes.patch - kmod-testsuite-compress-modules-if-feature-is-enabled.patch - kmod-also-test-xz-compression.patch ------------------------------------------------------------------ ------------------ 2021-5-28 - May 28 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix crash in launching gfxmenu without theme file (bsc#1186481) * grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch ++++ libguestfs: - For unknown reasons the appliance build fails randomly Workaround it by retrying the build once ++++ kdump: - Fix use of DNS in the panic environment (bsc#1183070): * kdump-avoid-endless-loop-on-EAI_AGAIN.patch: Avoid an endless loop when resolving a hostname fails with EAI_AGAIN. * kdump-install-real-resolv.conf.patch: Install /etc/resolv.conf using its resolved path. - kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit code checking after "local" with assignment (bsc#1184616, LTC#192282) - kdump-do-not-iterate-past-end-of-string.patch: Fix a crash caused by iterating past end of string (bsc#1186037). ++++ kernel-default: - futex: Make syscall entry points less convoluted (git-fixes). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Change utime parameter to be 'const ... *' (git-fixes). - commit c6c39e0 - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - Revert "arm64: vdso: Fix compilation with clang older than 8" (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - commit 4accc73 - Hibernation: Fix Hibernate not blocked in Secure Boot with no EFI secret key Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. (bsc#1186512) - commit d15957a - blacklist.conf: arm64: dts: add fixes - commit 918cf09 - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - commit 54ae065 - blacklist.conf: spi: add a cosmetic fix - commit 67d8fed - Revert "soc: fsl: qe: introduce qe_io{read,write}* wrappers" (git-fixes). - commit 25de66e - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - commit 3e0da56 - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - commit 9338bce - net: enetc: fix link error again (git-fixes). - commit 0d4ccc0 - blacklist.conf: add misc dt-bindings fixes References: git-fixes - commit fc2fb63 - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - commit 2bba556 - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - commit 679d56e - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - commit 862f15d - bpf: No need to simulate speculative domain for immediates (bsc#1186484,CVE-2021-33200). - bpf: Fix mask direction swap upon off reg sign change (bsc#1186484,CVE-2021-33200). - bpf: Wrap aux data inside bpf_sanitize_info container (bsc#1186484,CVE-2021-33200). - commit fc0b52a ++++ python-pytz: - %check: use %pyunittest rpm macro ++++ tpm2.0-tools: - add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565 (bsc#1186490). - drop fix_pie_linking.patch: now contained in upstream tarball - drop fix_warnings.patch: now contained in upstream tarball - update to upstream version 5.1: - Minimum tpm2-tss version dependency bumped to 3.1.0 - Minimum tpm2-abrmd version dependency bumped to 2.4.0 - tss2: - Support in tools for PolicyRef inclusion in policy search per latest TSS. - Support to use TPM objects protected by a policy with PolicySigned. - Enable backward compatibility to old Fapi callback API. - Fix PCR selection for tss2 quote. - Support policy signed policies by implementing Fapi_SetSignCB. - Command/ response parameter support for auditing and pHash policies: - lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash - Add support to calculate rphash for tpm2_create, tpm2_activatecredential, tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal - Add support to calculate cphash for tpm2_changeeps, tpm2_changepps. - Session-support: - tpm2_sessionconfig: Add tool to display and configure session attributes. - tpm2_getrandom: Fix— session input was hardcoded for audit-only - tpm2_startauthsession: Add option to specify the bind object and its authorization value. - tpm2_startauthsession: support for bounded-only session. - tpm2_startauthsession: support for salted-only session. - tpm2_startauthsession: add option to specify an hmac session type. - Add support for specifying non-authorization sessions for audit and parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend, tpm2_nvdefine, tpm2_unseal, tpm2_activatecredential, tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps. - tpm2_eventlog: - Support for event type: EV_IPL extensively used by the Shim and Grub. - Support for event type: EV_EFI_GPT_EVENT to parse. UEFI_PARTITION_TABLE_HEADER and UEFI_PARTITION_ENTRY. - Support for event type: EFI_SIGNATURE_LIST, which contains one or more EFI_SIGNATURE_DATA. - Support for event type EV_EFI_VARIABLE_AUTHORITY. - Parse UEFI_PLATFORM_FIRMWARE_BLOB structure that the CRTM MUST put into the Event Log entry TCG_PCR_EVENT2.event field for event types EV_POST_CODE, EV_S_CRTM_CONTENTS, and EV_EFI_PLATFORM_FIRMWARE_BLOB. - Parse secureboot variable to indicate enable as 'Yes'. - Parse BootOrder variable to a more readable format. - Parse Boot variables per EFI_LOAD_OPTION described in more details in UEFI Spec Section 3.1.3 - Parse Device-path in a readable format using the efivar library. - Support for logs longer than 64 kilobytes. - Perform verification for event types where digest can be verified from their event payload. - Better support for multiline strings. - Fix handling of event log EV_POST_CODE data where field is empty and len is specified. - scripts/utils: Add a utility to read the cert chain of embedded CA. - tpm2_getekcertificate: Fix tool failing to return error/non-zero for HTTP 404. - tpm2_nvdefine: allow setting hash algorithm by command line parameter for NV indices set in extend mode. - tpm2_duplicate, tpm2_import: support duplicating non-TPM keys to a remote TPM without first requiring them to be loaded to a local TPM. - tpm2_dictionarylockout: Fix issue where setting value for one parameter caused to reset the others. - tpm2_getpolicydigest: Add new tool to enable TPM2_CC_PolicyGetDigest. - Fix segfault where optind > argc. - tools/tpm2_checkquote: fix missing initializer - tpm2_convert: fix EVP_EncodeUpdate usage for OSSL < 1.1.0 - openssl: fix EVP_ENCODE_CTX_(new|free) - test: Add support for swTPM simulator to the testing framework and make it the default if mssim isn't available. - tpm2_unseal: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_nvextend: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_nvdefine: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_changepps: - Added option **\--cphash**=_FILE_ to specify ile path to record the hash of the command parameters. This is commonly termed as cpHash. - Added option **\--rphash**=_FILE_ to specify ile path to record the hash - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_changeeps: - Added option **\--cphash**=_FILE_ to specify ile path to record the hash of the command parameters. This is commonly termed as cpHash. - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_changeauth: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_certifycreation: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_certify: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_activatecredential: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_create: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_unseal: - Added option **-S**, **--session** to specify auxiliary sessions for audit and encryption. - tpm2_nvdefine: - Added option **-S**, **--session** to specify auxiliary sessions for audit and encryption. - tpm2_nvextend: - Added option **-S**, **--session** to specify auxilary sessions for audit and encryption. ------------------------------------------------------------------ ------------------ 2021-5-27 - May 27 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 245 https://cockpit-project.org/blog/cockpit-245.html ++++ librsvg: - Update to version 2.50.6: + Librsvg now requires at least Pango 1.44. + glgo#GNOME/librsvg#730: Incorrect text spacing when the transform is not 1:1. You can see this when a small font-size is scaled up due to a transform. It is less visible for a large font-size scaled down. + glgo#GNOME/librsvg#704: Fix circle/ellipse in paths when they are made out of a single Arc command. ++++ issue-generator: - Update to version 1.13 - SELinux: Do not call agetty --reload [bsc#1186178] ++++ kernel-default: - Update patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch (bsc#1177666 git-fixes bsc#1186460 ltc#192531). - Update patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch (bsc#1087082 git-fixes bsc#1186460 ltc#192531). - commit ce0ebfb - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - ceph: don't clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - commit 7d20748 - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (git-fixes). - commit 661689a - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - commit 0e1067b - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - ceph: don't clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - commit 7c54637 - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - commit 97321b0 - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - commit 192cba3 - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - commit 19dc8b6 - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - commit 322fe2d - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - commit 6f0e9b4 - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - commit 18a82b0 - drm/amdgpu: update sdma golden setting for Navi12 (git-fixes). - drm/amdgpu: update gc golden setting for Navi12 (git-fixes). - drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (git-fixes). - drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (git-fixes). - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - commit b2fab88 - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: intel8x0: Don't update period unless prepared (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - commit 57f36e1 ++++ kmod: - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. - Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch, 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch, 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch (all merged) ++++ mozilla-nss: - update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. ++++ pcre2: - pcre2 10.37: * removal of the actual POSIX names regcomp etc. from the POSIX wrapper library because these have caused issues for some applications, replacing pcre2-symbol-clash.patch * fix a hypothetical NULL dereference * fix two bugs related to over-large numbers so the behaviour is now the same as Perl * Fix propagation of \K back from the full pattern recursion * Restore single character repetition optimization in JIT ++++ polkit: - CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497) CVE-2021-3560.patch ++++ spice: - bsc#1181686 - VUL-0: CVE-2021-20201: spice,spice-gtk: client initiated renegotiation denial of service 0001-With-OpenSSL-1.1-Disable-client-initiated-renegotiation.patch 0002-With-OpenSSL-1.0.2-and-earlier-disable-client-side-renegotiation.patch ++++ logrotate: - update to 3.18.1: * fix memory leaks on error-handling paths * make `renamecopy` and `copytruncate` override each other * improve error handling in the parser of configuration files * improve user experience for non-privileged users of logrotate ++++ mozilla-nspr: - update to version 4.31: * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 ++++ supportutils: - Fixes to supportconfig + Exclude rhn.conf from etc.txt (bsc#1186347) ++++ systemd-presets-common-SUSE: - When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package, thus fixing boo#1186561 ------------------------------------------------------------------ ------------------ 2021-5-26 - May 26 2021 ------------------- ------------------------------------------------------------------ ++++ augeas: - Allow all printable ASCII characters in WPA-PSK definition * augeas-allow_printable_ASCII.patch * bsc#1185524 * Sourced from https://github.com/hercules-team/augeas/pull/723/commits * Credit to Michal Filka ++++ curl: - Update to 7.77.0: [bsc#1186114, CVE-2021-22898] [bsc#1186115, bsc#1185579, CVE-2021-22901] * Security fixes: - CVE-2021-22297: schannel cipher selection surprise - CVE-2021-22298: TELNET stack contents disclosure - CVE-2021-22901: TLS session caching disaster * Changes: - configure: make the TLS library choice(s) explicit - curl: ignore options asking for SSLv2 or SSLv3 - hsts: enable by default - SSL: support in-memory CA certs for some backends - vtls: refuse setting any SSL version * Bugfixes: - configure: provide --with-openssl, deprecate --with-ssl - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies - curl: include libmetalink version in --version output - data_pending: check only SECONDARY socket for FTP(S) transfers - gnutls: don't allow TLS 1.3 for versions that don't support it - gnutls: make setting only the MAX TLS allowed version work - http2: fix resource leaks in set_transfer_url() and push_promise() - http: limit the initial send amount to used upload buffer size - rustls: only return CURLE_AGAIN when TLS session is fully drained - rustls: use ALPN - schannel: Disable auto credentials; add an option to enable it - schannel: Support strong crypto option - sectransp: allow cipher name to be specified - sockfilt: avoid getting stuck waiting for writable socket ++++ dosfstools: - Add fix-calculation.patch (gh#dosfstools/dosfstools#153, bsc#1172863) to work with different size of clusters. ++++ kernel-default: - net/mlx5: Fix health error state handling (bsc#1186467). - commit d6aa2d3 - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - commit 725c479 - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (bsc#1185954). - commit e2e5f3a ++++ kernel-firmware: - Update to version 20210518 (git commit f8462923ed8f): * nvidia: fix symlinks for tu104/tu106 acr unload firmware * rtw88: 8822c: Update normal firmware to v9.9.10 * iwlwifi: update 8000 family firmwares * iwlwifi: update 9000-family firmwares to core60-51 * iwlwifi: add new FWs from core60-51 release * nvidia: Update Tegra194 XUSB firmware to v60.09 * nvidia: Update Tegra186 XUSB firmware to v55.18 * nvidia: Update Tegra210 XUSB firmware to v50.26 * linux-firmware: update firmware for mhdp8546 - Update module aliases ++++ libvirt-dbus: - Add libvirtdbus user to libvirt group boo#1182538 ++++ lshw: - Update to version B.02.19+git.20210429: * Fix getting size of memory banks <32GiB * devtree: Add UUID property * code clean-up * improve portability (esp. musl) * fix potential crash * add static target to Makefile * Avoid crash on device-tree parsing * Add JEDEC manufacturer * Report correct memory size on SMBIOS < 2.7 * fix man page after previous update - Drop no longer needed patches: * lshw-fix-segfault-in-apfs-volume-code.patch * lshw-fix-mmc.patch * lshw-fix-ppc.patch * lshw-devtree-Add-UUID-property.patch ------------------------------------------------------------------ ------------------ 2021-5-25 - May 25 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). ++++ lvm2-device-mapper: - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ++++ gnutls: - Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579) - Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218) ++++ kernel-default: - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - commit fb966c0 - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - commit 305123c - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - commit 9be975d - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - commit f318368 - drm/amdgpu/display/dm: add missing parameter documentation (git-fixes). - drm/amdgpu/display: remove redundant continue statement (git-fixes). - Revert "drm/qxl: do not run release if qxl failed to init" (git-fixes). - commit d1874da - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - security: keys: trusted: fix TPM2 authorizations (git-fixes). - tpm: acpi: Check eventlog signature before using it (git-fixes). - tty: serial: lpuart: fix lpuart32_write usage (git-fixes). - commit 4ed41e4 - mt76: mt7615: fix entering driver-own state on mt7663 (git-fixes). - mt76: mt7915: fix txpower init for TSSI off chips (git-fixes). - mt76: mt76x0: disable GTK offloading (git-fixes). - mt76: mt7615: support loading EEPROM for MT7613BE (git-fixes). - platform/x86: intel_pmt_crashlog: Fix incorrect macros (git-fixes). - pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage (git-fixes). - commit 6b07d97 - KEYS: trusted: Fix memory leak on object td (git-fixes). - iwlwifi: pcie: make cfg vs. trans_cfg more robust (git-fixes). - media: saa7146: use sg_dma_len when building pgtable (git-fixes). - media: saa7134: use sg_dma_len when building pgtable (git-fixes). - intel_th: pci: Add Alder Lake-M support (git-fixes). - intel_th: pci: Add Rocket Lake CPU support (git-fixes). - KEYS: trusted: Fix TPM reservation for seal/unseal (git-fixes). - gpu/xen: Fix a use after free in xen_drm_drv_init (git-fixes). - commit 2d606fa - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (git-fixes). - drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2 (git-fixes). - drm/i915/display: fix compiler warning about array overrun (git-fixes). - drm/amdgpu: Add mem sync flag for IB allocated by SA (git-fixes). - drm/amd/display: add handling for hdcp2 rx id list validation (git-fixes). - drm/amd/display: Try YCbCr420 color when YCbCr444 fails (git-fixes). - drm/amd/display: Fix UBSAN: shift-out-of-bounds warning (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - commit 1d7d2f2 - drm/amd/display: Fix debugfs link_settings entry (git-fixes). - drm/amd/display: DCHUB underflow counter increasing in some scenarios (git-fixes). - drm/amd/pm: fix workload mismatch on vega10 (git-fixes). - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (git-fixes). - drm/amdgpu: Fix some unload driver issues (git-fixes). - drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt work (git-fixes). - drm/amd/display: Don't optimize bandwidth before disabling planes (git-fixes). - drm/amd/display: Check for DSC support instead of ASIC revision (git-fixes). - drm/amd/display: changing sr exit latency (git-fixes). - drm/dp_mst: Set CLEAR_PAYLOAD_ID_TABLE as broadcast (git-fixes). - commit f3698a5 - dmaengine: idxd: fix cdev setup and free device lifetime issues (git-fixes). - dmaengine: idxd: removal of pcim managed mmio mapping (git-fixes). - dmaengine: idxd: cleanup pci interrupt vector allocation management (git-fixes). - dmaengine: idxd: fix dma device lifetime (git-fixes). - drm/dp_mst: Revise broadcast msg lct & lcr (git-fixes). - drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor atomic_check (git-fixes). - drm/qxl: do not run release if qxl failed to init (git-fixes). - drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing 'field overwritten' issue (git-fixes). - drm/komeda: Fix bit check to import to value of proper type (git-fixes). - commit 7955989 - ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounce access in MIDI EP parser (git-fixes). - ACPI: PM: Add ACPI ID of Alder Lake Fan (git-fixes). - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (git-fixes). - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 (git-fixes). - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume (git-fixes). - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip (git-fixes). - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event (git-fixes). - commit ea056ec - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - commit 50bad37 - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - commit bc4a20a - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (bsc#1186009) - commit 8a9d64a - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (bsc#1186009) - commit 1607e2d - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - commit b91dd8c - PCI/RCEC: Fix RCiEP device to RCEC association (jsc#SLE-13736 jsc#SLE-14845 git-fixes). - commit 6922678 - Refresh patches.suse/PCI-AER-Add-RCEC-AER-error-injection-support.patch. Update to upstream version. - commit deb7805 - Refresh patches.suse/PCI-AER-Add-pcie_walk_rcec-to-RCEC-AER-handling.patch. Update to upstream version. - commit c098a79 - Delete patches.suse/PCI-AER-Apply-Function-Level-Reset-to-RCiEP-on-fatal.patch. - Delete patches.suse/PCI-ERR-Limit-AER-resets-in-pcie_do_recovery.patch. - Delete patches.suse/PCI-RCEC-Add-RCiEP-s-linked-RCEC-to-AER-ERR.patch. Replaced in upstream by a175102b0a82 (PCI/ERR: Recover from RCEC AER errors). - commit 716aea9 - Update to upstream version. - commit 21cf7c7 - Refresh patches.suse/PCI-AER-Apply-Function-Level-Reset-to-RCiEP-on-fatal.patch. - Refresh patches.suse/PCI-ERR-Avoid-negated-conditional-for-clarity.patch. - Refresh patches.suse/PCI-RCEC-Add-RCiEP-s-linked-RCEC-to-AER-ERR.patch. - Refresh patches.suse/pci-err-add-pci_walk_bridge-to-pcie_do_recovery. - Refresh patches.suse/pci-err-recover-from-rcec-aer-errors. - Refresh patches.suse/pci-err-recover-from-rciep-aer-errors. Update to upstream version. - commit 41d7b52 - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - commit 4488c4d - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - commit 309a9af - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: rme9652: don't disable if not enabled (git-fixes). - ALSA: hdspm: don't disable if not enabled (git-fixes). - ALSA: hdsp: don't disable if not enabled (git-fixes). - commit 0897647 - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - commit 6a99610 - Refresh patches.suse/PCI-ERR-Rename-reset_link-to-reset_subordinates.patch. - Refresh patches.suse/pci-err-add-pci_walk_bridge-to-pcie_do_recovery. - Refresh patches.suse/pci-err-retain-status-from-error-notification. - Refresh patches.suse/pci-err-simplify-by-computing-pci_pcie_type-once. - Refresh patches.suse/pci-err-use-bridge-for-clarity-in-pcie_do_recovery. Update to upstream version. - commit b63143d - Update to upstream version. - commit c7b5cb5 - PCI/ERR: Bind RCEC devices to the Root Port driver (jsc#SLE-13736 jsc#SLE-14845). - Refresh patches.suse/pci-err-simplify-by-computing-pci_pcie_type-once. - Delete patches.suse/PCI-RCEC-Add-RCEC-class-code-and-extended-capability.patch. - Delete patches.suse/PCI-RCEC-Bind-RCEC-devices-to-the-Root-Port-driver.patch. Update to upstream version. The two were merged into the one. - commit 746ca90 - scsi: pm80xx: Fix potential infinite loop (bsc#1186354). - commit f24fca0 ++++ libapparmor: - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). ++++ gcc11: - Fix value of %slibdir64 for usrmerge ++++ lvm2: - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ++++ libnftnl: - Update to release 1.2.0 * table: add table owner support * expr: socket: add cgroups v2 support ++++ systemd: - Allow the sysusers config files shipped by systemd rpms to be overriden during system installation (bsc#1171962) - While at it, add a comment to explain why we don't use %sysusers_create in %pre and why it should be safe in %post. ++++ systemd-rpm-macros: - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) Upstream commit dd2490ae12ad1e1795ecbf8f8944b950da9c8d06. ++++ xfsprogs: - update to v5.12.0: - mkfs: don't default to too-large physical sector size - repair: phase 6 speedups - man: Add dax mount option to man xfs(5) - xfs_admin: pick up log arguments correctly - xfs_growfs: support shrinking unused space - libfrog: report inobtcount in geometry - xfs_logprint: Fix buffer overflow printing quotaoff - xfsprogs: include for platform_crash - xfsprogs: remove BMV_IF_NO_DMAPI_READ flag - workqueue: bound maximum queue depth - libxfs changes merged from kernel 5.12 ++++ yast2: - Add Yast2::Equatable mixin to avoid troubles with classes that overloads the comparison methods (related to bsc#1186082). - 4.4.5 ------------------------------------------------------------------ ------------------ 2021-5-24 - May 24 2021 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Update to version 0.185: debuginfod-client: Simplify curl handle reuse so downloads which return an error are retried. elfcompress: Always exit with code 0 when the operation succeeds (even when nothing was done). On error the exit code is now always 1. ++++ kernel-default: - scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check() (bsc#1186355). - scsi: pm80xx: Fix chip initialization failure (bsc#1186354). - scsi: target: tcmu: Fix use-after-free of se_cmd->priv (bsc#1186356). - scsi: pm80xx: Do not sleep in atomic context (bsc#1186353). - scsi: aacraid: Improve compat_ioctl handlers (bsc#1186352). - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized (bsc#1186357). - commit d9c7184 - Update metadata and move to sorted section patches.suse/sched-fair-Clear-SMT-siblings-after-determining-the-core-is-not-idle.patch. patches.suse/sched-fair-Fix-wrong-cpu-selecting-from-isolated-dom.patch. patches.suse/sched-fair-Minimize-concurrent-LBs-between-domain-level.patch. patches.suse/sched-fair-Reduce-busy-load-balance-interval.patch. patches.suse/sched-fair-Reduce-minimal-imbalance-threshold.patch. patches.suse/sched-fair-Relax-constraint-on-task-s-load-during-load-balance.patch. patches.suse/sched-fair-Remove-the-force-parameter-of-update_tg_load_avg.patch. patches.suse/sched-fair-Simplify-the-work-when-reweighting-entity.patch. patches.suse/sched-rt-Disable-RT_RUNTIME_SHARE-by-default.patch. - commit 9b005f0 - sched/fair: Fix shift-out-of-bounds in load_balance() (git fixes (sched)). - commit c01b809 - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - commit f5a02db ++++ expat: - Update to 2.4.1: * Bug fixes: - Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 * Other changes: - Version info bumped from 9:0:8 to 9:1:8; see https://verbump.de/ for what these numbers do - Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] * Security fixes: - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor ( := ( + ) / ). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (= + ) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. * Bug fixes: - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault for UTF-16 payloads containing CDATA sections. - Autotools: Fix generated CMake files for non-64bit and non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 * Other changes: - xmlwf: Improve help output and the xmlwf man page - xmlwf: Improve maintainability through some refactoring - xmlwf: Fix man page DocBook validity - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR - CMake: Add support for standard variable BUILD_SHARED_LIBS - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters - Resolve macro HAVE_EXPAT_CONFIG_H - Delete unused legacy helper file "conftools/PrintPath" - doc/reference.html: Fix XHTML validity - doc/reference.html: Replace the 90s look by OK.css - Version info bumped from 8:0:7 to 9:0:8 due to addition of new symbols and error codes; see https://verbump.de/ for what these numbers do ++++ qemu: - Fix CVE-2021-3527 in usb/redir: usb-redir-avoid-dynamic-stack-allocation.patch - Fix issues found upstream: hw-block-nvme-consider-metadata-read-aio.patch sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch vfio-ccw-Permit-missing-IRQs.patch vhost-user-blk-Check-that-num-queues-is-.patch vhost-user-blk-Don-t-reconnect-during-in.patch vhost-user-blk-Fail-gracefully-on-too-la.patch vhost-user-blk-Get-more-feature-flags-fr.patch vhost-user-blk-Make-sure-to-set-Error-on.patch virtio-blk-Fix-rollback-path-in-virtio_b.patch virtio-Fail-if-iommu_platform-is-request.patch virtiofsd-Fix-side-effect-in-assert.patch monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch ++++ supportutils: - analyzevmcore supports local directories (bsc#1186397) ++++ yast2-trans: - Update to version 84.87.20210522.fa639d2702: * New POT for text domain 'installation'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'migration'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Japanese) * Translated using Weblate (German) * Translated using Weblate (Japanese) * Translated using Weblate (German) ------------------------------------------------------------------ ------------------ 2021-5-23 - May 23 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - genirq/irqdomain: Don't try to free an interrupt that has no (git-fixes) - commit 6059d03 - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - commit 3ca2554 - sched/eas: Don't update misfit status if the task is pinned (git-fixes) - commit 7849a6f - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - commit 637287d ------------------------------------------------------------------ ------------------ 2021-5-22 - May 22 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hrtimer: Update softirq_expires_next correctly after (git-fixes) - commit 123b070 - genirq: Disable interrupts for force threaded handlers (git-fixes) - commit a3b0361 ------------------------------------------------------------------ ------------------ 2021-5-21 - May 21 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) ++++ kernel-default: - blacklist.conf: Remove already backported commits. - commit d6aafa0 - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - commit 25deacb - lpfc: Decouple port_template and vport_template (bsc#185032). - commit 77503a8 - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - commit 682a642 - workqueue: more destroy_workqueue() fixes (bsc#1185911). - commit 63656eb - Re-enable yenta socket driver for x86_64 (bsc#1186349) CONFIG_YENTA was mistakenly disabled along with the disablement of CONFIG_PCMCIA. Re-enable the module for keeping the CardBus stuff still working, but put it to kernel-*-optional for Leap 15.3. - commit 1b41019 - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - commit 5e94000 - series.conf: cleanup - move submitted patch to "almost mainline" section: patches.suse/cpufreq-intel_pstate-Add-Icelake-servers-support-in-.patch - commit 0ccf9b6 ++++ libapparmor: - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) ++++ libepoxy: - Update to version 1.5.8: + Revert changes from PR #238 / #229 + Fixes regressions: #240, #252, #253 ++++ python3-core: - Stop providing "python" symbol (bsc#1185588), which means python2 currently. ++++ libsigc++2: - Update to version 2.10.7: + Meson build: - Make it possible to use sigc++ as a subproject. - Fix dependency on files generated from .h.m4 files. - No implicit_include_directories. - Make quiet installations possible. - Fix build as subproject without building documentation. + Documentation fixes. ++++ zchunk: - Update to version 1.1.14 * Final fixes for zstd 1.5 support ++++ nfs-utils: - Add 0019-gssd-use-mutex-to-protect-decrement-of-refcount.patch A field was modified by multiple threads without locking. This can lead to use-after-free. (bsc#1183194) ++++ python3: - Stop providing "python" symbol (bsc#1185588), which means python2 currently. ------------------------------------------------------------------ ------------------ 2021-5-20 - May 20 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - commit 56bb69c - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). - commit 7e45682 - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). - commit 7c9514e - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - commit d0a78d0 - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - commit 75ee727 - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - vrf: fix a comment about loopback device (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - commit d07ce98 - ethtool: fix missing NLM_F_MULTI flag when dumping (bsc#1176447). - IB/hfi1: Rework AIP and VNIC dummy netdev usage (jsc#SLE-13208). - RDMA/rtrs-clt: destroy sysfs after removing session from active list (jsc#SLE-15176). - RDMA/mlx5: Fix drop packet rule in egress table (jsc#SLE-15175). - net/sched: act_ct: fix wild memory access when clearing fragments (bsc#1176447). - nfp: devlink: initialize the devlink port attribute "lanes" (bsc#1176447). - selftests: mlxsw: Remove a redundant if statement in tc_flower_scale test (bsc#1176774). - net/mlx5: Fix bit-wise and with zero (jsc#SLE-15172). - netfilter: conntrack: Make global sysctls readonly in non-init netns (bsc#1176447). - commit 3d16f03 - scsi: fnic: Remove bogus ratelimit messages (bsc#1183249). - commit ad3d189 ++++ Mesa: - update to 21.1.1 * bugfix release * mostly AMD and Intel changes as usual, but also a decent amount of ARM fixes and more ++++ systemd: - udev requires systemd in its %post (bsc#1185958) udevadm, called in udev's %post, requires libsystemd-shared-248.so. - Restore all "License:" tags udev uses a different license (GPL-2.0-only) than the main package and "osc service localrun format_spec_file" has the good taste to restore the license tags for all other subpackages if one of the subpackage tag differs. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ++++ linux-glibc-devel: - Add cross-*-linux-glibc-devel packages ++++ pam_u2f: - Update to version 1.1.1 (released 2021-05-19) * Fix an issue where PIN authentication could be bypassed (CVE-2021-31924). * Fix an issue with nodetect and non-resident credentials. * Fix build issues with musl libc. * Add support for self-attestation in pamu2fcfg. * Fix minor bugs found by fuzzing. ++++ shim: - shim-install: instead of assuming "removable" for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961) ------------------------------------------------------------------ ------------------ 2021-5-19 - May 19 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (bsc#1185581). - commit eec9b2b - Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) Nvidia switched its vGPU mechanism from mdev to SRIOV since Ampere architecutre. For the SRIOV implementation, they used pci-pf-stub module. We only need to enable CONFIG_PCI_PF_STUB here, other dependencies have been enabled already. - commit 8ab8eb0 - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (bsc#1186219). - commit df8fbad - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - commit 71b6570 - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - commit d9afd49 - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - nvme: don't intialize hwmon for discovery controllers (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - nvme: fix controller instance leak (git-fixes). - nvmet: fix a memory leak (git-fixes). - block: fix get_max_io_size() (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - commit 6431b47 - nvme: fix possible deadlock when I/O is blocked (git-fixes). - Delete patches.suse/nvme-do-not-update-disk-info-for-multipathed-device.patch. - commit c1000c4 - nvme: define constants for identification values (git-fixes). - commit ef03dba ++++ libdrm: - Update to 2.4.106: * various nouveau fixes * improve tests ++++ Mesa: - Add swrast to vulkan - Enable vulkan on %{arm} and aarch64 with: swrast, amd, broadcom and freedreno ++++ systemd: - Spec file minor cleanups: - Drop all "Group:" tags as they are deprecated. - Drop "License:" tags from all subpackages and make it inherited from the main package. - Drop "%bcond_with parentpathid" as it's not used. ++++ libxml2: - Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch ++++ openssh: - Add openssh-7.6p1-audit_race_condition.patch, fixing sshd termination of multichannel sessions with non-root users (error on 'mm_request_receive_expect') (bsc#1115550, bsc#1174162). ++++ python-contextvars: - use %pytest macro in %check ++++ libxml2-python: - Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch ++++ runc: - Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). bsc#1185405 ------------------------------------------------------------------ ------------------ 2021-5-18 - May 18 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add nm-add-CAP_CHOWN-capability.patch: Add CAP_CHOWN to CapabilityBoundingSet to make teamd work properly (glfd#NetworkManager/NetworkManager!860, bsc#1185424). ++++ cockpit: - new version 244.1 https://cockpit-project.org/blog/cockpit-244.html - enable SELinux ++++ dracut: - Update to version 054+suse.95.gd5820102: * chore(suse) update spec Important change on mkinitrd: mkinitrd is now in its own subpackage "dracut-mkinit-deprecated", which requires dracut. If you need mkinitrd, require "mkinitrd". However note that in the long run, mkinit will go away. It is preferred to call dracut directly. ++++ hwinfo: - merge gh#openSUSE/hwinfo#98 - update pci and usb ids - 21.74 ++++ kernel-default: - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - commit f06d724 - blk-mq: plug request for shared sbitmap (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit d041278 - ACPI: PM: s2idle: Drop unused local variables and related code (bsc#1185840). - commit 1fc2033 - Delete patches.suse/hwmon-amd_energy-01-add-driver-to-report-energy-counters.patch. - Delete patches.suse/hwmon-amd_energy-02-missing-platform_driver_unregister-on.patch. - Delete patches.suse/hwmon-amd_energy-03-match-for-supported-models.patch. - Delete patches.suse/hwmon-amd_energy-04-move-label-out-of-accumulation-structure.patch. - Delete patches.suse/hwmon-amd_energy-05-optimize-accumulation-interval.patch. - Delete patches.suse/hwmon-amd_energy-06-improve-the-accumulation-logic.patch. - Delete patches.suse/hwmon-amd_energy-07-modify-the-visibility-of-the-counters.patch. - Delete patches.suse/hwmon-amd_energy-08-add-family-19h-model-01h.patch. - Delete patches.suse/hwmon-amd_energy-09-fix-allocation-of-hwmon_channel_info.patch. As agreed with Jeffrey Cheung and Darren Davis, after the amd_energy driver has been removed from upstream due to a disagreement between AMD and the hwmon subsystem maintainer on how to mitigate a hardware security vulnerability, we will not include this driver in SLE15-SP3. In other words, features SLE-15432 and SLE-14261 are being rejected for SP3. They will be evaluated again for SP4 if the upstream situation changes by then. - commit 30a5d69 - usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoire (bsc#1185840). - commit 5bd67ef - ACPI / idle: override c-state latency when not in conformance with s0ix (bsc#1185840). - commit 00d00d3 - ACPI: PM: s2idle: Add missing LPS0 functions for AMD (bsc#1185840). - commit 77d36ca - ACPI: PM: s2idle: Move x86-specific code to the x86 directory (bsc#1185840). - ACPI: PM: s2idle: Add AMD support to handle _DSM (bsc#1185840). - commit 240ac31 - fuse: fix write deadlock (bsc#1185573). - commit f65dbea - drm/i915/overlay: Fix active retire callback alignment (git-fixes). - commit 6ca3a83 - drm/i915: Wedge the GPU if command parser setup fails (git-fixes). - commit 331f4cc - drm/amdgpu: remove unused variable from struct amdgpu_bo (git-fixes). - commit e3fca29 - Refresh patches.suse/0001-drm-i915-Fix-overlay-frontbuffer-tracking.patch. Add Alt-commit for duplicate - commit af0c5c1 - drm/amd/display: Initialize attribute for hdcp_srm sysfs file (git-fixes). - commit e983a11 - drm/i915: Fix crash in auto_retire (git-fixes). - commit a0ca792 - drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode (git-fixes). - commit 1530740 - Refresh patches.suse/drm-amdgpu-display-restore-AUX_DPHY_TX_CONTROL-for-D.patch. Added Alt-commit for duplicate - commit 9ad673d - blacklist.conf: 12aca1ce9ee3 drm/msm/disp/dpu1: program 3d_merge only if block is attached - commit 1e8f219 - nvmet: use new ana_log_size instead the old one (bsc#1178612, bsc#1184259, bsc#1186155). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259, bsc#1186155). - commit 0df107a - nvme: add new line after variable declatation (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: don't check nvme_req flags for new req (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: mark nvme_setup_passsthru() inline (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: split init identify into helper (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: rename nvme_init_identify() (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: reduce checks for zero command effects (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: use NVME_CTRL_CMIC_ANA macro (bsc#1184259, bsc#1178612, bsc#1186155). - commit bb55f2e - powerpc/pseries: warn if recursing into the hcall tracing code (bsc#1185110 ltc#192091). - powerpc/pseries: use notrace hcall variant for H_CEDE idle (bsc#1185110 ltc#192091). - powerpc/pseries: Don't trace hcall tracing wrapper (bsc#1185110 ltc#192091). - powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks (bsc#1185110 ltc#192091). - commit b5b9cb5 - supported.conf: mark usb_otg_fsm as supported (bsc#1185010) - commit d340e77 - supported.conf: add bsc1185010 dependency - commit fb8d746 ++++ multipath-tools: - Update to version 0.8.6+10+suse.47711374: * Github workflows: add CI for SUSE-specific branches ++++ libcontainers-common: - Update image to 5.12.0 v0.38.2: * libimage: add save tests * libimage/Image.HasDifferentDigest: handle manifest lists * libimage: push: ignore image platform * Cirrus: Use config. in common with all repos. * libimage: add import test * Fix handling of all capabilities * libimage: add save tests * containers.conf: don't set default logging driver v0.38.1: * libimage: add save tests * libimage/Image.HasDifferentDigest: handle manifest lists * libimage: push: ignore image platform * Cirrus: Use config. in common with all repos. * libimage: add import test * Fix handling of all capabilities * libimage: add save tests * containers.conf: don't set default logging driver v0.38.1: * adjust log-driver defaults * Do not emit warnings about OCI runtime paths * build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 * build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3 * [NO TESTS NEEDED] Fix reading configs on mac and windows * libimage: add push tests * build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * libimage: fix pull from dir * libimage: add load unit tests * Only close EventChannel if it has been created. v0.38: * build(deps): bump github.com/docker/docker * libimage: add an events system * libimage: add unit tests * libimage: rename dockerTransport to registryTransport * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * pull: simplify transports switch * Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix * Add support for codespell, and fix issues found * libimage: restore the ability to pull from docker-daemon and tarball * Swap default logging to journald * fix image tree * Add support for creating default CNI network * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Add a default network creation package * Add ability to specify a subnet for the default network * libimage: follow-up changes v0.37.1: * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * Add support for the runsc OCI Runtime * Add support for machine_enabled in containers.conf * modify README.md: Contributing section finetuning * Add support for image_parallel_copies in containers.conf * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 - Update common to 0.38.2 0.38.2: libimage: add save tests libimage/Image.HasDifferentDigest: handle manifest lists libimage: push: ignore image platform Cirrus: Use config. in common with all repos. libimage: add import test Fix handling of all capabilities libimage: add save tests containers.conf: don't set default logging driver 0.38.1: adjust log-driver defaults Do not emit warnings about OCI runtime paths build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3 [NO TESTS NEEDED] Fix reading configs on mac and windows libimage: add push tests build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 libimage: fix pull from dir libimage: add load unit tests Only close EventChannel if it has been created. 0.38.0: build(deps): bump github.com/docker/docker libimage: add an events system libimage: add unit tests libimage: rename dockerTransport to registryTransport Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 pull: simplify transports switch Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix Add support for codespell, and fix issues found libimage: restore the ability to pull from docker-daemon and tarball Swap default logging to journald fix image tree Add support for creating default CNI network Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 Add a default network creation package Add ability to specify a subnet for the default network libimage: follow-up changes 0.37.1: Bump github.com/containers/storage from 1.30.0 to 1.30.1 Add support for the runsc OCI Runtime Add support for machine_enabled in containers.conf modify README.md: Contributing section finetuning Add support for image_parallel_copies in containers.conf Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 - Update storage to 1.31.0 1.31.0: Update docs/containers-storage.conf.5.md store: add option to disable volatile build(deps): bump github.com/Microsoft/hcsshim from 0.8.16 to 0.8.17 Enable zstd:chunked support in containers/image overlay: honor DisableShifting store: allow shifting only with contiguous mappings idtools: new function IsContiguous store: replace Modified+Load with ReloadIfChanged store: new method ROFileBasedStore.ReloadIfChanged() Expand the scope of transaction in the process of deleting device Remove unlock/lock caused by Incorrect assumption 1.30.3: Update to F34 and U2104 Update vendor opencontainers/selinux v1.8.1 AUFS not supported in Ubuntu 21.04+ build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 TestMatch: handle cases where NewPatternMatcher catches syntax errors 1.30.2: Switch from ffjson to json-iterator Remove dependencies on ffjson Expand Variables on rootlessStoragePath Log expected rootless overlay mount failures as debug level ++++ rdma-core: - Update to rdma-core v35.0 - Bugfixes on all providers - Many improvements on pyverbs - Fixes dracut path issues on Tumbleweed - Refresh patches to latest sources: - Revert-libcxgb3-Remove-libcxgb3-from-rdma-core.patch - disable-rdma-interface-renaming.patch ++++ libepoxy: - Update to version 1.5.7: * Remove type redefinition - Includes changes from 1.5.6: * Fix issue loading OpenGL/GLX/EGL libraries * Expose dependency variables in pkg-config file * Close output objects when generating files ++++ pango: - Update to version 1.48.5: + Only initialize fontconfig once. + Add missing deprecation notices. + Add some missing apis to the markup docs. + Speed up Emoji classification. + Fix hangs and memory leaks. + Don't insert hyphens at word boundaries. + Handle empty lines better. + Avoid width fluctuations with ellipsized text. + Add a utility to show text segmentation. ++++ systemd: - Introduce subpackage systemd-tests This subpackage is mainly used before submitting a new version of the systemd packages. As such it's not intended for regular users hence can be removed/renamed at any time. One might wonder why the unit tests are not executed during package builds (%check)... the reason is that the environment used to build package (chroot) is too limited and therefore only a subset of the unit tests would be executed in this environment. To disable the build of the subpackage, use "--without=tests". - Add 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch A temporary patch until https://github.com/systemd/systemd/issues/19464 is solved. - Import commit bc08011f04ac4f12569ec05965149f665a0b110b (merge of v248.3) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/6f5c11b28f5739b901390f22c2bf4c003cadedaa...bc08011f04ac4f12569ec05965149f665a0b110b ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Fix bsc#1185208 to make private mount namespaces work as well as to distinguish NFS mounts from same remote device share. ++++ selinux-policy: - allow systemd to watch /usr, /usr/lib, /etc, /etc/pki as we have path units that trigger on changes in those. Added fix_systemd_watch.patch - own /usr/share/selinux/packages/$SELINUXTYPE/ and /var/lib/selinux/$SELINUXTYPE/active/modules/* to allow packages to install files there ++++ u-boot-rpiarm64: * Add rockpi-n10-rk3399pro * Several fixes and cleanups for RK3399/3328 boards: - Replace repeated board list with is_rk3399/is_rk3328 define - Fix non-functional rock960, copy bl31.elf - Remove "make u-boot.itb", already part of "all" target * Remove obsolete manual generation of SOURCE_DATE_EPOCH ------------------------------------------------------------------ ------------------ 2021-5-17 - May 17 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1186114, CVE-2021-22898] * TELNET stack contents disclosure - Add curl-CVE-2021-22898.patch ++++ dracut: - Update to version 054+suse.94.g1648453e: * chore(suse): re-add SUSE mkinitrd - Update to version 054+suse.93.gd393f006: With this release dracut has undergone a major overhaul. A lot of systemd related modules have been added. The integration test suite has finally ironed out the flaky behaviour due to the parallel device probing of the kernel, which bit sometimes in the non-kvm github CI. So, if you see any /dev/sda in a setup script with more than two hard drives, chances are, that the script works on the wrong disk. Same goes for network interfaces. This release is also fully shellcheck'ed with ShellCheck-0.7.2 and indented with shfmt and astyle. The dracut project builds test containers every day for: opensuse/tumbleweed-dnf:latest archlinux:latest fedora:rawhide fedora:latest fedora:33 These containers can easily be used to run the integration tests locally without root permissions via podman. We hope this serves as a blueprint for your distribution's CI process. More information can be found in docs/HACKING.md. Bug Fixes make testsuite pass on OpenSuse and Arch (8b2afb08) cope with distributions with /usr/etc files (3ad3b3a4) deprecate gummiboot (5c94cf41) set vimrc and emacs indention according to .editorconfig (9012f399) correctly handle kernel parameters (501d82f7) remove dracut.pc on make clean (d643156d) honor KVERSION environment in the Makefile (d8a454a5) always use mkdir -p (9cf7b1c5) dracut.sh: prevent symbolic links containing // (de0c0872) adding missing globalvars for udev (f35d479d) sysctl global variables (3ca9aa1d) add global vars for modules-load (ec4539c6) omission is an addition to other omissions in conf files (96c31333) harden dracut against GZIP environment variable (d8e47e20) add a missing tmpfilesconfdir global variable (8849dd8d) include modules.builtin.alias in the initramfs (7f633747) install all depmod relevant configuration files (50a01dd4) add modules.builtin.modinfo to the initramfs (87c4c178) search for btrfs devices from actual mount poiont (3fdc734a) dracut-functions.sh: implement a cache for get_maj_min (c3bb9d18) word splitting issue for sed in get_ucode_file (122657b2) dracut-logger.sh: double dash trigger unknown logger warnings during run (4fbccde5) dracut-install: handle $LIB in ldd output parsing (bsc#1185615) handle builtin modules (2536a9ea) base: suppress calls to getarg in build phase (6feaaabc) source hooks without exec (8059bcb2) wait_for_dev quote shell variables (b800edd6) adding crc32c for ext3 (61f45643) crypt: install all crypto modules in the generic initrd (10f9e569) include cryptsetups tmpfile (a4cc1964) crypt-gpg: cope with different scdaemon location (44fd1c13) dbus-broker: enable the service (df1e5f06) dbus-daemon: only error out in install() (ae4fbb3d) dracut-systemd: don't refuse root=tmpfs when systemd is used (a96900a8) examples: remove the examples directory and reference to it (b37c90c8) fips: add dh and ecdh ciphers (543b8014) remove old udev version requirements (be30d987) i18n: skip if data is missing (651fe01e) img-lib: ignored null byte in input (85eb9680) integrity: properly set up EVM when using an x509 cert (4bdd7eb2) iscsi: replace sed call with bash internals (66b920c6) add iscsid.service requirements (bb6770f1) only rely on socket activiation (0eb87d78) kernel-modules: optionally add /usr/lib/modules.d to initramfs (92e6a8f8) add watchdog drivers for generic initrd (3a60c036) mdraid: remove dependency statements (86b75634) memstrack: correct dependencies (c2ecc4d1) multipath: stop multipath before udev db cleanup (3c244c7c) revise multipathd-stop (7b8c78ff) nbd: assume nbd version >= 3.8 (6209edeb) remove old udev version requirements (fd15dbad) make nbd work again with systemd (77906443) network: use wicked unit instead of find_binary (57eefcf7) user variable for sdnetworkd instead of path (4982e16d) correct regression in iface_has_carrier (36af0518) network-legacy: add missing options to dhclient.conf (abfd547a) silence getargs (60a34d8b) network-manager: cope with distributions not using libexec (22d6863e) set timeout via command line option (8a51ee1f) run after dracut-cmdline (4d03404f) create /run directories (49b61496) use /run/NetworkManager/initrd/neednet in initqueue (6a37c6f6) only run NetworkManager if rd.neednet=1 (ac0e8f7d) nm-run.service: don't kill forked processes (1f21fac6) no default deps for nm-run.service (ba4bcf5f) nm-lib.sh does not require bash (3402142e) squash: post install should be the last step before stripping (8c8aecdc) systemd: include all nss libraries (b3bbf5fb) include hosts and nsswitch.conf in hostonly mode (5912f4fb) remove old systemd version requirements (fc53987b) systemd-hostnamed: extra quote (2aa65234) systemd-modules: remove dependency on systemd meta module (afef4557) systemd-modules-load: misc repairs (782ac8f1) systemd-networkd: make systemd-networkd a proper network provider (ea779750, closes #737) systemd-resolved: remove nss libraries (12bef83c) systemd-sysctl: sysctl global variables (02acedd0) systemd-sysusers: misc fixes and cleanup (7359ba8a) systemd-udev: use global vars instead of fixed path (fd883a58) systemd-udevd: add udev id program files (562cb77b) systemd-verity: incorrect reference to cryptsetup target (ba92d1fc) re-naming module to veritysetup (0267f3c3) tpm2-tss: add tpm2 requirement (8f99fada) udev-rules: remove sourcing of network link files (69f4e7cd) add btrfs udev rules by default (567c4557) url-lib: fix passing args (5f6be515) zipl: don't depend on grub2 (6b499ec1) Performance disable initrd compression when squash module is enabled (7c0bc0b2) Features support ZSTD-compressed kernel modules (ce9af251) also restore the initramfs from /lib/modules (33e27fab) extend Makefile indent target (e0a0fa61) customize .editorconfig according to shfmt (1f621aba) squash module follow --compress option (5d05ffbd) bluetooth: implement bluetooth support in initrd (64ee2a53) btrfs: add 64-btrfs-dm.rules rules (d4caa86a) mkinitrd: remove mkinitrd (43df4ee2) nbd: support ipv6 link local nbds (b12f8188) network-manager: run as daemon with D-Bus (112f03f9) qemu: include the virtio_mem kernel module (f3dcb606) skipcpio: speed up and harden skipcpio (63033495) squash: use busybox for early setup if available (90f269f6) install and depmod modules seperately (5a18b24a) systemd-ac-power: introducing the systemd-ac-power module (e7407230) systemd-hostnamed: introducing the systemd-hostnamed module (bf273e3e) systemd-initrd: add initrd-usr-fs.target (5eb73610) systemd-journald: introducing the systemd-journald module (3697891b) systemd-ldconfig: introducing the systemd-ldconfig module (563c434e) systemd-network-management: introducing systemd-network-management module (e942d86c) systemd-resolved: introducing the systemd-resolved module (b7d3caef) systemd-rfkill: introducing the systemd-rfkill module (21536544) systemd-sysext: introducing the systemd-sysext module (fc88af54) systemd-timedated: introducing the systemd-timedated module (1c41cc90) systemd-timesyncd: introducing the systemd-timesyncd module (2257d545) systemd-tmpfiles: introducing the systemd-tmpfiles module (2b61be32) systemd-udevd: introducing the systemd-udevd module (3534789c) systemd-verity: introducing the systemd-verity module (3d4dea58) tpm2-tss: introducing the tpm2-tss module (8743b073) ++++ kernel-default: - drm/ingenic: Register devm action to cleanup encoders (git-fixes). - commit 675f1fb - nvmet: use new ana_log_size instead the old one (bsc#1184259). note: the upstream commit msg is misleading, this is an nvme host fix, not nvmet. - commit 99e6038 - drm/ingenic: Fix non-OSD mode (git-fixes). - commit 6368ef3 - drm/mcde/panel: Inverse misunderstood flag (git-fixes). - commit e3c909b - nvme: don't intialize hwmon for discovery controllers (bsc#1184259). - commit c0f763f - kABI workaround for hci_chan amp field addition (CVE-2021-33034 bsc#1186111). - commit 82f4155 - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034 bsc#1186111). - commit f6d837e - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - commit ec86798 - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - commit 4d97fe4 - libbpf: Fix signed overflow in ringbuf_process_ring (bsc#1177028). - selftests/bpf: Fix BPF_CORE_READ_BITFIELD() macro (bsc#1177028). - libbpf: Initialize the bpf_seq_printf parameters array field by field (bsc#1177028). - selftests/bpf: Fix the ASSERT_ERR_PTR macro (bsc#1177028). - libbpf: Add explicit padding to btf_dump_emit_type_decl_opts (bsc#1177028). - selftests/bpf: Re-generate vmlinux.h and BPF skeletons if bpftool changed (bsc#1177028). - libbpf: Add explicit padding to bpf_xdp_set_link_opts (bsc#1177028). - commit c874e76 - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - commit ebeaec2 - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - commit c94cc71 - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - commit 5e2321a - perf/amd/uncore: Fix sysfs type mismatch (bsc#1178134). - commit 54f1b43 - Refresh patches.suse/powerpc-kexec_file-Use-current-CPU-info-while-settin.patch. - commit b3db5e3 ++++ libX11: - U_CVE-2021-31535.patch * adds missing request length checks in libX11 (CVE-2021-31535, bsc#1182506) ++++ perl-ExtUtils-Depends: - updated to 0.8001 see /usr/share/doc/packages/perl-ExtUtils-Depends/Changes 0.8001 - Remove hack (cf https://rt.cpan.org/Ticket/Display.html?id=45224) The hijacking of EUMM's `static_lib` method is now obsolete, as well as causing problems. - Also added a couple of code tidy-ups ++++ qemu: - Brotli VLA error was already fixed in v5.2 but the patches wasn't included in v6.0. This change fixed that - Patches added: brotli-fix-actual-variable-array-paramet.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch ++++ yast2-trans: - Update to version 84.87.20210516.482fe91bc6: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'autoinst'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Catalan) * Translated using Weblate (Lithuanian) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'base'. * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (French) * Translated using Weblate (Japanese) * New POT for text domain 'autoinst'. * New POT for text domain 'network'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-5-16 - May 16 2021 ------------------- ------------------------------------------------------------------ ++++ less: - update to 586: * Make less able to read lesskey source files (deprecating lesskey). * If XDG_CONFIG_HOME is set, find lesskey source file in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey. * If XDG_DATA_HOME is set, find and store history file in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst. * Add the --lesskey-src option. * Add the --file-size option. * Fix bug which could leave terminal in mouse-reporting mode after exiting less. * Fix bug which caused failure to respond to window resize. * Fix backslash bug searching in tag file. ------------------------------------------------------------------ ------------------ 2021-5-15 - May 15 2021 ------------------- ------------------------------------------------------------------ ++++ libqmi: - Update to version 1.28.4 * libqmi-glib: - Add 'wwan' subsystem support. - Plug memleak when allocating new links. - Plug memleak when QmiDevice is opened multiple times. - Fix build when ARPHRD_RAWIP isn't defined in libc. * gir: - Flag all output TLV readers as optional. - Add explicit ownership information in the string and struct return annotations. * collections: - basic: added WMS Send ACK * qmicli: - Fix double GError when both 'Extended List' and 'Bandwidth List' are missing in --nas-get-rf-band-info. * Several other minor improvements and fixes. ++++ zchunk: - Update to version 1.1.12 * Update testsuite for zstd 1.5 ------------------------------------------------------------------ ------------------ 2021-5-14 - May 14 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Drop networkmanager-obs-net.patch: the patch needs a full rework. - Drop networkmanager-checks-po.patch: as it was supposed to fix something introduced by another patch which we still carry, yet we can live with this patch disabled, I'd infer this patch is not nescessary. ++++ cifs-utils: - Update to cifs-utils 6.13 * Fixes CVE-2021-20208, cifs.upcall kerberos auth leak in container * remove cifs-utils-6.12.tar.bz2 * remove cifs-utils-6.12.tar.bz2.asc * add cifs-utils-6.13.tar.bz2 * add cifs-utils-6.13.tar.bz2.asc - Drop upstream fixed patches: * 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch ++++ glib2: - Update to version 2.68.2: + Fix building third-party projects against GLib on CentOS 7. + Bugs fixed: - json-glib does not build with glib 2.68.1. - gmacros: check that __cplusplus or _MSC_VER is defined. - gmacros: missing check if __STDC_VERSION__ is defined. - Backport !2078 “gthreadedresolver: don't ignore flags in lookup_by_name_with_flags” to glib-2-68. ++++ haproxy: - Update to version 2.4.0+git0.6cbbecf09: https://www.haproxy.com/blog/announcing-haproxy-2-4/ for all the details see /usr/share/doc/packages/haproxy/CHANGELOG - refreshed patches to apply cleanly again haproxy-1.6.0-makefile_lib.patch haproxy-1.6.0-sec-options.patch lua54.patch ++++ kernel-default: - Correct CVE number for a mac80211 fix (CVE-2020-26139 bsc#1186062) - commit 16457bf - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134 bsc#1186060). - commit ffbe2a6 - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - commit 6d9c3a2 - nvmet: seset ns->file when open fails (bsc#1183873). - commit ca1c5ff - KVM: s390: fix guarded storage control register handling (bsc#1133021). - commit 6757070 - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - hwmon: (occ) Fix poll rate limiting (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - commit 63ad411 - Update meta data patches.suse/nvme-retrigger-ana-log-update-if-group-descriptor-isn-t.patch The patch has been added to mainline. Update the meta data and move it into the sorted section. - commit 7250fb0 ++++ Mesa: - reenabled build of device-select and overlay vulkan layers ++++ ceph: - Update to 16.2.4-26-g555d38aa5a5: + rebased on top of v16.2.4 tag https://ceph.io/releases/v16-2-4-pacific-released/ * mgr/dashboard: fix base-href: revert it to previous approach * (bsc#1186021) mgr/dashboard: fix cookie injection issue (CVE-2021-3509) * mgr/dashboard: fix set-ssl-certificate{,-key} commands * (bsc#1186020) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531) * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524) * systemd: remove ProtectClock=true for ceph-osd@.service ++++ mdadm: - Grow: be careful of corrupt dev_roles list (bsc#1181619) 0117-Grow-be-careful-of-corrupt-dev_roles-list.patch - imsm: nvme multipath support (bsc#1175758) 0116-imsm-nvme-multipath-support.patch ------------------------------------------------------------------ ------------------ 2021-5-13 - May 13 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. - Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch ++++ kernel-default: - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - commit f263745 - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - commit cf7170b - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - Refresh patches.suse/nvme-add-kato-sysfs-attribute.patch. Context adjustment in kato patch. - commit 7126f4d - sched: optimize latency defaults for throughput add guard (Scheduler enhancements for I7 (bnc#754690, bnc#1144446)). Upstream removed the relevant sysctls and a deviation from mainline now can only be reverted via debugfs. The guard is added until it can be determined if the need for tuning can be addressed without reenabling the sysctls. - commit 5985363 ------------------------------------------------------------------ ------------------ 2021-5-12 - May 12 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.12.1 * build: fix missing symbols in libbtrfs * mkfs: check for minimal number of zones * check: fix warning about cache generation when free space tree is enabled * fix superblock write in zoned mode on 16K pages ++++ open-iscsi: - Merge latest upstream, which added fix (bsc#1185930): * Set default 'startup' to 'onboot' for FW nodes ++++ kernel-default: - ath10k kABI workaround for CVE-2020-24588 fix (CVE-2020-24588 bsc#1185861). - ath10k: Validate first subframe of A-MSDU before processing the list (CVE-2020-26141 bsc#1185863). - ath10k: Fix TKIP Michael MIC verification for PCIe (CVE-2020-26141 bsc#1185863). - ath10k: drop MPDU which has discard flag set by firmware for SDIO (CVE-2020-24588 bsc#1185861). - ath10k: drop fragments with multicast DA for SDIO (CVE-2020-26145 bsc#1185860). - ath10k: drop fragments with multicast DA for PCIe (CVE-2020-26145 bsc#1185860). - ath10k: add CCMP PN replay protection for fragmented frames for PCIe (CVE-2020-26145 bsc#1185860). - kABI workaround for cfg80211 changes (CVE-2020-24586 bsc#1185859). - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586 bsc#1185859). - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586 bsc#1185859). - mac80211: check defrag PN against current frame (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: add fragment cache to sta_info (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185859). - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: assure all fragments are encrypted (CVE-2020-26147 bsc#1185863 bsc#1185859). - commit 1aa5a24 - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - commit 88ee1b3 - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - commit e1f93d5 - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - commit c09eacd - Update to mainline version and move into sorted section: patches.suse/scsi-fnic-Use-scsi_host_busy_iter-to-traverse-commands.patch (bsc#1179851) - commit 5bb3cbc - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). temporarily disable patches.suse/fnic-use-blk_mq_tagset_busy_iter-to-traverse-commands.patch - commit da3e4e8 - Update upstream references and move into sorted section: patches.suse/scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch - commit 0dfec7c - ath10k: Validate first subframe of A-MSDU before processing the list (CVE-2020-26141 bsc#1185863 bsc#1185987). - commit ea14c35 - ath10k: Fix TKIP Michael MIC verification for PCIe (CVE-2020-26141 bsc#1185863 bsc#1185987). - commit 4eb2710 - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - commit 4aa67c6 - ath10k kABI workaround for CVE-2020-24588 fix (CVE-2020-24588 bsc#1185861). - ath10k: drop MPDU which has discard flag set by firmware for SDIO (CVE-2020-24588 bsc#1185861). - ath10k: drop fragments with multicast DA for SDIO (CVE-2020-26145 bsc#1185860). - ath10k: drop fragments with multicast DA for PCIe (CVE-2020-26145 bsc#1185860). - ath10k: add CCMP PN replay protection for fragmented frames for PCIe (CVE-2020-26145 bsc#1185860). - commit e9158ad - kABI workaround for cfg80211 changes (CVE-2020-24586 bsc#1185859). - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586 bsc#1185859). - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586 bsc#1185859). - mac80211: check defrag PN against current frame (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: add fragment cache to sta_info (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185859). - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: assure all fragments are encrypted (CVE-2020-26147 bsc#1185863 bsc#1185859). - commit e747a3d - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - commit 7c0272c - tracing: Map all PIDs to command lines (git-fixes). - commit ed170f4 - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - commit 0d8166b - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - commit c3f83a0 - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - commit 4c3dc8b - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: Use IRQF_ONESHOT (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - commit fbbea32 - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - platform/x86: intel_pmc_core: Don't use global pmcdev in quirks (git-fixes). - commit f8dc44d - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - commit bddb0b7 - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - commit f5f8b81 - extcon: arizona: Fix various races on driver unbind (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - commit e59ac4d - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - commit 4f7d7a0 - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - don't release uninitialized resources (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - commit e379274 - Move upstreamed media fixes into sorted section - commit 5bae3a8 - bpf: Prevent writable memory-mapping of read-only ringbuf pages (bsc#1185640 CVE-2021-3489). - bpf, ringbuf: Deny reserve of buffers larger than ringbuf (bsc#1185640 CVE-2021-3489). - bpf: Fix alu32 const subreg bound tracking on bitwise operations (bsc#1185641 CVE-2021-3490). - commit c0fa121 - scripts/git_sort/git_sort.py: add bpf git repo - commit 65979e3 ++++ libXfixes: - Update to version 6.0.0 * The big new feature here is support for the new ClientDisconnectMode. From the corresponding xorgproto announcement: An X server that is started on demand (Xwayland) should ideally also terminate when the last client disconnects. However, some X11 clients that provide system services will linger around forever, preventing that shutdown. * With the new XFixes request, a client can designate itself as to-be-terminated and the X server can ignore those clients when counting the number of remaining clients. If no other clients are left, the server can shut down. * Note that this requires changes to the X server and each client to work. ++++ runc: - Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix "chdir to cwd: permission denied" for some setups - Remove upstreamed patches: - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch ++++ sudo: - update to 1.9.7 * The "fuzz" Makefile target now runs all the fuzzers for 8192 passes (can be overridden via the FUZZ_RUNS variable). This makes it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz". * Fixed fuzzing on FreeBSD where the ld.lld linker returns an error by default when a symbol is multiply-defined. * Added support for determining local IPv6 addresses on systems that lack the getifaddrs() function. This now works on AIX, HP-UX and Solaris (at least). Bug #969. * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to report a usage error. Also, when invoked as sudoedit, sudo now allows a more restricted set of options that matches the usage statement and documentation. GitHub issue #95. * Fixed a crash in sudo_sendlog when the specified certificate or key does not exist or is invalid. Bug #970 * Fixed a compilation error when sudo is configured with the - -disable-log-client option. * Sudo's limited support for SUCCESS=return entries in nsswitch.conf is now documented. Bug #971. * Sudo now requires autoconf 2.70 or higher to regenerate the configure script. Bug #972. * sudo_logsrvd now has a relay mode which can be used to create a hierarchy of log servers. By default, when a relay server is defined, messages from the client are forwarded immediately to the relay. However, if the "store_first" setting is enabled, the log will be stored locally until the command completes and then relayed. Bug #965. * Sudo now links with OpenSSL by default if it is available unless the --disable-openssl configure option is used or both the - -disable-log-client and --disable-log-server configure options are specified. * Fixed configure's Python version detection when the version minor number is more than a single digit, for example Python 3.10. * The sudo Python module tests now pass for Python 3.10. * Sudo will now avoid changing the datasize resource limit as long as the existing value is at least 1GB. This works around a problem on 64-bit HP-UX where it is not possible to exactly restore the original datasize limit. Bug #973. * Fixed a race condition that could result in a hang when sudo is executed by a process where the SIGCHLD handler is set to SIG_IGN. This fixes the bug described by GitHub PR #98. * Fixed an out-of-bounds read in sudoedit and visudo when the EDITOR, VISUAL or SUDO_EDITOR environment variables end in an unescaped backslash. Also fixed the handling of quote characters that are escaped by a backslash. GitHub issue #99. * Fixed a bug that prevented the "log_server_verify" sudoers option from taking effect. * The sudo_sendlog utility has a new -s option to cause it to stop sending I/O records after a user-specified elapsed time. This can be used to test the I/O log restart functionality of sudo_logsrvd. * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when attempting to restart an interrupted I/O log transfer. * The TLS connection timeout in the sudoers log client was previously hard-coded to 10 seconds. It now uses the value of log_server_timeout. * The configure script now outputs a summary of the user-configurable options at the end, separate from output of configure script tests. Bug #820. * Corrected the description of which groups may be specified via the - g option in the Runas_Spec section. Bug #975. ++++ supportutils: - getappcore checks for valid compression binary (bsc#1185991) - getappcore does not trigger errors with help message (bsc#1185993) ------------------------------------------------------------------ ------------------ 2021-5-11 - May 11 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix plaintext password in grub config didn't work to unlock menu entry if enabling secure boot in UEFI (bsc#1181892) ++++ kernel-default: - proc: Avoid mixing integer types in mem_rw() (CVE-2021-3491 bsc#1185642). - commit 757f76b - blacklist: add commit b166a20b0738 Mainline commit b166a20b0738 ("net/sctp: fix race condition in sctp_destroy_sock") was found buggy so that it was reverted by commit 01bfe5e8e428 ("Revert "net/sctp: fix race condition in sctp_destroy_sock"") and replaced by a new fix, commit 34e5b0118685 ("sctp: delay auto_asconf init until binding the first addr"). - commit 7c2eabc - sctp: delay auto_asconf init until binding the first addr (). - commit cb84c72 - tcp: fix to update snd_wl1 in bulk receiver fast path (). - commit 627e2e2 - Update patch reference for BT fix (CVE-2021-32399 bsc#1185898) - commit 81179ec ++++ pcre: - Do not run profiling 'check' in parallel to make package build reproducible (boo#1040589) ++++ pam: - In the 32-bit compatibility package for 64-bit architectures, require "systemd-32bit" to be also installed as it contains pam_systemd.so for 32 bit applications. [bsc#1185562, baselibs.conf] ++++ salt: - Drop support for Python2. Obsoletes "python2-salt" package (jsc#SLE-18033) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18028) - Remove duplicate directories - Added: * fix-issue-parsing-errors-in-ansiblegate-state-module.patch * prevent-command-injection-in-the-snapper-module-bsc-.patch * transactional_update-detect-recursion-in-the-executo.patch ------------------------------------------------------------------ ------------------ 2021-5-10 - May 10 2021 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Update to version 0.184: debuginfod: Use libarchive's bsdtar as the .deb-family file unpacker. debuginfod-client: Client caches negative results. If a query for a file failed with 404, an empty 000 permission file is created in the cache. This will prevent requesting the same file for the next 10 minutes. Client objects now carry long-lived curl handles for outgoing connections. This makes it more efficient for multiple sequential queries, because the TCP connections and/or TLS state info are kept around awhile, avoiding O(100ms) setup latencies. libdw: handle DW_FORM_indirect when reading attributes translations: Update Polish translation. ++++ hdparm: - update to 9.62: * work around unexpected sign-extending of left-shifted unsigned values by gcc ++++ kernel-default: - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") (git-fixes). - commit 9e8eea0 - series.conf: cleanup - move a submitted patch to "almost mainline" section patches.suse/rtc-pcf2127-handle-timestamp-interrupts.patch - commit baf1232 - fix patch metadata - fix Patch-mainline: patches.suse/fs-epoll-restore-waking-from-ep_done_scan.patch - commit 220b548 - series.conf: cleanup - update upstream references and resort: patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch patches.suse/scsi-lpfc-Fix-DMA-virtual-address-ptr-assignment-in-.patch patches.suse/scsi-lpfc-Fix-illegal-memory-access-on-Abort-IOCBs.patch - commit a062422 - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - commit dad28e7 - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - commit 876c85a - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds (bsc#1177028). - commit 26f1fe9 ++++ gcc11: - Update to gcc-11 branch head (23855a176609fe8dda6abaf2b2), git121 - Disable build-id generation on non-glibc targeting cross compilers. ++++ systemd: - Import commit 6f5c11b28f5739b901390f22c2bf4c003cadedaa (merge of v248.2) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e5f93c9d2e9e26dd0dff430c4c072a547357ae7d...6f5c11b28f5739b901390f22c2bf4c003cadedaa ++++ libxml2: - Security fix: [bsc#1185698, CVE-2021-3537] * NULL pointer dereference in valid.c:xmlValidBuildAContentModel * Add libxml2-CVE-2021-3537.patch ++++ microos-tools: - Update to version 2.10 - Fixes and improvements for SELinux support - Add devel tools - Add new subpackage microos-devel-tools - Add rpm as build dependency for that subpackage ++++ libxml2-python: - Security fix: [bsc#1185698, CVE-2021-3537] * NULL pointer dereference in valid.c:xmlValidBuildAContentModel * Add libxml2-CVE-2021-3537.patch ++++ yast2-trans: - Update to version 84.87.20210509.2001bf14f7: * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * New POT for text domain 'auth-client'. * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * New POT for text domain 'iscsi-lio-server'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-5-9 - May 9 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.12 * libbtrfsutil: relicensed to LGPL v2.1+ * mkfs: zoned mode support (kernel 5.12+) * fi df: show zone_unusable per profile type in zoned mode * fi usage: show total amount of zone_unusable * fi resize: fix message for exact size * image: fix warning and enlarge output file if necessary * core * refactor chunk allocator for more modes * implement zoned mode support: allocation and writes, sb log * crypto/hash refactoring and cleanups * refactoring and cleanups * other * test updates * CI updates * travis-ci integration disabled * docker images updated, more coverage * incomplete build support for Android removed * doc updates * chattr mode m for 'NOCOMPRESS" * swapfile used from fstab * how to add a new export to libbtrfsutil * update status of mount options since 5.9 - Update to 5.11.1 * properly format checksums when a mismatch is reported * check: fix false alert on tree block crossing 64K page boundary * convert: * refuse to convert filesystem with 'needs_recovery' * update documentation to require fsck before conversion * balance convert: fix raid56 warning when converting other profiles * fi resize: improved summary * other * build: fix checks and autoconf defines * fix symlink paths for CI support scripts * updated tests ------------------------------------------------------------------ ------------------ 2021-5-8 - May 8 2021 ------------------- ------------------------------------------------------------------ ++++ gstreamer-plugins-base: - don't own appdata dir - comes from filesystem rpm ++++ kernel-default: - ALSA: usb-audio: Remove redundant assignment to len (git-fixes). - ALSA: usb-audio: Generic application of implicit fb to Roland/BOSS devices (git-fixes). - Revert "ALSA: usb-audio: Add support for many Roland devices..." (git-fixes). - ALSA: usb-audio: Re-apply implicit feedback mode to Pioneer devices (git-fixes). - ALSA: usb-audio: Add support for many Roland devices' implicit feedback quirks (git-fixes). - ALSA: usb-audio: Apply implicit feedback mode for BOSS devices (git-fixes). - ALSA: usb-audio: Skip probe of UA-101 devices (git-fixes). - ALSA: usb-audio: Drop implicit fb quirk entries dubbed for capture (git-fixes). - ALSA: usb-audio: Check connector value on resume (git-fixes). - ALSA: usb-audio: Carve out connector value checking into a helper (git-fixes). - ALSA: usb-audio: fix Pioneer DJM-850 control label info (git-fixes). - ALSA: usb-audio: Declare Pioneer DJM-850 mixer controls (git-fixes). - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table (git-fixes). - ALSA: usb-audio: generate midi streaming substream names from jack names (git-fixes). - ALSA: usb-audio: use usb headers rather than define structs locally (git-fixes). - commit 66017db - ALSA: usb-audio: Add implicit feeback support for the BOSS GT-1 (git-fixes). - Refresh patches.suse/ALSA-usb-audio-Add-implicit-fb-quirk-for-BOSS-GP-10.patch. - Refresh patches.suse/ALSA-usb-audio-Add-quirk-for-BOSS-AD-10.patch. - Refresh patches.suse/ALSA-usb-audio-Add-quirk-for-RC-505.patch. - commit 430c145 - ALSA: hda/realtek: Add fixup for HP OMEN laptop (git-fixes). - ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32 (git-fixes). - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (git-fixes). - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 (git-fixes). - commit 0e8dbae - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - commit cb198d3 - Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" (git-fixes). - ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - commit 23adf05 ++++ sysuser-tools: - Use /usr/sbin/nologin instead of /sbin/nologin ------------------------------------------------------------------ ------------------ 2021-5-7 - May 7 2021 ------------------- ------------------------------------------------------------------ ++++ drbd: - bsc#1188472, update to 9.0.29 * fix data corruption when DRBD's backing disk is a degraded Linux software raid (MD) * add correct thawing of IO requests after IO was frozen due to loss of quorum * fix timeout detection after idle periods and for configs with ko-count when a disk on an a secondary stops delivering IO-completion events * fixed an issue where UUIDs where not shifted in the history slots; that caused false "unrelated data" events * fix switching resync sources by letting resync requests drain before issuing resync requests to the new source; before the fix, it could happen that the resync does not terminate since a late reply from the previous caused a out-of-sync bit set after the "scan point" * fix a temporal deadlock you could trigger when you exercise promotion races and mix some read-only openers into the test case * fix for bitmap-copy operation in a very specific and unlikely case where two nodes do a bitmap-based resync due to disk-states * fix size negotiation when combining nodes of different CPU architectures that have different page sizes * fix a very rare race where DRBD reported wrong magic in a header packet right after reconnecting * fix a case where DRBD ends up reporting unrelated data; it affected thinly allocated resources with a diskless node in a recreate from day0 event * speedup open() of drbd devices if promote has not chance to go through * new option "--reset-bitmap=no" for the invalidate and invalidate-remote commands; this allows to do a resync after online verify found differences * changes to socket buffer sizes get applied to established connections immediately; before it was applied after a re-connect * add exists events for path objects * forbid keyed hash algorithms for online verify, csyms and HMAC base alg * fix a regression introduces with 9.0.25; it failed to determine the right device size and the connection hangs in WFBitmapS/WFBitmapT repl state; to trigger this you need to do a partial resync to a new node with different backing device size * fix an issue with netlink packets processed in parallel on multiple CPUs; the bug caused drbdadm adjust failing in very rare cases * fix a very rare occurrence of a reconciliation resync getting stuck * fix a race condition that causes a detach operation to hang; it is very hard to trigger * fix a kernel OOPS (via a BUG()) upon adding a timer twice under very rare timing * fix a counter imbalance that could lead to assertion messages when a protocol A peer disconnects with a certain timing * fix a rare race with receiving bitmap and a state change while establishing a connection * fix UUID handling to avoid false split-brain detections; this bug got triggered an isolated primary that gets demoted, and temporal network interruptions among the remaining nodes * fix resync decision to obey disk states when the generation UUIDs are equal; the effect of this bug was that you could end up with two Outdated nodes after resync * fix concurrent disk-attach operations * Fix possible kernel warning regarding an inbalance of backing device link/unlink * move some amount of kernel backward compatibility code moved from the old method (drbd_wrappers.h) to new cocci semantic patches * add support renaming resources while its devices might be in use and process IO requests * Allow setting c_max_rate to 0 with the meaning that the resync controller has no upper limit for the resync speed * Fix regression: allow live migration between two diskful peers again * following upstream changes to DRBD up to Linux 5.12 and updated compat rules to support up to Linux 5.12 - Remove patch compat_blk_queue_stack_limits.patch Remove patch compat_get_fs.patch Remove patch compat_remove_kernel_setsockopt.patch Remove patch compat-test-header.patch Remove patch drbd-fix-zero-metadata-limit-by-page-size-misaligned.patch Remove patch remove_bdi_cap_stable_writes.patch Remove patch submit-bio-private-date.patch - Modify patch suse-coccinelle.patch - Add patch compat_genl_maxattr_in_ops.patch (48526a0f) - Bug fixes between 9.0.29 and 9.0.30 Add patch drbd-change-to-L_VERIFY_S-after-peer-is-L_VERIFY_T.patch Add patch drbd-Fix-abortion-of-a-connect-2-phase-commit.patch Add patch drbd-Fix-a-possible-NULL-deref-found-with-gcc-11-fan.patch Add patch drbd-Fix-locking-for-the-drbd_devices-idr.patch Add patch drbd-fix-protocol-compatibility-with-drbd-8.4-state.patch Add patch drbd-fix-race-condition-resetting-resync_next_bit.patch Add patch drbd-fix-termination-of-verify-with-stop-sector.patch Add patch drbd-remove-device_to_minor.patch Add patch drbd-use-DEFINE_MUTEX-insteadm-of-mutex_init.patch Add patch Revert-drbd-serialize-syncs-from-multiple-sources.patch - cocci apply: linux-5.12.0-2 queue_discard_zeroes_data__no_present (48920ff2a5a9) ++++ kernel-default: - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - commit b803549 - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - commit 7b9e3ca - s390/pci: fix leak of PCI device structure (git-fixes). - vfio-pci/zdev: fix possible segmentation fault issue (git-fixes). - s390/zcrypt: return EIO when msg retry limit reached (git-fixes). - commit 5abd9df - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - commit 2b51e47 ++++ kernel-firmware: - Update to version 20210503 (git commit ecdfcf8e2ca1): * i915: Add ADL-P DMC Support * amdgpu: add new polaris 12 MC firmware * firmware: nvidia: Add VIC firmware for Tegra194 * qcom: add gpu firmwares for sc7280 * brcm: Add a link to enable khadas VIM2's WiFi * rtw89: 8852a: update fw to v0.13.8.0 * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A8_7893 * qcom: Add venus firmware files for VPU-2.0 * qcom: update venus firmware files for v5.4 - Move adreno and modem firmware into kernel-firmware-qcom subpackage - Update license list and module aliases ++++ nfs-utils: - Add 0018-Replace-all-var-run-with-run.patch /var/run is long deprecated - switch all relevant paths to /run (bsc#1185170) ++++ shim: - shim-install: always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464) ++++ yast2: - Logging all available product information into directory /var/log/YaST2/installation_info. This should help for evaluating the cause of e.g. bsc#1180888, bsc#1180908, bsc#1178688. - 4.4.4 ------------------------------------------------------------------ ------------------ 2021-5-6 - May 6 2021 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.347 (bsc#1185697): + Updated pci, usb and vendor ids. ++++ jeos-firstboot: - Update to version 1.0.1: * Always show manual SSID option * Call dialog with --backtitle everywhere * Calculate the height of menus dynamically (bsc#1177188) * Create README.md ++++ kernel-default: - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - commit 0db6da1 - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md: split mddev_find (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: don't flush workqueue unconditionally in md_open (bsc#1184081). - commit 255ac58 - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - commit 54b345b - PCI: dwc: Move iATU detection earlier (git-fixes). - PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c (git-fixes). - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() (git-fixes). - commit 48dc8db - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - commit 6976ceb ++++ Mesa: - adjusted filelist to removed vulkan files in Mesa 21.1.0 (packages Mesa-libVulkan-devel, Mesa-vulkan-device-select, Mesa-vulkan-overlay) - /usr/include/vulkan/vulkan_intel.h dropped with Mesa 21.1.0, but let's keep the package containing an empty directory - update to 21.1.0 * bunch of work here, lots of zink and softpipe, but bits and pieces of other things: tgsi, freddreno, nir, panfrost, intel, spirv, core gallium, radv, aco, r600, and core mesa. - supersedes patches U_clover-Fix-build-with-llvm-12.patch, U_clover-Add-missing-include-for-llvm-12-build-fix.patch ++++ harfbuzz: - Update to version 2.8.1: + Subsetter now fully supports GSUB/GPOS/GDEF tables (including variations); as such, layout tables are retained by subsetter by default + hb-view supports iTerm2 and kitty inline image protocols it can also use Chafa for terminal graphics if available - Add pkgconfig(chafa): new, optional depdency. ++++ ceph: - Update to 16.2.3-26-g422932e923: + rebased on top of upstream pacific SHA1 381b476cb3900f9a92eb95d03b4850b953cfd79a Pacific v16.2.3 release see https://ceph.io/releases/v16-2-3-pacific-released/ * cephadm: normalize image digest in 'ls' output too Pacific v16.2.2 release see https://ceph.io/releases/v16-2-2-pacific-released/ ++++ qemu: - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975) ++++ shim: - Include suse-signed shim for AArch64 (bsc#1185621) ------------------------------------------------------------------ ------------------ 2021-5-5 - May 5 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - commit 67fde5a - s390/entry: save the caller of psw_idle (bsc#1185677). - commit d82aadb - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - commit f74f90f - bus: fsl-mc: list more commands as accepted through the ioctl (bsc#1185670). - bus: fsl-mc: add the dpdbg device type (bsc#1185670). - commit 6325c23 - Update patches.suse/powerpc-eeh-Fix-EEH-handling-for-hugepages-in-iorema.patch (bsc#1156395 bsc#1185645 ltc#192576). - commit b0c1c70 - spi: cadence: set cqspi to the driver_data field of struct device (git-fixes). - commit e8779a2 - i2c: mlxbf: add IRQ check (git-fixes). - commit 571342e - fix patch metadata - fix Patch-mainline: patches.suse/mm-memcontrol-fix-cpuhotplug-statistics-flushing.patch - commit fc7f89c - Update kabi files. - update from May 2021 maintenance update submission (commit 0a8fae2b39f2) - commit 8a0c3f3 - dmaengine: idxd: Fix potential null dereference on pointer status (git-fixes). - commit 287f8f1 - powerpc/kexec_file: Use current CPU info while setting up FDT (bsc#1184615 ltc#189835). - commit 21c8a7e - Update config files. (bsc#1185010) - supported.conf: - commit 8888052 - rpm: drop /usr/bin/env in interpreter specification OBS checks don't like /usr/bin/env in script interpreter lines but upstream developers tend to use it. A proper solution would be fixing the depedency extraction and drop the OBS check error but that's unlikely to happen so that we have to work around the problem on our side and rewrite the interpreter lines in scripts before collecting files for packages instead. - commit 45c5c1a - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - commit d9b38b9 ++++ ceph: - Update to 16.2.1-283-g9f37a4bec4: + rebased on top of upstream pacific SHA1 717ce59b76c659aaef8c5aec1355c0ac5cef7234 Pacific v16.2.1 release see https://ceph.io/releases/v16-2-1-pacific-released/ * (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse * (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections ++++ tcl: - bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d . - https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5: Add tcl-aa4a13c15516da45.patch to disable lto for the stubs libraries. ------------------------------------------------------------------ ------------------ 2021-5-4 - May 4 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Add patch bsc1183064.patch * Fix bug bsc#1183064: Segfault from reading a history file not starting with # with HISTTIMEFORMAT set and history_multiline_entries nonzero and with the history cleared and read on the same input line. ++++ kernel-default: - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: sanitize KATO setting (bsc#1179825). - commit f3a2791 - patches.suse/NFC-nxp-nci-Add-GPIO-ACPI-mapping-table.patch: (bsc#1185589). - commit 4004e31 - patches.suse/NFC-nxp-nci-Convert-to-use-GPIO-descriptor.patch: (bsc#1185589). - commit a3f193f - patches.suse/NFC-nxp-nci-Get-rid-of-platform-data.patch: (bsc#1185589). - commit 3e24d09 - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - commit d21fbb6 - patches.suse/NFC-nxp-nci-Add-NXP1001-to-the-ACPI-ID-table.patch: (bsc#1185589). - commit 68d285a - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - commit 3bba386 - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). Refresh: - patches.suse/nvme-multipath-retry-commands-for-dying-queues.patch - commit ee2dc7b - scripts/git_sort/git_sort.py: Update nvme repositories - commit e849c44 - blacklist.conf: Add ppc kuap/uaccess fixes not applicable to SP2 - commit 4b4ca8e ++++ libjpeg-turbo: - disable SIMD for armv6hl, not available ++++ mokutil: - spec file cleanup ++++ nvme-cli: - update to 1.14 * nvme-discover: add json output * nvme: add support for lba status log page * nvme: add support for endurance group event aggregate log * nvme: add endurance group event configuration feature * nvme: add latest opcodes for command supported and effects log * zns: print select_all field for Zone Management Send * print topology for NVMe nodes in kernel and path * nvme: add support for predictable latency event aggregate log page * nvme: add support for persistent event log page * Show more async event config fields ++++ ovmf: - Update the descriptors to add "acpi-s4" tag to allow libvirt enable hibernation (bsc#1182886#c31) ++++ rust-keylime: - Update to version 0.0.1+git.1618949271.f609525: * Add more TPM helper functions * Use PKeys consistently * Rebase on tss-esapi 5.0 * Pass a PKeyRef to asym_verify * Use #[[from] from thiserror * Fix uppercase acronyms * Add testing feature * Remove port bindings for agent * More verbose TPM and revocation error, verbose success * Fix docker networking ++++ tpm2.0-tools: - fix `--version` output of tools. Since now autoreconf is called and configure.ac attempts to fetch the version from git (which we don't have during building), the version was empty. Fix this by replacing the git invocation in configure.ac. ------------------------------------------------------------------ ------------------ 2021-5-3 - May 3 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - install all of pkg/lib in -devel package. Cockpit-machines needs more ++++ cockpit-machines: - initial package ++++ docker: - Add shell requires for the *-completion subpackages. ++++ kernel-default: - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - commit 5ee4c93 - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - commit e08fbf4 - powerpc/perf: Fix the threshold event selection for memory events in power10 (jsc#SLE-13513). - powerpc/perf: Fix sampled instruction type for larx/stcx (jsc#SLE-13513). - powerpc/smp: Reintroduce cpu_core_mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/xive: Drop check on irq_data in xive_core_debug_show() (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc/xmon: Fix build failure for 8xx (jsc#SLE-12936 git-fixes). - commit 84bf014 - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - commit 66099c4 - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - commit fef5517 - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - commit 517921a - series.conf: cleanup - move into "almost mainline" section patches.suse/rtc-fsl-ftm-alarm-add-MODULE_TABLE.patch - commit 75e25e9 - fix patch metadata - fix Patch-mainline: patches.suse/x86-platform-uv-set-section-block-size-for-hubless-architectures.patch - commit 5cf9a28 - series.conf: cleanup - update upstream references and resort patches.suse/powerpc-mm-Add-cond_resched-while-removing-hpte-mapp.patch patches.suse/powerpc-papr_scm-Fix-build-error-due-to-wrong-printf.patch patches.suse/powerpc-papr_scm-Implement-support-for-H_SCM_FLUSH-h.patch patches.suse/powerpc-pseries-Add-shutdown-to-vio_driver-and-vio_b.patch patches.suse/scsi-lpfc-Change-wording-of-invalid-pci-reset-log-me.patch patches.suse/scsi-lpfc-Correct-function-header-comments-related-t.patch patches.suse/scsi-lpfc-Fix-ADISC-handling-that-never-frees-nodes.patch patches.suse/scsi-lpfc-Fix-FLOGI-failure-due-to-accessing-a-freed.patch patches.suse/scsi-lpfc-Fix-PLOGI-ACC-to-be-transmit-after-REG_LOG.patch patches.suse/scsi-lpfc-Fix-crash-caused-by-switch-reboot.patch patches.suse/scsi-lpfc-Fix-dropped-FLOGI-during-pt2pt-discovery-r.patch patches.suse/scsi-lpfc-Fix-incorrect-dbde-assignment-when-buildin.patch patches.suse/scsi-lpfc-Fix-lpfc_els_retry-possible-null-pointer-d.patch patches.suse/scsi-lpfc-Fix-nodeinfo-debugfs-output.patch patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch patches.suse/scsi-lpfc-Fix-pt2pt-connection-does-not-recover-afte.patch patches.suse/scsi-lpfc-Fix-pt2pt-state-transition-causing-rmmod-h.patch patches.suse/scsi-lpfc-Fix-reftag-generation-sizing-errors.patch patches.suse/scsi-lpfc-Fix-stale-node-accesses-on-stale-RRQ-reque.patch patches.suse/scsi-lpfc-Fix-status-returned-in-lpfc_els_retry-erro.patch patches.suse/scsi-lpfc-Fix-unnecessary-null-check-in-lpfc_release.patch patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_els_free_iocb.patch patches.suse/scsi-lpfc-Fix-vport-indices-in-lpfc_find_vport_by_vp.patch patches.suse/scsi-lpfc-Reduce-LOG_TRACE_EVENT-logging-for-vports.patch patches.suse/scsi-lpfc-Update-copyrights-for-12.8.0.7-and-12.8.0..patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.8.patch patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch patches.suse/selftests-powerpc-Fix-L1D-flushing-tests-for-Power10.patch - commit e03aa0a - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - commit 5d92f24 - cpuidle/pseries: Fixup CEDE0 latency only for POWER10 onwards (bsc#1185550 ltc#192610). - commit 19688a8 - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - commit 2cf366a - virtiofs: fix memory leak in virtio_fs_probe() (bsc#1185558). - commit bc3eb47 - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - commit 210f7a5 - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - commit 4d34a1c ++++ zchunk: - Update to version 1.1.11 * Fix memory leak of zck->prep_digest * Fix argp detection * Handle certain rare web servers that don't start with \r\n - Drop upstream merged fix-test-argp.patch ++++ python-py: - CVE-2020-29651.patch (bsc#1179805, CVE-2020-29651, bsc#1184505) * python-py: regular expression denial of service in svnwc.py ++++ ovmf: - Add ovmf-bsc1184801-fix-sev-with-tpm.patch to fix SEV-ES guest crash with TPM (bsc#1184801) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#508 - create NVMe config files before udevd is started (bsc#1184908) - 16.56.10 ++++ yast2: - Do not crash when a client execution return false (related to bsc#1185561, and bsc#1180954). - 4.4.3 ++++ yast2-trans: - Update to version 84.87.20210502.7b34dbceae: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Turkish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'network'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2021-5-2 - May 2 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.40.1: + Fix double free when removing event listeners. + Fix numlock detection. ++++ python3-core: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ++++ python3: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ------------------------------------------------------------------ ------------------ 2021-5-1 - May 1 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ASoC: rsnd: check all BUSIF status when error (git-fixes). - ASoC: wm8960: Remove bitclk relax condition in wm8960_configure_sysclk (git-fixes). - ASoC: samsung: snow: remove useless test (git-fixes). - ASoC: Intel: boards: sof-wm8804: add check for PLL setting (git-fixes). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (git-fixes). - commit 18fa88e - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - commit 82d06eb - i2c: sh7760: fix IRQ error path (git-fixes). - commit e315f49 - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - commit da2180a - i2c: cadence: add IRQ check (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - commit 2b66742 ++++ libxkbcommon: - Update to release 1.3.0 * `xkbcli list` was changed to output YAML instead of a custom format. * Fix segmentation fault in case-insensitive `xkb_keysym_from_name` for certain values like the empty string. ------------------------------------------------------------------ ------------------ 2021-4-30 - Apr 30 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 243 https://cockpit-project.org/blog/cockpit-243.html https://cockpit-project.org/blog/cockpit-242.html https://cockpit-project.org/blog/cockpit-241.html https://cockpit-project.org/blog/cockpit-240.html https://cockpit-project.org/blog/cockpit-239.html ++++ librsvg: - Update to version 2.50.5: + Images embedded as data: URLs didn't render if they had a MIME type with a charset parameter. + Don't allow number lists with unbounded lengths in tableValues attributes, for feComponentTransfer and feConvolveMatrix. + Negative rx/ry in rect element should be ignored. ++++ glib-networking: - Update to version 2.68.1: + Fix threadsafety issue in certificate verification. + Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7. ++++ kernel-default: - ath10k: Fix a use after free in ath10k_htc_send_bundle (git-fixes). - mt76: mt7915: fix aggr len debugfs node (git-fixes). - rtw88: Fix an error code in rtw_debugfs_set_rsvd_page() (git-fixes). - Bluetooth: avoid deadlock between hci_dev->lock and socket lock (git-fixes). - commit 38c8cc4 - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - commit f8b6668 - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - mac80211: bail out if cipher schemes are invalid (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - rsi: Use resume_noirq for SDIO (git-fixes). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - mt7601u: fix always true expression (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - commit 4c3b252 - rpm/constraints.in: bump disk space to 45GB on riscv64 - commit f8b883f - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - commit db29123 - Remove patches.suse/scsi-qla2xxx-Make-sure-that-aborted-commands-are-fre.patch Upstream commit 39c0c8553bfb ("scsi: Revert "qla2xxx: Make sure that aborted commands are freed"") reverts the patch. - commit 311c2c6 ++++ sensors: - change-pidfile-path-from-var-run-to-run.patch: Change PIDFile path from /var/run to /run (bsc#1185183). - var-run-deprecated.patch: /var/run is deprecated (bsc#1185183). ++++ permissions: - Update to version 20181225: * etc/permissions: remove unnecessary entries (bsc#1182899) ++++ qemu: - Update to v6.0: see https://wiki.qemu.org/ChangeLog/6.0 For a full list of formely deprecated features that are removed now, consult: https://qemu-project.gitlab.io/qemu/system/removed-features.html. For a list of new deprecated features, consult: https://qemu-project.gitlab.io/qemu/system/deprecated.html Some noteworthy changes: * Removed tileGX CPU (linux-user mode). * Removed ide-drive device (use ide-hd or ide-cd instead). * Removed scsi-disk device (use scsi-hd or scsi-cd instead). * Removed pc-1.0, pc-1.1, pc-1.2, and pc-1.3 machine types. * Added emulation of Arm-v8.1M arch and Cortex-M55 CPU. * Added boards mps3-an524 (Cortex-M33) and mps3-an547 (Cortex-M55). * x86: Support for running SEV-ES encrypted guests; TCG can emulate the PKS feature; WHPX accelerator supports accelerated APIC. * ARM: ARMv8.4-TTST, ARMv8.4-SEL2, FEAT_SSBS, and ARMv8.4-DIT emulation are now supported; Added ARMv8.5-MemTag extension is now supported formely linux-user. Additional device emulation support for xlnx-zynqmp, xlnx-versal, sbsa-ref, npcm7xx, and sabrelite board models. * PowerPC: powernv now allows external BMC; pseries can send QAPI message if it detects a memory hotplug failure; CPU unplug request can be retried. * s390: TCG works with Linux kernels built with clang-11 and clang12. * RISC-V: OpenSBI upgraded to v0.9; Support the QMP dump-guest-memory command; Add support for the SiFive SPI controller (sifive_u); Add QSPI NOR flash to Microchip PFSoC. * Misc doc improvements. * Multiprocess: Add experimental options to support out-of-process device emulation. * ACPI: support for assigning NICs to known names in guest OS independently of PCI slot placement. * NVMe: new emulation support for v1.4 spec with many new features, experimental support for Zoned Namespaces, multipath I/O, and End-to-End Data Protection. * Xen: New guest loader for testing of Xen-like hypervisors booting kernels. * virtiofs: misc. security fixes and performance improvements. * Tools: FUSE block exports to allow mounting any QEMU block device node as a host file. * Migration: query/info-migrate now display the migration blocker status and the reasons for blocking. * User-mode: Added support for the Qualcomm Hexagon processor. * TCG: Added support for Apple Silicon hosts (macOS). * QMP: backup jobs now support multiple asynchronous requests in parallel * VNC: virtio-vga support for scaling resolution based on client window size * Patches added: doc-add-our-support-doc-to-the-main-proj.patch * Patches removed: 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch audio-add-sanity-check.patch block-Fix-deadlock-in-bdrv_co_yield_to_d.patch block-Fix-locking-in-qmp_block_resize.patch blockjob-Fix-crash-with-IOthread-when-bl.patch block-nfs-fix-int-overflow-in-nfs_client.patch block-rbd-fix-memory-leak-in-qemu_rbd_co.patch block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch block-Separate-blk_is_writable-and-blk_s.patch block-Simplify-qmp_block_resize-error-pa.patch brotli-fix-actual-variable-array-paramet.patch build-no-pie-is-no-functional-linker-fla.patch cadence_gem-switch-to-use-qemu_receive_p.patch cpu-core-Fix-help-of-CPU-core-device-typ.patch docs-add-SUSE-support-statements-to-html.patch dp8393x-switch-to-use-qemu_receive_packe.patch e1000-fail-early-for-evil-descriptor.patch e1000-switch-to-use-qemu_receive_packet-.patch hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch hw-arm-virt-Disable-pl011-clock-migratio.patch hw-block-fdc-Fix-fallback-property-on-sy.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-isa-Kconfig-Add-missing-dependency-VI.patch hw-isa-piix4-Migrate-Reset-Control-Regis.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-s390x-fix-build-for-virtio-9p-ccw.patch hw-sd-sd-Actually-perform-the-erase-oper.patch hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch hw-sd-sdhci-Correctly-set-the-controller.patch hw-sd-sdhci-Don-t-transfer-any-data-when.patch hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch hw-sd-sdhci-Limit-block-size-only-when-S.patch hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch hw-sd-sd-Move-the-sd_block_-read-write-a.patch hw-sd-sd-Skip-write-protect-groups-check.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch hw-virtio-pci-Added-AER-capability.patch hw-virtio-pci-Added-counter-for-pcie-cap.patch i386-acpi-restore-device-paths-for-pre-5.patch iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch lan9118-switch-to-use-qemu_receive_packe.patch lsilogic-Use-PCIDevice-exit-instead-of-D.patch Make-keycode-gen-output-reproducible-use.patch memory-clamp-cached-translation-in-case-.patch monitor-Fix-assertion-failure-on-shutdow.patch mptsas-Remove-unused-MPTSASState-pending.patch msf2-mac-switch-to-use-qemu_receive_pack.patch net-Fix-handling-of-id-in-netdev_add-and.patch net-introduce-qemu_receive_packet.patch pcnet-switch-to-use-qemu_receive_packet-.patch qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch qemu-storage-daemon-Enable-object-add.patch rtl8139-switch-to-use-qemu_receive_packe.patch s390x-add-have_virtio_ccw.patch s390x-css-report-errors-from-ccw_dstream.patch s390x-Fix-stringop-truncation-issue-repo.patch s390x-modularize-virtio-gpu-ccw.patch s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch s390x-pci-restore-missing-Query-PCI-Func.patch spice-app-avoid-crash-when-core-spice-mo.patch sungem-switch-to-use-qemu_receive_packet.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch target-xtensa-fix-meson.build-rule-for-x.patch tcg-Use-memset-for-large-vector-byte-rep.patch tools-virtiofsd-Replace-the-word-whiteli.patch tx_pkt-switch-to-use-qemu_receive_packet.patch ui-vnc-Add-missing-lock-for-send_color_m.patch update-linux-headers-Include-const.h.patch Update-linux-headers-to-5.11-rc2.patch util-fix-use-after-free-in-module_load_o.patch vfio-ccw-Connect-the-device-request-noti.patch vhost-user-blk-fix-blkcfg-num_queues-end.patch viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch virtiofsd-extract-lo_do_open-from-lo_ope.patch virtiofsd-optionally-return-inode-pointe.patch virtiofsd-prevent-opening-of-special-fil.patch virtiofs-drop-remapped-security.capabili.patch virtiofsd-Save-error-code-early-at-the-f.patch virtio-move-use-disabled-flag-property-t.patch virtio-pci-compat-page-aligned-ATS.patch xen-block-Fix-removal-of-backend-instanc.patch ++++ zypper: - Rephrase needs-rebooting help and messages. Try to point out that the need to reboot was not necessarily triggered by the current transaction. - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages (bsc#1183268) - Quickfix setting "openSUSE_Tumbleweed" as default platform for "MicroOS" (bsc#1153687) This fixes the guessed platform for "obs:///" URLs. - Protect against strict/relaxed user umask via sudo (bsc#1183589) - zypper-log: protect against thread name indicators in a log. - xml summary: add solvables repository alias (bsc#1182372) - version 1.14.44 ------------------------------------------------------------------ ------------------ 2021-4-29 - Apr 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - commit a4fa91e - series.conf: Resort and update meta data - meta data refreshed: patches.suse/scsi-lpfc-Change-wording-of-invalid-pci-reset-log-me.patch patches.suse/scsi-lpfc-Correct-function-header-comments-related-t.patch patches.suse/scsi-lpfc-Fix-ADISC-handling-that-never-frees-nodes.patch patches.suse/scsi-lpfc-Fix-FLOGI-failure-due-to-accessing-a-freed.patch patches.suse/scsi-lpfc-Fix-PLOGI-ACC-to-be-transmit-after-REG_LOG.patch patches.suse/scsi-lpfc-Fix-crash-caused-by-switch-reboot.patch patches.suse/scsi-lpfc-Fix-dropped-FLOGI-during-pt2pt-discovery-r.patch patches.suse/scsi-lpfc-Fix-incorrect-dbde-assignment-when-buildin.patch patches.suse/scsi-lpfc-Fix-lpfc_els_retry-possible-null-pointer-d.patch patches.suse/scsi-lpfc-Fix-nodeinfo-debugfs-output.patch patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch patches.suse/scsi-lpfc-Fix-pt2pt-connection-does-not-recover-afte.patch patches.suse/scsi-lpfc-Fix-pt2pt-state-transition-causing-rmmod-h.patch patches.suse/scsi-lpfc-Fix-reftag-generation-sizing-errors.patch patches.suse/scsi-lpfc-Fix-stale-node-accesses-on-stale-RRQ-reque.patch patches.suse/scsi-lpfc-Fix-status-returned-in-lpfc_els_retry-erro.patch patches.suse/scsi-lpfc-Fix-unnecessary-null-check-in-lpfc_release.patch patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_els_free_iocb.patch patches.suse/scsi-lpfc-Fix-vport-indices-in-lpfc_find_vport_by_vp.patch patches.suse/scsi-lpfc-Reduce-LOG_TRACE_EVENT-logging-for-vports.patch patches.suse/scsi-lpfc-Update-copyrights-for-12.8.0.7-and-12.8.0..patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.8.patch patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch - commit 27785f8 - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - commit 47e611e - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - commit 10147b2 - reintroduce cqhci_suspend for kABI (git-fixes). - commit eb30081 - blk-mq: set default elevator as deadline in case of hctx shared tagset (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit 55cfd5d - Refresh sorted section. - commit b0d2a3b - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer (git-fixes). - vfio/mdev: Make to_mdev_device() into a static inline (git-fixes). - vfio/pci: Re-order vfio_pci_probe() (git-fixes). - vfio/pci: Move VGA and VF initialization to functions (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (git-fixes). - drm: xlnx: zynqmp: fix a memset in zynqmp_dp_train() (git-fixes). - drm/probe-helper: Check epoch counter in output_poll_execute() (git-fixes). - drm/amd/display: Fix off by one in hdmi_14_process_transaction() (git-fixes). - drm/panfrost: Don't try to map pages that are already mapped (git-fixes). - drm/panfrost: Clear MMU irqs before handling the fault (git-fixes). - drm/tilcdc: send vblank event when disabling crtc (git-fixes). - commit fe92c5a - Fix series.conf sorted section - commit 6795229 - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - commit 7053b04 - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - pata_arasan_cf: fix IRQ check (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - pinctrl: lewisburg: Update number of pins in community (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - commit 8cd08fd - mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000" (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - commit e24fcb3 - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - gpio: omap: Save and restore sysconfig (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - commit 20a3b3a - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - commit f116afa ++++ kernel-firmware: - Update to version 20210426 (git commit fa0efeff4894): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Intel BT 7265: Fix Security Issues * linux-firmware: Update firmware file for Intel Bluetooth 8265 * mrvl: prestera: Add Marvell Prestera Switchdev firmware 3.0 version * rtw88: 8822c: Update normal firmware to v9.9.9 * brcm: add missing symlink for Pi Zero W NVRAM file * amdgpu: update arcturus firmware from 21.10 * amdgpu: update navy flounder firmware from 21.10 * amdgpu: update sienna cichlid firmware from 21.10 * amdgpu: update vega20 firmware from 21.10 * amdgpu: update picasso firmware from 21.10 * amdgpu: update navi14 firmware from 21.10 * amdgpu: update green sardine firmware from 21.10 * amdgpu: update vega12 firmware from 21.10 * amdgpu: update navi12 firmware from 21.10 * amdgpu: update vega10 firmware from 21.10 * amdgpu: update renoir firmware from 21.10 * amdgpu: update navi10 firmware from 21.10 * amdgpu: update raven2 firmware from 21.10 * amdgpu: update raven firmware from 21.10 * rtl_nic: add new firmware for RTL8153 and RTL8156 series ++++ less: - update to 581.2: * This fixes a bug found in less-581 where the terminal was sometimes left in mouse-reporting mode after exiting less. ++++ libcontainers-common: - Update common to 0.37.0 0.37.0: new libimage package Bump github.com/containers/storage from 1.29.0 to 1.30.0 config: suggest enable-linger only if euid != 0 Change log message in findRuntime() Add setns to default seccomp.json Cleanup debugf information to make debugging more useful - Update podman to 3.1.2 3.1.2: [#]## Bugfixes - Fixed a bug where images with empty layers were stored incorrectly, causing them to be unable to be pushed or saved. - Fixed a bug where the `podman rmi` command could fail to remove corrupt images from storage. - Fixed a bug where the remote Podman client's `podman save` command did not support the `oci-dir` and `docker-dir` formats ([#9742](https://github.com/containers/podman/issues/9742)). - Fixed a bug where volume mounts from `podman play kube` created with a trailing `/` in the container path were were not properly superceding named volumes from the image ([#9618](https://github.com/containers/podman/issues/9618)). - Fixed a bug where Podman could fail to build on 32-bit architectures. [#]## Misc - Updated the containers/image library to v5.11.1 - Update storage to 1.30.1 1.30.1: Allow users to tag images in read/only image stores build(deps): bump github.com/klauspost/compress from 1.12.1 to 1.12.2 Validate selinux label before attempting to use it 1.30.0: unshare: new function HasCapSysAdmin btrfs: Do not disable quota on cleanup build(deps): bump github.com/klauspost/compress from 1.11.13 to 1.12.1 - Update image to 5.11.1 * new libimage package * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * config: suggest enable-linger only if euid != 0 * Change log message in findRuntime() * Add setns to default seccomp.json * Cleanup debugf information to make debugging more useful ++++ gcc11: - Update to gcc-11 branch head (cd0a059bd384da58d43674496a7), git67 * Includes GCC 11.1 release - Drop upstreamed gcc11-no-offload.patch. ++++ procps: - Add upstream patch procps-vmstat-1b9ea611.patch for bsc#1185417 * Support up to 2048 CPU as well ++++ virglrenderer: - Update to version 0.9.1: * Various small bugfixes ------------------------------------------------------------------ ------------------ 2021-4-28 - Apr 28 2021 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Local (SUSE) change: update iscsi.service so that it tries to logon to any "onboot" and firmware targets, in case a target was offline when booted but back up when the service is started. (bsc#1153806) - Merged with latest from upstream, which contains these fixes: * Add "no wait" option to iscsiadm firmware login * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart * Log proper error message when AUTH failure occurs ++++ kernel-default: - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - commit 1fed21d - fix patch metadata - fix Patch-mainline: patches.suse/x86-microcode-check-for-offline-cpus-before-requesting-new-microcode.patch - commit 86da738 - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - commit 720943a - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - commit e46a789 - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - commit 78a20b1 - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - commit b9124c1 - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - commit 3690227 - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - commit 23cd005 - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - Refresh patches.suse/mmc-sdhci-pci-Prefer-SDR25-timing-for-High-Speed-mod.patch. - commit 9dd1a55 - blacklist.conf: prerequisites break kABI - commit 2c4445c - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - commit 72c0b64 - Refresh patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. - commit dbaac01 - blacklist.conf: fixes a compiler warning only - commit 2e1acc1 - blacklist.conf: fixes a compiler warning only - commit 0566d04 - rpm/constraints.in: remove aarch64 disk size exception obs://Kernel:stable/kernel-default/ARM/aarch64 currrently fails: installing package kernel-default-livepatch-devel-5.12.0-3.1.g6208a83.aarch64 needs 3MB more space on the / filesystem The stats say: Maximal used disk space: 31799 Mbyte By default, we require 35G. For aarch64 we had an exception to lower this limit to 30G there. Drop this exception as it is obviously no longer valid. - commit ee00b50 ++++ libxml2: - Security fix: [bsc#1185408, CVE-2021-3518] * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() * Add libxml2-CVE-2021-3518.patch - Security fix: [bsc#1185410, CVE-2021-3517] * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3517.patch - Security fix: [bsc#1185409, CVE-2021-3516] * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3516.patch ++++ libzypp: - Properly handle permission denied when providing optional files (bsc#1185239) - Fix service detection with cgroupv2 (bsc#1184997) - version 17.25.10 (22) ++++ libxml2-python: - Security fix: [bsc#1185408, CVE-2021-3518] * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() * Add libxml2-CVE-2021-3518.patch - Security fix: [bsc#1185410, CVE-2021-3517] * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3517.patch - Security fix: [bsc#1185409, CVE-2021-3516] * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3516.patch ++++ selinux-policy: - allow cockpit socket to bind nodes (fix_cockpit.patch) - use %autosetup to get rid of endless patch lines ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#507 - Revert "trigger automatic nvme discovery (bsc#1184908)" - trigger automatic nvme discovery in udev start script (bsc#1184908) - 16.56.9 ------------------------------------------------------------------ ------------------ 2021-4-27 - Apr 27 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597) ++++ hdparm: - update to 9.61: - fixes for --set-sector-size and reporting of physical/logical sector sizes ++++ kernel-default: - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - commit 542e5a3 - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - mtd: spi-nor: Rename "n25q512a" to "mt25qu512a (n25q512a)" (bsc#1167260). - commit 2c1a6eb - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - commit e0a1590 - blacklist.conf: cosmetic fix - commit 501d484 - blacklist.conf: breaks kABI - commit 25e087f - blacklist.conf: patch is a kABI cleanup - commit dc817ec - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - commit 1892580 - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - commit aa90e03 - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Don't access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Don't mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - commit 7e2481c - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - commit 264efc3 - Revert "mtd: spi-nor: macronix: Add support for mx25l51245g" (git-fixes). - firmware: qcom_scm: Fix kernel-doc function names to match (git-fixes). - firmware: qcom_scm: Workaround lack of "is available" call on SC7180 (git-fixes). - firmware: qcom_scm: Reduce locking section for __get_convention() (git-fixes). - firmware: qcom_scm: Make __qcom_scm_is_call_available() return bool (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - usb: xhci-mtk: improve bandwidth scheduling with TT (git-fixes). - usb: xhci-mtk: remove or operator for setting schedule parameters (git-fixes). - mfd: intel_pmt: Fix nuisance messages and handling of disabled capabilities (git-fixes). - crypto: chelsio - Read rxchannel-id from firmware (git-fixes). - commit ca30721 - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - USB: serial: fix return value for unsupported ioctls (git-fixes). - USB: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - commit 4c3112d - USB: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - commit 5c40ba7 - USB: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - USB: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - commit fb519e4 - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling - >setup() (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - commit d16f444 - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz < p_memsz (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - commit ab0d991 - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: rawnand: atmel: Update ecc_stats.corrected counter (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - commit e422d77 - memory: pl353: fix mask of ECC page_size config register (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Don't DMA more than the buffer can take (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - commit b5d6098 - cpufreq: Kconfig: fix documentation links (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - fotg210-udc: Mask GRP2 interrupts we don't handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - commit 781f7bc - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - bus: qcom: Put child node before return (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - commit d53d421 ++++ libapparmor: - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597) ++++ python3-core: - Add CVE-2021-3426-inf-disclosure-pydoc-getfile.patch to remove getfile feature from pydoc, which is a security nightmare (among other things, CVE-2021-3426, allows disclosure of any file on the system; bsc#1183374, bpo#42988). ++++ sssd: - Use /run instead of /var/run for daemon PID files; (bsc#1185185); ++++ linux-glibc-devel: - Update to kernel headers 5.12 ++++ python3: - Add CVE-2021-3426-inf-disclosure-pydoc-getfile.patch to remove getfile feature from pydoc, which is a security nightmare (among other things, CVE-2021-3426, allows disclosure of any file on the system; bsc#1183374, bpo#42988). ++++ selinux-policy: - Updated fix_networkmanager.patch to allow NetworkManager to watch its configuration directories - Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207) ++++ yast2: - Add to yast2 mixin Yast2::SecretAttributes for hiding sensitive information (bsc#1141017) - 4.4.2 ------------------------------------------------------------------ ------------------ 2021-4-26 - Apr 26 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Update to version 5.0.0 * Update minimum rust toolchain version 1.44 * Switch from error-chain to anyhow * Remove cl-legacy feature * ibmcloud: don't ignore I/O error when parsing metadata * providers: fix clippy::unnecessary_wraps lint on 1.50 * workflows: update pinned lint toolchain to 1.50.0 * cli: stop wrapping command-line parse errors * github: release checklist cleanups * providers: add Azure Stack Hub ++++ cloud-regionsrv-client: - Update to version 9.1.5 (bsc#1182779, bsc#1185234, bsc#1185198) + Another startup process may run zypper before the registration process if zypper is still running we cannot get the lock and as such the installed products cannot be determined. Wait for the lock to be released for up to 30 seconds. + On any error durring product list generation return a list to avoid a traceback by trying to iterate over None ++++ kernel-default: - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - commit 9437971 - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - commit 47a4219 - netfilter: x_tables: Use correct memory barriers (bsc#1184208 CVE-2021-29650). - commit a2dbe0f - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (FATE#325581 git-fixes). - commit d1f996e - arm: dts: add imx7d pcf2127 fix to blacklist - commit d57b89d ++++ libjpeg-turbo: - version update to 2.1.0 lot of changes, see * https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.90 * https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.1.0 ++++ systemd: - Upgrade to v248 (commit 5d3d934a5c2f4593207497db94e6f313348e89e7) See https://github.com/openSUSE/systemd/blob/SUSE/v248/NEWS for details. This includes the following bug fixes: - upstream commit 4327574fc1093513badc2177f71cede2fc88c13c (bsc#1166028) - upstream commit 3573e032f26724949e86626eace058d006b8bf70 (bsc#1186411) - upstream commit 30927a24848c4d727f7619cc74b878f098cdd724 (bsc#1200170) - A couple runtime dependencies on libraries are now tracked manually (with Recommends:) due to the fact that some symbols of these libs are dynamically loaded with dlopen() (heck!) - oomd is left disablde for now - pam configuration file 'systemd-user' is now shipped in /usr/etc/pam.d - Rebased 0001-conf-parser-introduce-early-drop-ins.patch 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch - Dropped 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch as it is SLE specific. - Clean systemd-experimental up: - Enclose "%package/%descriptoin experimental" within a "%if %experimental/%endif" block condition - List the build requirements in the sub-package instead of listing them in the main package. - Enable support for fido2, pwquality and qrencode in the home stuff - Improve the package description ++++ zchunk: - Update to version 1.1.9 * Handle zstd 1.4.7+ * Update documentation * unzck: require a *.zck extension * General bug fixes - Dropped upstream merged d2eae512bee09a4047cfe586de12f644d73b0736.patch - Add fix-test-argp.patch: Fix argp detection ++++ runc: - Backport patch to fix build on SLE-12 ppc64le. + 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch ++++ selinux-policy: - Added Recommends for selinux-autorelabel (bsc#1181837) - Prevent libreoffice fonts from changing types on every relabel (bsc#1185265). Added fix_libraries.patch ++++ strace: - Update to strace 5.12 * Improvements * Implemented --secontext[=full] option to display SELinux contexts. * Implemented decoding of mount_setattr syscall introduced in Linux 5.12. * Updated decoding of IFLA_BRPORT_* netlink attributes to match Linux 5.12. * Updated lists of DEVCONF_*, IORING_*, KVM_*, MPOL_*, MTD_*, NFT_MSG_*, RESOLVE_*, RTM_*, ST_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 5.12. - strace-readelf-debug-dump-info-wide-output-changes-in-2.36.patch: removed ++++ sysconfig: - spec: Drop hard dependency on /sbin/ifup (jsc#SMO-84) - spec: Suggest instead of recommend wicked-service - spec: Mention that the .spec file is in git as well ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#501 - trigger automatic nvme discovery (bsc#1184908) - 16.56.8 ++++ yast2-trans: - Update to version 84.87.20210425.616915ed60: * Translated using Weblate (Portuguese) * Translated using Weblate (Hindi) * Translated using Weblate (Portuguese) * Translated using Weblate (Hindi) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Added translation using Weblate (Portuguese) * Added translation using Weblate (Portuguese) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'packager'. * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * New POT for text domain 'ldap'. * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * New POT for text domain 'bootloader'. * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'base'. * Translated using Weblate (Portuguese) ------------------------------------------------------------------ ------------------ 2021-4-25 - Apr 25 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - update to 7.76.1: - ngtcp2: Use ALPN h3-29 for now - TODO: remove 18.22 --fail-with-body ++++ kernel-default: - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - commit 06bc03e - rpm/kernel-binary.spec.in: Require new enough pahole. pahole 1.21 is required for building Linux 5.13 BTF - commit 7e12792 - Drop i915 patches that caused a regression on IVB (bsc#1184943) Deleted: patches.suse/drm-i915-gt-Clear-CACHE_MODE-prior-to-clearing-resid.patch patches.suse/drm-i915-gt-Flush-before-changing-register-state.patch patches.suse/drm-i915-gt-One-more-flush-for-Baytrail-clear-residu.patch - commit 0a944a4 ------------------------------------------------------------------ ------------------ 2021-4-24 - Apr 24 2021 ------------------- ------------------------------------------------------------------ ++++ lcms2: - update to 2.12: * Added build system for fast-float plugin (see plugin documentation) * Added new build-in sigmoidal tone curve * Added XCode 12 project * Added support for multichannel input up to 15 channels * Fix LUT8 write matrix * Fix version mess on 10/11 * Fix tools & samples xgetopt * Fix warnings on different function pointers * Fix matlab MEX compilation * plugin: cleanup and better SSE detection * plugin: add lab to any on float * plugin: it can now be compiled as C++ * recover PDF documentation, but try to keep it under a resonable size. * Prevent a rare but possible out-of-bounds read in postscript generator * Fix some compiler warnings * Add named color profile building sample to testbed ------------------------------------------------------------------ ------------------ 2021-4-23 - Apr 23 2021 ------------------- ------------------------------------------------------------------ ++++ cifs-utils: - cifs.upcall: fix regression in kerberos mount; (bsc#1184815). * add 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch ++++ container-selinux: - Fix container runtime binary labels (bsc#1185030). You need to relable at least /usr/sbin if you're affected ++++ lvm2-device-mapper: - Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190) + bug-1185190_01-pvscan-support-disabled-event_activation.patch + bug-1185190_02-config-improve-description-for-event_activation.patch ++++ librsvg: - Update to version 2.46.5 on SLE and Leap: + Update dependent crates that had security vulnerabilities: generic-array to 0.12.4 - RUSTSEC-2020-0146 smallvec to 0.6.14 - RUSTSEC-2021-0003 - CVE-2021-25900 + There are no changes to the library code. + Fix bash-isms in Makefile.am (Tin-Wei Lan). + Fix Visual Studio build (Chun-wei Fan). - bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate. ++++ grub2: - Fix obsolete syslog in systemd unit file and updating to use journal as StandardOutput (bsc#1185149) * grub2-once.service ++++ gtk3: - Update to version 3.24.29: + Input: - Look for a Compose file in the right place. - Revert some Compose sequence changes (mainly around dead acute and apostrophe). - Consume all key events during preedit, to avoid unexpected interactions. - Ignore more modifiers during preedit, to allow using 3rd and 5th level choosers. - Fix handling of cursor positions in non-ASCII preedit text. + GtkSpinButton: Interpret localized digits. + GtkScale: Fix sporadic criticals. + GtkScrolledWindow: - Cancel overshoot on size changes. - Avoid criticals with non-overlay scrollbars. + GtkFileChooser: Handle smb mounts better. + GtkListBox: Fix extending multi-selections. + Fix a possible crash in gtk_show_uri. + Wayland: Improve font settings fallback. + X11: - Avoid log spam on exit. - Don't beep on untrusted displays. + Updated translations. - Drop gtk3-prevent-g_file_get_basename-return-NULL.patch: fixed upstream. ++++ haproxy: - Update to version 2.3.10+git0.4764f0e4e: * [RELEASE] Released version 2.3.10 * BUG/MEDIUM: peers: re-work refcnt on table to protect against flush * BUG/MEDIUM: peers: re-work connection to new process during reload. * BUG/MINOR: peers: remove useless table check if initial resync is finished * BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data * BUG/MINOR: mworker: don't use oldpids[] anymore for reload * BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases * BUG/MEDIUM: config: fix cpu-map notation with both process and threads * BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames * BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers * BUG/MINOR: server: free srv.lb_nodes in free_server * BUG/MINOR: mux-h1: Release idle server H1 connection if data are received * BUG/MINOR: logs: Report the true number of retries if there was no connection * BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function * BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded * BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check * MINOR: connection: Make bc_http_major compatible with tcp-checks * BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections * MINOR: logs: Add support of checks as session origin to format lf strings * BUG/MINOR: checks: Set missing id to the dummy checks frontend * BUG/MEDIUM: threads: Ignore current thread to end its harmless period * DOC: ssl: Certificate hot update only works on fronted certificates * BUG/MEDIUM: sample: Fix adjusting size in field converter * MINOR: No longer rely on deprecated sample fetches for predefined ACLs * DOC: clarify that compression works for HTTP/2 * BUG/MINOR: tools: fix parsing "us" unit for timers * CONTRIB: halog: fix issue with array of type char * REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken * DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options * REGTESTS: ssl: "set ssl cert" and multi-certificates bundle * BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free * BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields * BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one * BUG/MINOR: ssl: Fix update of default certificate * BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS * BUG/MINOR: tcp: fix silent-drop workaround for IPv6 ++++ kernel-default: - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - commit 58c17cd - Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" (bsc#1185038) This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. Reverted upstream. - commit 73b3872 - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - commit 2c8041a - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - commit d2da394 - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - commit d046726 - net: ll_temac: Fix race condition causing TX hang (git-fixes). - commit a6721f5 - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - commit 4472105 - net: atlantic: fix potential error handling (git-fixes). - commit 972b18c - net: atlantic: fix use after free kasan warn (git-fixes). - commit e77e662 - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - commit cc72eca - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - commit 65142f9 - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - commit 96e1f9b - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - commit 4801107 - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - commit deb82c3 - Refresh patches.kabi/0001-kABI-Fix-kABI-after-EDR-backport.patch. - commit 79c9348 - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - commit cdccb34 ++++ less: - less 581: * Change ESC-u command to toggle, not disable, highlighting per man page * Add ESC-U command * Add ctrl-W search modifier for wrapping search * F command can be interrupted by ^X * Support OSC 8 hyperlinks when -R is in effect * g command with no number will ignore -j and put first line at top of screen * Multiple + or -p command line options are handled better * Add the --incsearch option * Add the --line-num-width option * Add the --status-col-width option * Add the --use-color and --color options * Display -w highlight even if highlighted line is empty * If search result is in a long line, scroll to ensure it is visible * Editing the same file under different names now creates only one entry in the file list. * Make visual bell more visible on some terminals * Ring end-of-file bell no more than once per second * Build can use either Python or Perl for Makefile.aut operations * Fix crash when using the @ search modifier. * Fix crash in the 's' command due to duplicate free - drop less-429-save_line_position.patch which was never accepted upstream due to solving one problem and creating others ++++ lvm2: - Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190) + bug-1185190_01-pvscan-support-disabled-event_activation.patch + bug-1185190_02-config-improve-description-for-event_activation.patch ++++ podman: - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} ++++ selinux-policy: - Transition unconfined users to ldconfig type (bsc#1183121). Extended fix_unconfineduser.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#499 - fix NVMf autoconnect udev rule (bsc#1184908) ------------------------------------------------------------------ ------------------ 2021-4-22 - Apr 22 2021 ------------------- ------------------------------------------------------------------ ++++ gtk3: - Update to version 3.24.28: + Input: Improve dead key handling. + CSS: Fix rendering of scaled text shadows. + Wayland: Fix matching of accelerators with multiple layouts. + X11: Trap errors from the COW. + Build: Make gtk3-update-icon-cache output reproducible. + Updated translations. ++++ kernel-default: - nvme-fabrics: reject I/O to offline device (bsc#1181161). - Refresh patches.suse/nvme-fabrics-fix-kato-initialization.patch. - Refresh patches.suse/nvme-fabrics-only-reserve-a-single-tag.patch. Context adjustment on the refreshed patches. - commit a68e30b - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - commit 91f11e3 - blk-settings: align max_sectors on "logical_block_size" boundary (bsc#1185195). - commit e302bd9 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). Previously essiv was part of dm-crypt but now it is separate. Include the module in kernel-obs-build when available. Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") - commit bd99014 - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - commit 546dd4c - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - commit 7b3a736 - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - commit 7205cf8 - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - commit f18ec94 - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - commit 43af4d2 - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - net/mlx5: Don't request more than supported EQs (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - ice: Increase control queue timeout (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - net/mlx5e: Don't match on Geneve options in case option masks are all zero (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - net/mlx4_en: update moderation when config reset (git-fixes). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - commit 1b80b7a - ch_ktls: do not send snd_una update to TCB in middle (jsc#SLE-15131). - ch_ktls: tcb close causes tls connection failure (jsc#SLE-15131). - ch_ktls: fix device connection close (jsc#SLE-15131). - ch_ktls: Fix kernel panic (jsc#SLE-15131). - net/mlx5e: Fix setting of RS FEC mode (jsc#SLE-15172). - ixgbe: fix unbalanced device enable/disable in suspend/resume (jsc#SLE-13706). - ethtool: pause: make sure we init driver stats (jsc#SLE-15075). - netfilter: flowtable: fix NAT IPv6 offload mangling (bsc#1176447). - commit a20dac1 - series.conf: cleanup - move into correct directory and series.conf section: patches.suse/kABI-cover-up-change-in-struct-kvm_arch.patch -> patches.kabi/ - commit 7ead145 - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - commit d771304 - patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch: (bsc#865869,bsc#1178418). Fix initialization of the the super block for a btrfs specific enhancement which we added. The btrfs specific enhancement augmented the super block to add support to ustat() and it is only used by btrfs. For that, the super block was extended with a new linked list which is only used only in btrfs. The initialization of the linked list however was done late, and if any allocation fails early on alloc_super() it meant that the WARNING check on free'ing it could fail, as the list may be read as not empty. This warning then is triggerable when stress testing allocations, and you run out of memory. It can happen regardless of the filesystem you use. The sget_fc() contention when stress testing with the unshare system call reported on bsc#1178418 which leads to a soft lockup is still being investigate, however this fixes the kernel warning reproduced when doing that stress testing. - commit 67dd047 ++++ krb5: - Use /run instead of /var/run for daemon PID files; (bsc#1185163); ++++ dtc: - explicitly pass -pie in CFLAGS, since the build system explicitly passes - fPIC, which breaks our gcc-PIE profile. This makes all packaged binaries PIE-executables (bsc#1184122). ++++ libzypp: - Add missing includes for GCC 11 (bsc#1181874) - Fix unsafe usage of static in media verifier. - Solver: Avoid segfault if no system is loaded (bsc#1183628) - MediaVerifier: Relax media set verification in case of a single not-volatile medium (bsc#1180851) - Do no cleanup in custom cache dirs (bsc#1182936) - ZConfig: let pubkeyCachePath follow repoCachePath. - version 17.25.9 (22) ++++ python-M2Crypto: - Add no-need-parameterized.patch ... we don't need run-time requirement of parameterized package (bsc#1185150). ++++ shim: - Enable the AArch64 signature check for SLE ++++ suse-module-tools: - Update to version 15.3.6: * dm-crypt requires essiv in SLE15 SP3 (boo#1183063 bsc#1184134 ltc#192244). ++++ yast2: - The location given to the Y2Issue::Issue constructor can be a string or a location object. ------------------------------------------------------------------ ------------------ 2021-4-21 - Apr 21 2021 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - LVM cannot be disabled on boot (bsc#1184687) + bug-1184687_Add-nolvm-for-kernel-cmdline.patch - Update patch for avoiding apply warning message + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch ++++ drbd-utils: - add pie-fix.patch: explicitly pass -pie linker flag when building drbdmon. The Makefile explicitly passes -fPIC, thereby breaking our gcc-PIE profile. In addition the Makefile also ignores CXXFLAGS and LDFLAGS passed via the environment. Therefore fix it with this patch. This makes drbdmon a PIE binary (bsc#1184122, bsc#1185132). ++++ gtk3: - Add gtk3-prevent-g_file_get_basename-return-NULL.patch: + Fix a possible crash in gtk_show_uri (boo#1185082, glgo#GNOME/gtk!3458). ++++ kernel-default: - r8169: don't advertise pause in jumbo mode (git-fixes). - iwlwifi: add support for Qu with AX201 device (git-fixes). - r8169: tweak max read request size for newer chips also in jumbo mtu mode (git-fixes). - commit 8bacd0f - virt_wifi: Return micros for BSS TSF values (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - commit 0abe8be - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - commit f478032 - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - commit 218a8c4 - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - commit 4164eea - rpm/check-for-config-changes: add AS_HAS_* to ignores arch/arm64/Kconfig defines a lot of these. So far our current compilers seem to support them all. But it can quickly change with SLE later. - commit a4d8194 ++++ Mesa: - update to 21.0.3 * fixes in haiku, core mesa, radeonsi, lavapipe, nir, radv, anv, freedreno and turnip, etniviv, iris, egl, lima, core gallium, spriv, v3d, meson ++++ gcc11: - Update to gcc-11 branch head (7a7fc01b9d20afb1a2b805d93cb), git31 * Includes GCC 11.1 RC2 - Add gcc11-no-offload.patch and gcc11-amdgcn-disable-hot-cold-partitioning.patch. - Enable gfortran for offload compilers. - BuildRequire procps from gcc11-testresults if we test go. - Force using llvm11 for amdgcn offloading since llvm12 doesn't yet work. Package expanded symlinks so concurrent installs do not pull in another llvm-mc. - Add gcc11-gdwarf-4-default.patch to default to DWARF4 generation in SLES15 and older. ++++ libhugetlbfs: - Hardening: Link as PIE (bsc#1184123). ++++ lvm2: - LVM cannot be disabled on boot (bsc#1184687) + bug-1184687_Add-nolvm-for-kernel-cmdline.patch - Update patch for avoiding apply warning message + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch ++++ python3-azuremetadata: - Version 5.1.4 (bsc#1184720, bsc#1172581) + Use versions endpoint to list the available versions + Add bypass proxy + Update way to check classic vms ++++ rpm: - set default package verification level to 'none' to be compatible to rpm-4.14.1 new patch: verifylevel_none.diff - make illegal obsoletes a warning new patch: badobsoletewarn.diff - backport header check security fixes from upstream [CVE-2021-3421] [CVE-2021-20271] [CVE-2021-20266] [bsc#1183543] [bsc#1183545] new patch: headerchk3.diff - fix potential access of freed mem in ndb's glue code [bnc#1179416] new patch: ndbglue.diff - permit secondary index open to fail for bdb_ro new patch: bdbro_missingidx.diff ++++ shim: - Update the SLE signatures ------------------------------------------------------------------ ------------------ 2021-4-20 - Apr 20 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.30.4: + Fix crash evaluating match setting properties (CVE-2021-20297). + Fix leak of local route added by NetworkManager for configured addresses. + Fix name of the device autoconnect D-Bus property. + Multiple bugfixes in the initrd generator. + Various minor bugfixes. ++++ avahi: - Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling HUP event in client_work (boo#1184521 CVE-2021-3468). https://github.com/lathiat/avahi/pull/330 ++++ kernel-default: - supported.conf: add tcpi and tcpm module to base system (bsc#1185010) - commit 3fac436 - usb: dwc3: core: don't do suspend for device mode if already suspended (git-fixes). - commit 82b18d4 - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - commit 072728a - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - commit 6a1e8b7 - usb: dwc3: gadget: Don't send unintended link state change (git-fixes). - commit acdee65 - kABI: cover up change in struct kvm_arch (bsc#1184969). - commit 3e9476f - usb: dwc3: of-simple: add a shutdown (git-fixes). - commit 15b84b1 - usb: dwc3: debug: Remove newline printout (git-fixes). - commit 5104cc5 - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - commit 49d7a00 - bpf: Tighten speculative pointer arithmetic mask (bsc#1184942 CVE-2021-29155). - bpf: Move sanitize_val_alu out of op switch (bsc#1184942 CVE-2021-29155). - bpf: Refactor and streamline bounds check into helper (bsc#1184942 CVE-2021-29155). - bpf: Improve verifier error messages for users (bsc#1184942 CVE-2021-29155). - bpf: Rework ptr_limit into alu_limit and add common error path (bsc#1184942 CVE-2021-29155). - bpf: Ensure off_reg has no mixed signed bounds for all types (bsc#1184942 CVE-2021-29155). - bpf: Move off_reg into sanitize_ptr_alu (bsc#1184942 CVE-2021-29155). - commit c02423d - bpf: Tighten speculative pointer arithmetic mask (bsc#1184942 CVE-2021-29155). - bpf: Move sanitize_val_alu out of op switch (bsc#1184942 CVE-2021-29155). - bpf: Refactor and streamline bounds check into helper (bsc#1184942 CVE-2021-29155). - bpf: Improve verifier error messages for users (bsc#1184942 CVE-2021-29155). - bpf: Rework ptr_limit into alu_limit and add common error path (bsc#1184942 CVE-2021-29155). - bpf: Ensure off_reg has no mixed signed bounds for all types (bsc#1184942 CVE-2021-29155). - bpf: Move off_reg into sanitize_ptr_alu (bsc#1184942 CVE-2021-29155). - commit bc2237a - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - commit 2704809 - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - commit bf4edb3 - bpf: Use correct permission flag for mixed signed bounds arithmetic (bsc#1184942 CVE-2021-29155). - commit 4c203f3 ++++ kexec-tools: - Hardening: Link as PIE (bsc#1185020). ++++ gcc11: - Update to gcc-11 branch head (27350b77a92062667427100afb4), git10 * Includes GCC 11.1 RC1 ++++ hivex: - bsc#1185013 - VUL-0: CVE-2021-3504: hivex: missing bounds check within hivex_open() 0001-lib-handle.c-Add-missing-bounds-check-for-block-exce.patch ++++ sg3_utils: - Update to version 1.46: * sg_rep_pip: new utility: report provisioning initialization pattern command * sg_turs: estimated time-to-ready [spc6r03] - add --delay=MS option * sg_requests: substantial cleanup * sg_vpd: add Format presets and Concurrent positioning ranges - add hot-pluggable field in standard Inquiry [spc6r05] - fix vendor struct opts_t alignment * sg_inq: add hot-pluggable field in standard Inquiry * sg_dd: --verify : separate category for miscompare errors - --verify : oflag=coe continue on miscompares, counts them - add cdl= operand for command duration limit indexes - add oflag=nocreat and conv=nocreat : OFILE must exist - add iflag=00, ff, random flags - setup conditional auto rule for getrandom() - add command timeout after comma in time= operand * sg_get_elem_status: add ralwd bit sbc4r20a * sg_write_x: add dld bits to write(32) [sbc4r19a] * sg_rep_zones: print invalid write pointer LBA as -1 rather than 16 "f"s * sg_opcodes: improve handling of RWCDLP field * sg_ses: use fan speed factor field for calculation [ses4r04] - add --all (-a) option, same action as --join * sg_compare_and_write: add examples section to its manpage * sg_modes: document '-s' option (same as '-6') * sg_sanitize + sg_format: when --verbose given once report probable success; without --verbose 'no news is good news' * sg_zone: add Remove element and modify zones command * sg_raw: increase maximum data-in and data-out buffer size from 64 KB to 1 MB - fix --cmdfile= handling - add --nvm option to send commands from the NVM command set - add --cmdset option to bypass cdb heuristic - add --scan= first_opcode,last_opcode * sg_pt_freebsd: allow device names without leading /dev/ thus fix for regression introduced in rev 731 (ver: 1.43) * sg_pt_solaris+sg_pt_osf1: fix problem with clear_scsi_pt_obj() which needs to remember is_nvme and dev_fd values * sg_lib: add ZBC (2020) feature set entries * sg_lib: restore elements and rebuild command added * sg_lib,sg_pt: add partial_clear_scsi_pt_obj(), get_scsi_pt_cdb_len() and get_scsi_pt_cdb_buf() - add do_nvm_pt() for the NVM (sub-)command set - tweak transport error handling in Linux * sg_lib: Linux NVMe SNTL: add read, write and verify; synchronize cache and write same translations - add dummy start stop unit and test unit ready commands - wire cache mpage's WCE to nvme 'volatile write cache' - fix crash in sg_f2hex_arr() when fname not found * sg_lib: reprint cdb with illegal request sense key - asc/ascq match asc-num.txt @t10 20200708 [spc6r02] * gcc-10: suppress warnings * autoconf: upgrade version 2.69 to 2.70 * remove space from end of source lines for git-svn * testing/sg_mrq_testing: new, for blocking mrq usage * testing/sgs_dd: add evfd flags and eventfd processing * testing: remove master-slave terminology for sgv4 * examples: add nvme_read_ctl.hex and nvme_write_ctl.hex - Earlier SUSE fixes included in 1.46: * 40-usb-blacklist.rules: use ID_SCSI_INQUIRY (bsc#840054, bsc#1131482) ++++ salt: - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Added: * improvements-on-ansiblegate-module-354.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#495 - add USB Type-C modules (bsc#1184867) - add even more USB Type-C modules (bsc#1185010) - 16.56.7 - merge gh#openSUSE/installation-images#494 - add udev rules for NVMf autoconnect in the installation system (bsc#1184908) - merge gh#openSUSE/installation-images#482 - enable multipathd in rescue system (bsc#1184686) - merge gh#openSUSE/installation-images#493 - re-enable SecureBoot on AARCH64 on SLE Micro enable building the SLE Micro flavor based on OBS macro - re-enable SecureBoot on AARCH64 on SLE Micro (bsc#1185018) - 16.56.6 - merge gh#openSUSE/installation-images#489 - allow loading of unsupported modules (bsc#1184413, bsc#1183140) - 16.56.5 ------------------------------------------------------------------ ------------------ 2021-4-19 - Apr 19 2021 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - Add metadata-based autoactivation property for VG and LV (bsc#1178680) + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch ++++ dnsmasq: - Update to 2.85: * Fix problem with DNS retries in 2.83/2.84. * Tweak sort order of tags in get-version. * Avoid treating a --dhcp-host which has an IPv6 address as eligible for use with DHCPv4 on the grounds that it has no address, and vice-versa. * Add --dynamic-host option: A and AAAA records which take their network part from the network of a local interface. Useful for routers with dynamically prefixes. * Teach --bogus-nxdomain and --ignore-address to take an IPv4 subnet. * CVE-2021-3448, bsc#1183709: Use random source ports where possible if source addresses/interfaces in use. * Change the method of allocation of random source ports for DNS. * Scale the size of the DNS random-port pool based on the value of the --dns-forward-max configuration. * Tweak TFTP code to check sender of all received packets, as specified in RFC 1350 para 4. ++++ findutils: - Use new Group Release Keyring ++++ grub2: - Fix build error on armv6/armv7 (bsc#1184712) * 0001-emu-fix-executable-stack-marking.patch ++++ kernel-default: - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - commit 7ac835e - ftrace/x86: Tell objtool to ignore nondeterministic ftrace stack layout (bsc#1177028). - commit e3b8b48 - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). - commit 9520307 - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - commit 878daaa - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - commit a403162 - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - commit e16e74a - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - commit b02b13d - usb: dwc3: Separate field holding multiple properties (git-fixes). - commit 1087836 - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - commit b4290b9 - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - commit a5796ab - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - commit 638e28a - usb: dwc3: Use devres to get clocks (git-fixes). - commit e717ac7 - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - commit 4735c17 - Refresh patches.suse/powerpc-pseries-extract-host-bridge-from-pci_bus-pri.patch. Update patch metadata. - commit 2060b77 - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - commit c89a30c - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - commit 93dc507 ++++ kernel-firmware: - Update to version 20210419 (git commit 940b7f42d45d): * cxgb4: Update firmware to revision 1.25.4.0 * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2438 * brcm: Link CM4's WiFi firmware with DMI machine name. * linux-firmware: Update firmware file for Intel Bluetooth AX201 * amdgpu: update navi14 smc firmware * amdgpu: update navi10 SMC firmware * QCA: Update Bluetooth firmware for QCA6174 * WHENCE: link to similar config file for rtl8821a support * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.14.A.6 * amdgpu: add arcturus firmware * rtl_bt: Add rtl8723bs_config-OBDA0623.bin symlink * brcm: Add nvram for the Chuwi Hi8 (CWI509) tablet * brcm: Add nvram for the Predia Basic tablet * qcom: sm8250: update remoteproc firmware * qcom: update a650 firmware files * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x59A_76A3 * amdgpu: update sienna cichlid firmware for 20.50 * amdgpu: update vega20 firmware for 20.50 * amdgpu: update picasso firmware for 20.50 * amdgpu: update navi14 firmware for 20.50 * amdgpu: update vega12 firmware for 20.50 * amdgpu: update navi12 firmware for 20.50 * amdgpu: update vega10 firmware for 20.50 * amdgpu: update renoir firmware for 20.50 * amdgpu: update navi10 firmware for 20.50 * amdgpu: update raven2 firmware for 20.50 * amdgpu: update raven firmware for 20.50 * amdgpu: add initial support for navy flounder - Update aliases ++++ libcontainers-common: - Force overlay as default storage driver if system is not btrfs (gh#containers/buildah#3153) - Update common to 0.36.0 0.36.0: no changelog found 0.35.4: pkg/seccomp: simplify and fix IsSupported pkg/seccomp: use sync.Once to speed up IsSupported capabilities: ALL returns the bounding set capabilities: memoize BoundingSet capabilities: add new method BoundingSet() Update pause image to 3.5 - Update podman to 3.1.1 3.1.1: [#]## Changes - Podman now recognizes `trace` as a valid argument to the `--log-level` command. Trace logging is now the most verbose level of logging available. - The `:z` and `:Z` options for volume mounts are now ignored when the container is privileged or is run with SELinux isolation disabled (`--security-opt label=disable`). This matches better matches Docker's behavior in this case. [#]## Bugfixes - Fixed a bug where pruning images with the `podman image prune` or `podman system prune` commands could cause Podman to panic. - Fixed a bug where the `podman save` command did not properly error when the `--compress` flag was used with incompatible format types. - Fixed a bug where the `--security-opt` and `--ulimit` options to the remote Podman client's `podman build` command were nonfunctional. - Fixed a bug where the `--log-rusage` option to the remote Podman client's `podman build` command was nonfunctional ([#9489](https://github.com/containers/podman/issues/9889)). - Fixed a bug where the `podman build` command could, in some circumstances, use the wrong OCI runtime ([#9459](https://github.com/containers/podman/issues/9459)). - Fixed a bug where the remote Podman client's `podman build` command could return 0 despite failing ([#10029](https://github.com/containers/podman/issues/10029)). - Fixed a bug where the `podman container runlabel` command did not properly expand the `IMAGE` and `NAME` variables in the label ([#9405](https://github.com/containers/podman/issues/9405)). - Fixed a bug where poststop OCI hooks would be executed twice on containers started with the `--rm` argument ([#9983](https://github.com/containers/podman/issues/9983)). - Fixed a bug where rootless Podman could fail to launch containers on cgroups v2 systems when the `cgroupfs` cgroup manager was in use. - Fixed a bug where the `podman stats` command could error when statistics tracked exceeded the maximum size of a 32-bit signed integer ([#9979](https://github.com/containers/podman/issues/9979)). - Fixed a bug where rootless Podman containers run with `--userns=keepid` (without a `--user` flag in addition) would grant exec sessions run in them too many capabilities ([#9919](https://github.com/containers/podman/issues/9919)). - Fixed a bug where the `--authfile` option to `podman build` did not validate that the path given existed ([#9572](https://github.com/containers/podman/issues/9572)). - Fixed a bug where the `--storage-opt` option to Podman was appending to, instead of overriding (as is documented), the default storage options. - Fixed a bug where the `podman system service` connection did not function properly when run in a socket-activated systemd unit file as a non-root user. - Fixed a bug where the `--network` option to the `podman play kube` command of the remote Podman client was being ignored ([#9698](https://github.com/containers/podman/issues/9698)). - Fixed a bug where the `--log-driver` option to the `podman play kube` command was nonfunctional ([#10015](https://github.com/containers/podman/issues/10015)). [#]## API - Fixed a bug where the Libpod Create endpoint for Manifests did not properly validate the image the manifest was being created with. - Fixed a bug where the Libpod DF endpoint could, in error cases, append an extra null to the JSON response, causing decode errors. - Fixed a bug where the Libpod and Compat Top endpoint for Containers would return process names that included extra whitespace. - Fixed a bug where the Compat Prune endpoint for Containers accepted too many types of filter. [#]## Misc - Updated Buildah to v1.20.1 - Updated the containers/storage library to v1.29.0 - Updated the containers/image library to v5.11.0 - Updated the containers/common library to v0.36.0 - Update storage to 1.29.0 1.29.0: ReloadConfigurationFile should Reset storage options rootless overlay: use user.* instead of trusted.* build(deps): bump github.com/Microsoft/hcsshim from 0.8.15 to 0.8.16 Support additional layer store overlay, rootless: use user.* instead of trusted.* archive, rootless: use user.* instead of trusted.* copy, rootless: skip copying trusted.* xattr Make sure rootless mounts support the userxattr flag Rework autons ID mapping generation. Set default to overlay from storage.conf build(deps): bump github.com/klauspost/compress from 1.11.12 to 1.11.13 - Update image to 5.11.0 * no changelog found ++++ libnettle: - Security fix: [bsc#1184401, CVE-2021-20305] * multiply function being called with out-of-range scalars * Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash(). - Add libnettle-CVE-2021-20305.patch ++++ lvm2: - Add metadata-based autoactivation property for VG and LV (bsc#1178680) + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch ++++ libtpms: - Update to version 0.8.2 * NOTE: Downgrade to 0.7.x or below is not possible. Due to fixes in the TPM 2 prime number generation code in rev155 it is not possible to downgrade from libtpms version 0.8.0 to some previous version. The seeds are now associated with an age so that older seeds use the old TPM 2 prime number generation code while newer seed use the newer code. * tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do not use (bsc#1184939 CVE-2021-3505) * tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX (bsc#1184939 CVE-2021-3505) * Update to TPM 2 code release 159 - X509 support is enabled + SM2 signing of ceritificates is NOT supported - Authenticated timers are disabled * Update to TPM 2 code relase 162 - ECC encryption / decryption is disabled * Fix support for elliptic curve due to missing unmarshalling code * Runtime filter supported elliptic curves supported by OpenSSL * Fix output buffer parameter and size for RSA decryption that could cause stack corruption under certain circumstances * Set the RSA PSS salt length to the digest length rather than max * Fixes to symmetric decryption related to input size check, defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and to always use a temporary malloc'ed buffer for decryption * Fixed the set of PCRs belonging to the TCB group. This affects the pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest swtpm for test cases to succeed there. ++++ makedumpfile: - Update patch metadata. ++++ podman: - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume "U" option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev ++++ qemu: - Include upstream patch designated as stable material and reviewed for applicability to include here mptsas-Remove-unused-MPTSASState-pending.patch - Clarify in support documents that cpu-add was removed in this release from both the human monitor protocol (HMP) and QMP interfaces ++++ ovmf: - Build ovmf-x86_64-smm against Ia32X64 to enable S3 support (bsc#1184938) - Update ovmf-add-exclude-shell-flag.patch to include Ia32X64 ++++ selinux-policy: - Update to version 20210419 - Refreshed: * fix_dbus.patch * fix_hadoop.patch * fix_init.patch * fix_unprivuser.patch ++++ supportutils: - Additions to version 3.1.15 + Checks package signatures in rpm.txt (bsc#1021918) + Optimize find (bsc#1184912) - Using zypper --xmlout (bsc#1181351) - Error fix for sysfs.txt (bsc#1089870) ++++ u-boot-rpiarm64: Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches added: 0014-fs-btrfs-fix-the-false-alert-of-dec.patch - boo#1183717 bsc#1184947 ++++ yast2-trans: - Update to version 84.87.20210418.dfe53bf215: * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'network'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) ------------------------------------------------------------------ ------------------ 2021-4-18 - Apr 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update kabi files. - update from April 2021 maintenance update (commit c41a65cc53c7) - commit 7bc7f17 ++++ mozilla-nss: - update to NSS 3.63.1 * no upstream release notes for 3.63.1 (yet) Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the “Staat der Nederlanden Root CA - G3” root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008’. * bmo#1694291 - Tracing fixes for ECH. - required for Firefox 88 ++++ mozilla-nspr: - update to version 4.30 * support longer thread names on macOS * fix a build failure on OpenBSD ------------------------------------------------------------------ ------------------ 2021-4-17 - Apr 17 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.30.2: + Increase the limit of open file descriptors in NetworkManager.service. + Fix hostname lookup via DNS when resolv.conf is managed by systemd-resolved. + Enable WPA3 for Wi-Fi connections with key_mgmt=WPA-PSK. + Fix crash with the IWD Wi-Fi backend. + Avoid logging warning when setting bond option "ad_actor_system=00:00:00:00:00:00". + Update SpecificObject D-Bus property of ActiveConnection after WiFi roaming. + Multiple bugfixes in the initrd generator. + Various minor bugfixes. - Drop NM-restore-MAC-on-release-only-when-cloned.patch: fixed upstream. ++++ glib2: - Update to version 2.68.1: + Fix a crash in `GKeyFile` when parsing a file which contains translations using a `GKeyFile` instance which has loaded another file previously. + Pin GIO DLL in memory on Windows. + Updated translations. ++++ kernel-default: - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/tegra: dc: Don't set PLL clock to 0Hz (git-fixes). - commit 90bbfcf ++++ Mesa: - Move osmesa build back to Mesa, which we can now do after choosing another dummy driver there. - Use LLVM-versioned libclc runtime dependency to ensure bitcode compatibility. We have that in Tumbleweed and soon Leap. - U_clover-Fix-build-with-llvm-12.patch * Fixes build with LLVM 12. - U_clover-Add-missing-include-for-llvm-12-build-fix.patch * Fixes a missing header in the previous patch. - Mesa-devel: no longer require libOSMesa-devel, since it's now built in Mesa-drivers; packages should require it directly now, preferrably via pkconfig(osmesa) ... - Switch dummy driver for mesa package from "auto" xorg driver (i965) to gallium swrast driver - update to 21.0.2 * many additions especially on the Radeon Vulkan (RADV) driver front where sparse memory support is in place, AMD Smart Access Memory / Resizable BAR optimizations, various RDNA 2 improvements, rapid packed math for ACO, and more. Elsewhere in Mesa 21.0 there are continued RadeonSI optimizations, many Intel ANV and Iris improvements, OpenGL 3.3 for Freedreno, DXGI Winsys was added and initial Direct3D 12 code for WSL, OpenGL 4.1 for Zink, and more. - moved osmesa build to Mesa-drivers since swrast driver has been removed from Mesa ++++ pango: - Update to version 1.48.4: + Include docs in the dist tarball. + Include gi-docgen in the dist tarball, too. + win32: Fix 'Cursive' fallback. + Fix placement of marks in vertical text. + Cache metrics for the current font. + Improve letterspacing with combining marks. ++++ python-gobject: - Update to version 3.40.1: + Fix tests with glib 2.68. + Fix a regression with marshalling partial() objects. ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#485 - build with kernel-default-optional on Leap (bsc#1184413) - 16.56.4 ++++ tk: - Update to version 8.6.11.1 (still presenting itself as 8.6.11) * Fixed issue in bindMouseWheel ------------------------------------------------------------------ ------------------ 2021-4-16 - Apr 16 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Drop long-since upstreamed patch, originally needed to fix i386 builds on SLES: - 0001-makefile-remove-emoji.patch ++++ python-kiwi: - Fix appx manifest for WSL containers This patch is two fold * This commit prevents KIWI from setting Identity Name attribute and DisplayName and PublisherDisplayName elements. Fixes #1780 * Fix WSL appx filemap relative paths not preserved During WSL appx image type creation step the file hierarchy under metadata_path is written to a temporary file for eventual use as argument to utility appx. The file hierarchy information is dropped resulting in all filemap entries appearing to be at the metadata_path root. The resulting image will side load and run but without icon and other resources. Stricter checks at Windows Store submission will fail due to mismatch between image manifest and contents. Fix by preserving relative path of filemap entries relative to metadata_path. Add log output showing both input absolute path and output relative path. This is related to jsc#SLE-12986 ++++ kernel-default: - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - commit eb68ae8 - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - commit 4ef9359 - PCI/AER: Use "aer" variable for capability offset (bsc#1174426). - Refresh patches.kabi/0001-kABI-Fix-kABI-after-EDR-backport.patch. - commit 2c4de88 - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - commit cf4418f - Refresh patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch. Add to sorted section. - commit 2fa18b2 - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - commit 40e0790 - gpio: sysfs: Obey valid_mask (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - commit 0ad8d52 - Delete patches.suse/sched-Fix-up-proc-sched_debug-to-print-only-runnable-tasks-again.patch (bsc#1184769). - commit cff61a2 ++++ libcap: - Add explicit dependency on libcap2 with version to libcap-progs (bsc#1184690) ++++ gcc11: - Bump to 49813aad3292f7f2bef69206274da78a9a7116ed. ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#483 - build with kernel-default-extra on Leap (bsc#1184413, bsc#1183140) - 16.56.3 ++++ yast2: - Add a mechanism to report issues to the user (related to bsc#1181295). - 4.4.1 ------------------------------------------------------------------ ------------------ 2021-4-15 - Apr 15 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Modified NetworkManager.conf: Use dhclient as the default dhcp client(bsc#1183202). ++++ docker: - Update to Docker 20.10.6-ce. See upstream changelog online at . bsc#1184768 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Backport upstream fix for btrfs quotas being removed by Docker regularly. bsc#1183855 bsc#1175081 + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++ kernel-default: - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - commit 1d99542 - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - commit 7c194e1 - iopoll: introduce read_poll_timeout macro (git-fixes). - commit 3398015 - dmaengine: idxd: fix wq cleanup of WQCFG registers (git-fixes). - dmaengine: idxd: clear MSIX permission entry on shutdown (git-fixes). - dmaengine: Fix a double free in dma_async_device_register (git-fixes). - dmaengine: idxd: fix wq size store permission state (git-fixes). - dmaengine: idxd: fix opcap sysfs attribute output (git-fixes). - dmaengine: idxd: fix delta_rec and crc size field for completion record (git-fixes). - dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback (git-fixes). - commit 5a7e9ed - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - commit 9608bf3 - Move upstreamed i915 fix into sorted section - commit c0cf502 - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Update in-core bitset after committing the metadata (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - Revert "bcache: Kill btree_io_wq" (git-fixes). - bsg: free the request before return error code (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm raid: fix discard limits for raid1 (git-fixes). - block: rsxx: select CONFIG_CRC32 (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - Revert "dm cache: fix arm link errors with inline" (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - commit b8efea4 ++++ libeconf: - Removed doxygen from build requires. ++++ gcc11: - Disable nvptx offloading on aarch64 since it doesn't work. ++++ graphene: - Update to version 1.10.6: + Hide GRAPHENE_SIMD_S from the introspection data. + Nudge ray axis when intersecting a box. - Changes from version 1.10.4: + Add ARM NEON support when building with Visual Studio. + Build fix on ARM64 Windows. + Drop deprecated "python3" Meson module. + Fix detection of non-intersecting boxes. + Only enable SSE2 on x86_64. + Use the compiler-appropriate alignment attributes. + Change introspection option to a yielding feature. - Change -Dintrospection=true meson parameter to - Dintrospection=enabled: follow upstream build system changes. - Wrap -Dsse2=true meson parameter into %ifarch x86_64: 32bit builds for example do not support sse2 (likely boo#1184678). ++++ sssd: - Create timestamp attribute in cache objects if missing; (bsc#1182637); Add 0038-CACHE-Create-timestamp-if-missing.patch ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#134 - install with --removable if efivars are not writable (bsc#1182749, bsc#1174111, bsc#1184160) - fix whitespace - 0.934 ++++ qemu: - 6.0.0 qemu is about to be released. Add comments to the in- package support documents (supported..txt) about the new deprecations as of that release as an early head's up for qemu users. These deprecations include these command-line options: - M option: kernel-irqchip=off - chardev tty - chardev paraport - enable-fips - writeconfig - spice password=string ++++ rpm: - update to rpm-4.14.3 [jsc#SLE-17817] * add support for enforcing signature policy and payload verification step to transactions * add :humansi and :hmaniec query formatters for human readable output * add query selectors –-whatobsoletes and –-whatconflicts * add support for sorting caret (‘^’) higher than base version - refreshed patches: * checksepwarn.diff * dbrointerruptable.diff * finddebuginfo.diff * ndb-backport.diff * pythondistdeps.diff * remove-brp-strips.diff * whatrequires-doc.diff - dropped patches: * debugedit-bnc1076819.diff * debugedit-riscv.patch * disttag-macro.diff * hardlinks.diff * reproducible-debuginfo.patch * rpm-4.14.1-initialize-verifyflags.diff * safesymlinks.diff * signbadregion.diff * verifynodup.diff ++++ supportutils: - Additions to version 3.1.15 + Added drbd-overview to drbd.txt + Added list-timers to systemd.txt (bsc#1169348) + Including nfs4 in search (bsc#1184829) - Minor: Fix a typo (executible -> executable) #99 - Changed minor wording to loaded module ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#479 - Fix grub branding for %{arm} - boo#1181571, jsc#SLE-17212 - 16.56.2 ------------------------------------------------------------------ ------------------ 2021-4-14 - Apr 14 2021 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Update to stable 2.42.6 + Yield gtk_doc option value in subprojects + Always initialise locale on thumbnailer startup + Add fallback subproject for libjpeg + Use type:array for the builtin_loaders option + Default to using builtin png and jpeg loaders ++++ kernel-default: - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - commit 54f493a - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - commit caa2253 - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - commit d511393 - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - commit c2f56d9 - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). Drop patches.suse/bfq-Fix-check-detecting-whether-waker-queue-should-b.patch as the upstream patch replaces is. - commit bfcf868 - patches.suse/bfq-Use-only-idle-IO-periods-for-think-time-calculat.patch: Update tags - commit ebb3c4a - patches.suse/bfq-Use-ttime-local-variable.patch: Update tags - commit 83db8f6 - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - commit 7f9cb02 - blacklist.conf: Blacklist 163f0ec1df33 - commit 742fb7c - isofs: release buffer head before return (bsc#1182613). - commit eeef088 - patches.suse/bfq-Avoid-false-bfq-queue-merging.patch: Refresh with upstream version - commit c0f05bc - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - commit d0e76e8 - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - commit 6b24b69 - ocfs2: fix a use after free on error (bsc#1184738). - commit bbc04e0 - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - commit 0099e39 - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - commit 4c56c6a - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - commit 3990053 - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - commit b98639e - ext4: fix potential htree index checksum corruption (bsc#1184728). - commit 21d8b4d - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - commit a9d64cb - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - commit 58512a7 - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - commit 7146c5e - Update patches.suse/fuse-fix-bad-inode.patch (bsc#1184211 CVE-2020-36322). Updated patch metadata to include CVE number. - commit 89cea51 - Update patches.suse/fuse-fix-bad-inode.patch (bsc#1184211 CVE-2020-36322). Updated patch metadata to include CVE number. - commit 6ecd48e - rpm/check-for-config-changes: remove stale comment It is stale since 8ab393bf905a committed in 2005 :). - commit c9f9f5a ++++ gcc11: - Bump to a87d3f964df31d4fbceb822c6d293e85c117d992. ++++ pcre2: - Remove regcomp, regexec etc. from libpcre2-posix. (Add pcre2-symbol-clash.patch) ++++ libxkbcommon: - Update to release 1.2.1 [boo#1184688] * Fix `xkb_x11_keymap_new_from_device()` failing when the keymap contains key types with missing level names, like the one used by the `numpad:mac` option in xkeyboard-config. (Regressed in 1.2.0.) ++++ openslp: - Implement automatic active discovery retries so that DAs do not get dropped if they are not reachable for some time [bnc#1166637] [bnc#1184008] new patch: openslp.unicastactivediscovery.diff ++++ perl-ExtUtils-MakeMaker: - updated to 7.62 see /usr/share/doc/packages/perl-ExtUtils-MakeMaker/Changes 7.62 Tue 13 Apr 18:58:24 BST 2021 No changes since v7.61_01 7.61_01 Sun 21 Mar 09:24:57 GMT 2021 Bug fixes: - Use shellwords in ExtUtils::Liblist::Kid::_unix_os2_ext ++++ python-rpm: - update to rpm-4.14.3 ++++ samba: - CVE-2021-20254 Buffer overrun in sids_to_unixids(); (bnc#14571); (bsc#1184677). ++++ yast2: - Updated manual page ("man yast2") (bsc#1184681) - 4.4.0 ------------------------------------------------------------------ ------------------ 2021-4-13 - Apr 13 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.50.4: + Update dependent crates that had security vulnerabilities: - generic-array to 0.13.3 - RUSTSEC-2020-0146 + Reduced stack usage + Add limit for too-large radiuses on the feMorphology filter + Properly ignore elements in an error state inside the "switch" element ++++ libguestfs: - Update to version 1.44.1 * lib/appliance-kcmdline.c: Read UUID directly from appliance. * daemon/xfs.c: Fix error message. * daemon: chroot: Fix long-standing possible deadlock. * daemon: Don't return bogus failure from readdir. * daemon/btrfs.c: Ignore mkfs.btrfs allocstart option. * python: Ignore code style error E128. * php: Fix the build. * builder: Don't redefine Val_none (OCaml 4.12). * daemon: lvm: Use lvcreate --yes to avoid interactive prompts. * Update common submodule. * lib/fuse.c: Use safe_malloc instead of malloc. * fuse/guestmount.c: Avoid leaking fp on error path. * diff: Don't try to call unlink(NULL) on certain error paths. * daemon/tar.c: Avoid bogus GCC analyzer warning. * daemon/command.c daemon/debug.c df/main.c: Ignore bogus GCC analyzer warnings * appliance: Add dhclient for Arch-like Manjaro distro. * fish/tilde.c: Suppress more bogus -fanalyser warnings. * lib/qemu.c: Suppress another bogus -fanalyser warning. * builder: templates: Add ubuntu-20.04. * builder: templates: Added rhel-7.9. * lib: Move CLEANUP_GL_RECURSIVE_LOCK_UNLOCK to libguestfs header. * appliance: Avoid having ${exec_prefix} in guestfs appliance path. * build: Avoid warnings about unknown pragmas. - add libguestfs.env.patch - Remove ocaml_native_compiler conditional build native target unconditionally ++++ gzip: - fix DFLTCC segfault [bsc#1177047] - added patches fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc + gzip-1.10-fix-DFLTCC-segfault.patch ++++ hwinfo: - merge gh#openSUSE/hwinfo#95 - don't rely on select() updating its timeout arg (bsc#1184339) - 21.73 ++++ irqbalance: - Add _service file pointing to github sources A _service - Update to version 1.8.0: * Add return value check of opendir in do_one_cpu * Hotplug may occur again during sleep, so wait until there is no hotplug ++++ kernel-default: - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - commit 981c2ae - blacklist.conf: 66c1b6d74cd7 x86: Move TS_COMPAT back to asm/thread_info.h - commit 3533f06 - update patch metadata - update upstream references and move out of sorted section: patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch - commit f170d23 - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - commit f37613f - Update patches.suse/fuse-fix-live-lock-in-fuse_iget.patch (bsc#1184211 CVE-2021-28950). Updated patch metadata to include CVE number. - commit 610fdaf - Update patches.suse/fuse-fix-live-lock-in-fuse_iget.patch (bsc#1184211 CVE-2021-28950). Updated patch metadata to include CVE number. - commit 3370c43 - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - commit 02ec945 - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - commit 6cf26f2 - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - commit 1626bf4 - ice: fix memory leak of aRFS after resuming from suspend (jsc#SLE-12878). - i40e: Fix sparse error: uninitialized symbol 'ring' (jsc#SLE-13701). - ethtool: fix incorrect datatype in set_eee ops (bsc#1176447). - net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb (bsc#1176447). - xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets (bsc#1176447). - ice: Use port number instead of PF ID for WoL (jsc#SLE-12878). - ice: fix memory allocation call (jsc#SLE-12878). - ice: Continue probe on link/PHY errors (jsc#SLE-12878). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - vxlan: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - commit e13f3cc - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - commit 069588f - bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (bsc#1177028). - bpf: Refcount task stack in bpf_get_task_stack (bsc#1177028). - bpf: Enforce that struct_ops programs be GPL-only (bsc#1177028). - libbpf: Fix bail out from 'ringbuf_process_ring()' on error (bsc#1177028). - commit 1bc90a6 - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - Refresh patches.suse/iommu-vt-d-fix-ineffective-devtlb-invalidation-for-subdevices. - commit 6ad821c - enetc: Fix reporting of h/w packet counters (git-fixes). - commit 2b6231d - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - commit 9f74d4a - atl1e: fix error return code in atl1e_probe() (git-fixes). - commit 9030b22 - atl1c: fix error return code in atl1c_probe() (git-fixes). - commit 138f514 - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - commit 9d0c126 - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - commit 50946be - net: b44: fix error return code in b44_init_one() (git-fixes). - commit 405f041 - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - commit 418a7e1 - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - commit bbd1c86 - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - commit 4792038 - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - commit d0452d2 ++++ libeconf: - Update to version 0.4.0+git20210413.fdb8025: * Installing man pages via meson. (#147) ++++ expat: - Do not BuildRequire cmake: expat is part of the distro bootstrap cycle and any additional dependency makes the ring larger. In this case here, cmake was even only used to own a directory. ++++ libgcrypt: - Upgrade to 1.9.2 in SLE-15-SP4 [jsc#SLE-17558, jsc#SLE-19413] - Remove patches: * CVE-2018-0495.patch * libgcrypt-CVE-2019-13627.patch * libgcrypt-AES-KW-fix-in-place-encryption.patch * libgcrypt-ECDSA_check_coordinates_range.patch * libgcrypt-check-re-open-dev_random-after-fork.patch ++++ harfbuzz: - Update to version 2.8.0: + Shape joining scripts other than Arabic/Syriac using the Universal Shaping Engine. Previously these were shaped using the generalized Arabic shaper. + Fix regression in shaping of U+0B55 ORIYA SIGN OVERLINE. + Update language tags. + Variations: reduce error: do not round each interpolated delta. + Documentation improvements. + Subsetter improvements: subsets most, if not all, lookup types now. + Fuzzer-found fixes and other improvements when memory failures happen. + Removed most atomic implementations now that we have C++11 atomic impl. + General codebase upkeep; using more C++11 features: constexpr constructors, etc. ++++ ceph: - _constraints: raise s390x disk constraint to 42G after seeing a build fail with "write error: No space left on device" ++++ salt: - Regression fix of salt-ssh on processing some targets - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Update target fix for salt-ssh to process targets list (bsc#1179831) - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Allow vendor change option with zypper - Added: * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * regression-fix-of-salt-ssh-on-processing-targets-353.patch * notify-beacon-for-debian-ubuntu-systems-347.patch * allow-vendor-change-option-with-zypper-313.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch ++++ qemu: - Include upstream patches designated as stable material and reviewed for applicability to include here. NOTE that the PIIX4 patch has migration implications: the change will also be applied to the SLE-15-SP2 qemu, and a live migration from that version to this SLE-15-SP3 qemu would require this patch to be applied for a successful migration if PIIX4 southbridge is used in the machine emulation (x86 i440fx) block-rbd-fix-memory-leak-in-qemu_rbd_co.patch block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch cpu-core-Fix-help-of-CPU-core-device-typ.patch hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch hw-block-fdc-Fix-fallback-property-on-sy.patch hw-isa-Kconfig-Add-missing-dependency-VI.patch hw-isa-piix4-Migrate-Reset-Control-Regis.patch hw-virtio-pci-Added-AER-capability.patch hw-virtio-pci-Added-counter-for-pcie-cap.patch s390x-css-report-errors-from-ccw_dstream.patch target-xtensa-fix-meson.build-rule-for-x.patch util-fix-use-after-free-in-module_load_o.patch virtio-pci-compat-page-aligned-ATS.patch ------------------------------------------------------------------ ------------------ 2021-4-12 - Apr 12 2021 ------------------- ------------------------------------------------------------------ ++++ cups: - When cupsd creates directories with specific owner group and permissions (usually owner is 'root' and group matches "configure --with-cups-group=lp") specify same owner group and permissions in the RPM spec file to ensure those directories are installed by RPM with the right settings because if those directories were installed by RPM with different settings then cupsd would use them as is and not adjust its specific owner group and permissions which could lead to privilege escalation from 'lp' user to 'root' via symlink attacks e.g. if owner is falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161) ++++ python-kiwi: - Recommend kiwi-systemdeps-containers This commit recommends kiwi-systemdeps-containers instead of a hard requirement in kiwi-systemdeps package for SLE builds. This is needed because the containers tool chain is spread in different SLE modules. ++++ kernel-default: - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). [jeyu: was doing a SLE15-SP3 branch sweep and found this commit wasn't in SLE15-SP3 yet for whatever reason, so I cherry-picked it. Probably due to some for-Update/for-GM mixups back in April.] Conflicts: series.conf - commit cc002cf - Documentation/ABI: sysfs-platform-ideapad-laptop: update device attribute paths (git-fixes). - commit 2559651 - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - commit d93adab - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - commit 158bfab - KVM: SVM: avoid infinite loop on NPF from bad address (CVE-2020-36310 bsc#1184512). - commit df4914b - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - commit 794be7b - blacklist.conf: dd926880da8d x86/apic/of: Fix CPU devicetree-node lookups - commit 92f0632 - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - commit 1be7dba - KVM: fix memory leak in kvm_io_bus_unregister_dev() (CVE-2020-36312 bsc#1184509). - commit 6a9d1a6 - Refresh patches.suse/x86-insn-make-inat-tables-c-suitable-for-pre-decompression-code. Bring gen-insn-attr-x86.awk files in sync over the tree to fix a build warning. - commit 2c08948 - ibmvfc: disable MQ channelization by default (bsc#1184570 ltc#192356). - commit 500b7bf - vfio-ccw: Wire in the request callback (bsc#1183225). - vfio-mdev: Wire in a request handler for mdev parent (bsc#1183225). - commit 1a8b567 - xen/events: fix setting irq affinity (bsc#1184583 XSA-332 CVE-2020-27673). - commit e88a4fe - bpf, x86: Validate computation of branch displacements for x86-32 (bsc#1184391 CVE-2021-29154). - bpf, x86: Validate computation of branch displacements for x86-64 (bsc#1184391 CVE-2021-29154). - libbpf: Fix INSTALL flag order (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - commit 3cfc764 - Update config files. (bsc#1181284) - commit 09b2083 ++++ libeconf: - Update to version 0.4.0+git20210412.1513a26: * Added econftool cat option (#146) * new API call: econf_readDirsHistory (showing ALL locations) * new API call: econf_getPath (absolute path of the configuration file) ++++ fuse3: - Update to release 3.10.3 * Fix returning d_ino and d_type from readdir(3) in non-plus mode ++++ osinfo-db: - Add support for SUSE Linux Enterprise Micro. See also patch in virt-manager to enable media detection. add-slem-support.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#477 - adjust NVME config initialisation (bsc#1183230) - 16.56.1 ++++ virt-manager: - Add support for detecting SUSE Linux Enterprise Micro. See also the osinfo-db package for the SLEM OS description file. virtinst-add-slem-detection-support.patch ++++ yast2: - Add a default value for file_path argument in ::new and ::load methods of CFA::LoginDefs class. ++++ yast2-trans: - Update to version 84.87.20210411.9a07deafea: * Translated using Weblate (French) * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * Translated using Weblate (Portuguese) * Translated using Weblate (Hindi) * New POT for text domain 'packager'. * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * New POT for text domain 'network'. * New POT for text domain 'users'. ------------------------------------------------------------------ ------------------ 2021-4-11 - Apr 11 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (git-fixes). - drm/vc4: crtc: Reduce PV fifo threshold on hvs4 (git-fixes). - ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m (git-fixes). - commit 06335ba - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm/adreno: a5xx_power: Don't apply A540 lm_setup to other GPUs (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - commit a1094b1 ------------------------------------------------------------------ ------------------ 2021-4-10 - Apr 10 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nfc: Avoid endless loops caused by repeated llcp_sock_connect() (CVE-2020-25673 bsc#1178181). - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672 bsc#1178181). - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671 bsc#1178181). - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670 bsc#1178181). - commit ee06cff ------------------------------------------------------------------ ------------------ 2021-4-9 - Apr 9 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add nm-dhcp-use-valid-lease-on-timeout.patch: Support valid lease file on dhcp timeout(glfd#NetworkManager/NetworkManager!811, bsc#1183202). - Drop nm-fix-dhcp-client-timeout.patch: Replace by the patch immediately above. - Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's timeout so that a recorded lease can be used when dhcp server is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202). - Modified NetworkManager.conf: Use dhclient as the default dhcp client(glfo#NetworkManager/NetworkManager!811, bsc#1183202). ++++ bcm43xx-firmware: - Introduce firmware file for Raspberry Pi 400's bluetooth. ++++ blog: - Update to version 2.21 * Merge pull request #4 from samueldr/fix/makefile Fixup Makefile for better build system support * Silent new gcc compiler - Fix package split done for shared library packaging guideline (bsc#1184479). ++++ libguestfs: - Require current ocaml-rpm-macros ++++ kernel-default: - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - commit f037781 - KVM: SVM: Periodically schedule when unregistering regions on destroy (bsc#1184511 CVE-2020-36311). - commit fad3809 - KVM: SVM: Periodically schedule when unregistering regions on destroy (bsc#1184511 CVE-2020-36311). - commit 4a629fb - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - commit bd64cb2 - IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS (jsc#SLE-13208). - RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session files (jsc#SLE-15176). - igb: avoid premature Rx buffer reuse (jsc#SLE-13536). - igb: avoid transmit queue timeout in xdp path (jsc#SLE-13536). - igb: use xdp_do_flush (jsc#SLE-13536). - igb: skb add metasize for xdp (jsc#SLE-13536). - igb: XDP extack message on error (jsc#SLE-13536). - igb: take VLAN double header into account (jsc#SLE-13536). - igb: XDP xmit back fix error code (jsc#SLE-13536). - commit 205ebec - ASoC: soc-core kABI workaround (git-fixes). - commit f4e005d - ASoC: soc-core: Prevent warning if no DMI table is present (git-fixes). - commit 862774d - ASoC: max98373: Changed amp shutdown register as volatile (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model (git-fixes). - commit d6d316d - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - commit cf1864e - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - commit c53d82c - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - commit 71addac - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - commit 18f65df - ftrace: Fix modify_ftrace_direct (bsc#1177028). - commit f202820 ++++ gcc11: - Remove gcc48-remove-mpfr-2.4.0-requirement.patch which does no longer apply. - Arrange for a C++ 11 capable host compiler to be available. - Do not require ISL for cross compiler builds on old distros. ++++ osinfo-db: - Update to database version 20210312 osinfo-db-20210312.tar.xz ++++ patterns-microos: - require kernel-firmware-all for compressed firmware ++++ podman: - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors ++++ raspberrypi-firmware: - Use smbios overlay to get minimal SMBIOS information through dmidecode (bsc#1183079) ++++ raspberrypi-firmware-config: - Use smbios overlay to get minimal SMBIOS information through dmidecode (bsc#1183079) ++++ raspberrypi-firmware-dt: - Add overlay for smbios information (bsc#1183079) * smbios-overlay.dts ++++ u-boot-rpiarm64: Fix SMBIOS table entries (bsc#1183079) Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches added: 0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch ------------------------------------------------------------------ ------------------ 2021-4-8 - Apr 8 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) * 0001-Workaround-volatile-efi-boot-variable.patch ++++ kdump: - kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to dracut command line (bsc#1182309). ++++ kernel-default: - fix patch metadata - fix Patch-mainline: patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch - commit 27776f2 - crypto: essiv - fix AEAD capitalization and preposition use in help text (bsc#1184134 ltc#192244). - commit ba310cd - cifs: do not send close in compound create+close requests (bsc#1181507). - commit d97055c - cifs: New optype for session operations (bsc#1181507). - commit d9ec8fd - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - commit 598fa94 - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - commit 1eadfe8 - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - commit bef40ec - cifs: return proper error code in statfs(2) (bsc#1181507). - commit c4b8c95 - cifs: change noisy error message to FYI (bsc#1181507). - commit 569c695 - cifs: print MIDs in decimal notation (bsc#1181507). - commit 59ea5c8 - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - commit 11a6a1c - drm/shmem-helpers: vunmap: Don't put pages for dma-buf (git-fixes). - commit 5f834c0 - powerpc: Fix missing declaration ofable_kernel_vsx() (git-fixes). - commit a1121de - crypto: essiv - create wrapper template for ESSIV generation (bsc#1184134 ltc#192244). Update config files. supported.conf: Add crypto/essiv - commit 07e8de6 - blacklist.conf: 862314bc94dd drm/msm/dpu: Allow specifying features and sblk in DSPP_BLK macro - commit 27ff597 - Refresh patches.suse/drm-amd-display-Revert-Fix-EDID-parsing-after-resume.patch. Add Alt-commit for duplicate - commit d887b41 - blacklist.conf: 8dc61152dfd2 mfd: iqs62x: Remove superfluous whitespace above fallthroughs - commit 5583204 - blacklist.conf: 4a517faa3403 amdgpu: fix clang build warning Also add duplicate 00190bc087e795290502dc51c5d32de85cb2c2b8 - commit 4525ce3 - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-core: add cancel tagset helpers (bsc#1183976). - commit 5f7f322 - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - commit a2a38c4 - Refresh patches.suse/drm-i915-Fix-ICL-MG-PHY-vswing-handling.patch. Add Alt-commit for duplicate - commit a41e20d - blacklist.conf: b89bc060b53e sh/intc: Restore devm_ioremap() alignment - commit da153ff - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amdkfd: dqm fence memory corruption (git-fixes). - rtw88: coex: 8821c: correct antenna switch function (git-fixes). - commit ba76fce - blacklist.conf: b3bf99daaee9 drm/i915/display: Defer initial modeset until after GGTT is initialised Actually blacklist it this time and not just the duplicate (see SUSE commit 2d3d7c9c5aca141e8660e8671e699509c329d847) - commit b907ace - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - commit 4299a85 - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - commit cb365ba - blacklist.conf: 04b38d012556 seccomp: Add missing return in non-void function - commit 0d7b046 - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - commit 5c288fb ++++ libeconf: - Update to version 0.4.0+git20210408.6d33e5e: * Man pages libeconf.3 and econftool.8. * Handling multiline strings. * Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... * Econftool, an command line interface for handling configuration files. * Generating HTML API documentation with doxygen. * Improving error handling and semantic file check. * Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. ++++ gcc11: - Bump to 123b3e03c911a43054c1f88f5d3110e1d084dd4e. ++++ ceph: - Update to 16.2.0-91-g24bd0c4acf: + rebase on top of upstream pacific SHA1 4cbaf866034715d053e6259dcd5bd8e4e1d1e1ed ++++ makedumpfile: - Fix guessing of va_bits (bsc#1183977) * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch ++++ shim: - Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid the error message during linux system boot (bsc#1184454) ------------------------------------------------------------------ ------------------ 2021-4-7 - Apr 7 2021 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Remove dependency on firewalld from firewall-macros (bsc#1183404) ++++ kernel-default: - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - commit c94e7f1 - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - commit 6cb1172 - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move "dbi" accesses to post common DWC initialization (git-fixes). - thermal/drivers/cpufreq_cooling: Update cpufreq_state only if state has changed (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: update the buffer layout for non-A050385 erratum scenarios (git-fixes). - PCI: designware-ep: Fix the Header Type check (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - commit 5b9762c - powerpc/uaccess: Avoid might_fault() when user access is enabled (bsc#1156395). - powerpc/uaccess: Simplify unsafe_put_user() implementation (bsc#1156395). - powerpc/uaccess: Perform barrier_nospec() in KUAP allowance helpers (bsc#1156395). - commit c1e0284 - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix bad inode (bsc#1184211). - commit 58bcd3b - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix bad inode (bsc#1184211). - commit 8283ce1 - powerpc/kuap: Restore AMR after replaying soft interrupts (bsc#1156395). - commit 3d73cad - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - commit d427ef6 - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - commit 7671d9d - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - commit aa380dd - blacklist.conf: Add c420644c0a8f powerpc: Use mm_context vas_windows counter to issue CP_ABORT - commit c75afe3 - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - commit 9c1ced3 - libbpf: Fix error path in bpf_object__elf_init() (bsc#1177028). - tools/resolve_btfids: Fix build error with older host toolchains (bsc#1177028). - bpf: Fix an unitialized value in bpf_iter (bsc#1177028). - commit b032d8d - Update kabi files. - update from April 2021 maintenance update submission (commit fe55a5cff456) - commit c1ea1f7 ++++ libdrm: - update to 2.4.105: * amdgpu: add function of INFO ioctl for querying video caps * amdgpu: sync up amdgpu_drm.h with latest from kernel * xf86drmMode: set FB_MODIFIERS flag when modifiers are supplied * xf86drmMode: introduce drmModeGetPropertyType * intel: Keep libdrm working without pread/pwrite ioctls * xf86drm: fix null pointer deref in drmGetBufInfo * intel: Add support for JSL * xf86drm: warn about GEM handle reference counting * xf86drmMode: add drmIsKMS * intel: add INTEL_ADLS_IDS to the pciids list * intel: sync i915_pciids.h with kernel * amdgpu: update marketing names * tests and build system fixes ++++ openssl-1_1: - Don't list disapproved cipher algorithms while in FIPS mode * openssl-1.1.1-fips_list_ciphers.patch * bsc#1161276 ++++ libsolv: - fix rare segfault in resolve_jobrules() that could happen if new rules are learnt - fix a couple of memory leaks in error cases - fix error handling in solv_xfopen_fd() - bump version to 0.7.19 ++++ sssd: - Move sssctl command from sssd to sssd-tools package; (bsc#1184289); ++++ systemd: - systemd.spec: clean some of the build deps up: - libpcre is redundant with libpcre2 (only required by the full build) and the mini variant needs none of them. Hence drop the ref to libpcre. - normally libidn2 is needed by some optional features in systemd-network (only). But it's implicitly pulled in by libgnutls (required by the main package). Let's make sure the related features won't be disabled inadvertently in the future by making the dep explicit. ++++ makedumpfile: - Support kernel 5.11: * makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch: make use of 'uts_namespace.name' offset in VMCOREINFO. ++++ patterns-microos: - require the libvirt-daemon-qemu package (bsc#1184435) - bump version to 5.1 ++++ shim: - Add remove_build_id.patch to prevent the build id being added to the binary. That can cause issues with the signature ++++ systemd-presets-common-SUSE: - Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155). ++++ wicked: - dhcp4: discover on reboot timeout after start-delay (bsc#1181812) [+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] - dhcp6: request nis options on sle15 by default (bsc#1181812) [+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] ------------------------------------------------------------------ ------------------ 2021-4-6 - Apr 6 2021 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.346: + Updated pci, usb and vendor ids. + Resolves boo#1182482 jsc#SLE-13791 bnc#1170160 ++++ kernel-default: - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - commit 3bace53 - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483 bsc#1184393). - commit 3abcfe1 - media: v4l: ioctl: Fix memory leak in video_usercopy (bsc#1184120 CVE-2021-30002). - commit 968da96 - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - commit 7bfde57 - i2c: tegra: Use threaded interrupt (bsc#1184386). - i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO (bsc#1184386). - i2c: tegra: Wait for config load atomically while in ISR (bsc#1184386). - i2c: tegra: Improve driver module description (bsc#1184386). - i2c: tegra: Clean up whitespaces, newlines and indentation (bsc#1184386). - i2c: tegra: Clean up and improve comments (bsc#1184386). - i2c: tegra: Clean up printk messages (bsc#1184386). - i2c: tegra: Clean up variable names (bsc#1184386). - i2c: tegra: Improve formatting of variables (bsc#1184386). - i2c: tegra: Check errors for both positive and negative values (bsc#1184386). - i2c: tegra: Factor out hardware initialization into separate function (bsc#1184386). - i2c: tegra: Factor out register polling into separate function (bsc#1184386). - i2c: tegra: Factor out packet header setup from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Factor out error recovery from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Rename wait/poll functions (bsc#1184386). - i2c: tegra: Remove "dma" variable from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Remove redundant check in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Remove likely/unlikely from the code (bsc#1184386). - i2c: tegra: Remove outdated barrier() (bsc#1184386). - i2c: tegra: Clean up variable types (bsc#1184386). - i2c: tegra: Reorder location of functions in the code (bsc#1184386). - i2c: tegra: Clean up probe function (bsc#1184386). - i2c: tegra: Move out all device-tree parsing into tegra_i2c_parse_dt() (bsc#1184386). - i2c: tegra: Use clk-bulk helpers (bsc#1184386). - i2c: tegra: Use platform_get_irq() (bsc#1184386). - i2c: tegra: Use devm_platform_get_and_ioremap_resource() (bsc#1184386). - i2c: tegra: Use reset_control_reset() (bsc#1184386). - i2c: tegra: Remove error message used for devm_request_irq() failure (bsc#1184386). - i2c: tegra: Runtime PM always available on Tegra (bsc#1184386). - i2c: tegra: Remove i2c_dev.clk_divisor_non_hs_mode member (bsc#1184386). - i2c: tegra: Initialize div-clk rate unconditionally (bsc#1184386). - i2c: tegra: Mask interrupt in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Handle potential error of tegra_i2c_flush_fifos() (bsc#1184386). - i2c: tegra: Add missing pm_runtime_put() (bsc#1184386). - i2c: tegra: Make tegra_i2c_flush_fifos() usable in atomic transfer (bsc#1184386). - commit a5dde2d - tee: optee: remove need_resched() before cond_resched() (git-fixes). - commit ef989ae - Drop patches.suse/nvme-re-read-ana-log-on-ns-changed-aen.patch This patch has been replaced by patches.suse/nvme-retrigger-ana-log-update-if-group-descriptor-isn-t.patch - commit b31f4a4 - fix patch metadata - fix Patch-mainline: patches.suse/completion-Drop-init_completion-define.patch - commit 33fba8d - net: enetc: allow hardware timestamping on TX queues with tc-etf enabled (git-fixes). - net: enetc: don't disable VLAN filtering in IFF_PROMISC mode (git-fixes). - tee: optee: replace might_sleep with cond_resched (git-fixes). - Revert "drivers: qcom: rpmh-rsc: Use rcuidle tracepoints for rpmh" (git-fixes). - coresight: remove broken __exit annotations (git-fixes). - gpiolib: Don't free if pin ranges are not defined (git-fixes). - commit 3b01237 - blacklist.conf: 717c4c833648 arm64: defconfig: drop unused BACKLIGHT_GENERIC option - commit 1db5def - blacklist.conf: acf689134a66 powerpc/configs: drop unused BACKLIGHT_GENERIC option - commit e22a83a - blacklist.conf: Remove duplicate blacklist entries - commit 94f95d4 - blacklist.conf: 0437141b4e22 ARM: configs: drop unused BACKLIGHT_GENERIC option - commit 59fb916 - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - commit 52ca26e - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - commit 8d0ef1a - drm/i915/selftests: Fix some error codes (git-fixes). - commit 21e8c0f - drm: rcar-du: Fix leak of CMM platform device reference (git-fixes). - commit 40608ab - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - commit c457d1d ++++ expat: - update to 2.3.0: * When calling XML_ParseBuffer without a prior successful call to XML_GetBuffer as a user, no longer trigger undefined behavior (by adding an integer to a NULL pointer) but rather return XML_STATUS_ERROR and set the error code to (new) code XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer) of Clang 11 (but not Clang 9). * xmlwf: Exit status 2 was used for both: - malformed input files (documented) and - invalid command-line arguments (undocumented). case of invalid command-line arguments now has its own exit status 4, resolving the ambiguity. * Other changes ++++ Mesa: - Enable radeon and nouveau drivers on riscv64 ++++ pam: - If "LOCAL" is configured in access.conf, and a login attempt from a remote host is made, pam_access tries to resolve "LOCAL" as a hostname and logs a failure. Checking explicitly for "LOCAL" and rejecting access in this case resolves this issue. [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] ++++ ovmf: - Add ovmf-disable-brotli.patch to remove brotli since there is no real user and it requires extra effort to maintain the brotli submodule tarball + Drop ovmf-bsc1183713-fix-gcc10-brotli-errors.patch and brotli-v1.0.7-17-g666c328-c.tar.xz ++++ u-boot-rpiarm64: - Add u-boot-zturnv5 flavour instead of u-boot-zturn. (bsc#1184733) I've failed to find anybody who has v4 zturn board. - mx53loco now uses u-boot-dtb.imx instead of u-boot.imx - Update to 2021.04 (bsc#1183116) - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches dropped: 0006-boo-1123170-Remove-ubifs-support-fr.patch 0007-boo-1144161-Remove-nand-mtd-spi-dfu.patch 0008-Kconfig-add-btrfs-to-distro-boot.patch 0009-configs-Re-sync-with-CONFIG_DISTRO_.patch 0010-configs-am335x_evm-disable-BTRFS.patch 0011-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch 0012-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch 0013-sunxi-Enable-SPI-support-on-Orange-.patch 0014-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch 0015-rpi-Add-identifier-for-the-new-RPi4.patch 0016-rpi-Add-identifier-for-the-new-CM4.patch 0017-pci-pcie-brcmstb-Fix-inbound-window.patch 0018-dm-Introduce-xxx_get_dma_range.patch 0019-dm-test-Add-test-case-for-dev_get_d.patch 0020-dm-Introduce-DMA-constraints-into-t.patch 0021-dm-test-Add-test-case-for-dev-dma_o.patch 0022-dm-Introduce-dev_phys_to_bus-dev_bu.patch 0023-dm-test-Add-test-case-for-dev_phys_.patch 0024-xhci-translate-virtual-addresses-in.patch 0025-mmc-Introduce-mmc_phys_to_bus-mmc_b.patch 0026-configs-rpi4-Enable-DM_DMA-across-a.patch 0027-video-arm-rpi-Add-brcm-bcm2711-hdmi.patch 0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0029-pci-brcmstb-Cleanup-controller-stat.patch 0030-fs-btrfs-Select-SHA256-in-Kconfig.patch 0031-efi_loader-Avoid-emitting-efi_var_b.patch 0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch 0033-configs-RPi2-Disable-EFI-Grub-worka.patch 0034-smbios-Fix-table-whit-no-string-is-.patch * Patches added: 0006-Kconfig-add-btrfs-to-distro-boot.patch 0007-configs-Re-sync-with-CONFIG_DISTRO_.patch 0008-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch 0009-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch 0010-sunxi-Enable-SPI-support-on-Orange-.patch 0011-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch 0012-smbios-Fix-table-when-no-string-is-.patch ++++ wpa_supplicant: - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348) ------------------------------------------------------------------ ------------------ 2021-4-5 - Apr 5 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - commit fa2b85d - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - stop_machine: mark helpers __always_inline (git-fixes). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - completion: Drop init_completion define (git-fixes). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - commit 3909dc1 - extcon: Fix error handling in extcon_dev_register (git-fixes). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - staging: rtl8192e: Change state information from u16 to u8 (git-fixes). - staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes). - usb: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - usb: musb: Fix suspend with devices connected for a64 (git-fixes). - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - commit 7e1215f ++++ yast2-trans: - Update to version 84.87.20210402.ed8ff6d0a2: * New POT for text domain 'users'. * New POT for text domain 'samba-client'. * New POT for text domain 'autoinst'. * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (French) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'firstboot'. * Translated using Weblate (Italian) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Fixed string interpolations ------------------------------------------------------------------ ------------------ 2021-4-4 - Apr 4 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - commit e22e432 - Refresh patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. - Refresh patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. Update metadata - commit 61adb77 - Refresh patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. - Refresh patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. - commit 0879685 ++++ virglrenderer: - Update package to 0.9.0 Highlights include: + multi-client support + supports newer glsl version + add ETC2 compressed formats + performance improvements + misc. bug fixes ++++ makedumpfile: - Update upstream project location (URL and Source). ------------------------------------------------------------------ ------------------ 2021-4-3 - Apr 3 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - commit 023c8a4 - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - commit 0d9d4e6 - ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead() (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - drm/tegra: dc: Restore coupling of display controllers (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8 (git-fixes). - ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks (git-fixes). - ALSA: hda: Re-add dropped snd_poewr_change_state() calls (git-fixes). - commit 7b7be94 - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - commit 064f8f4 - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - commit e6c8166 ++++ libxkbcommon: - Update to release 1.2.0 * `xkb_x11_keymap_new_from_device()` is much faster. It now performs only 2 roundtrips to the X server, instead of dozens (in first-time calls). * Case-sensitive `xkb_keysym_from_name()` is much faster. * Keysym names of the form `0x12AB` and `U12AB` are parsed more strictly. * Compose files now have a size limit (65535 internal nodes). * Compose table loading (`xkb_compose_table_new_from_locale()` and similar) is much faster. ------------------------------------------------------------------ ------------------ 2021-4-2 - Apr 2 2021 ------------------- ------------------------------------------------------------------ ++++ multipath-tools: - Disabled LTO for multipath-tools * The test for is_valid_path fails if LTO is enabled, just disabling it for %check is insufficient. ++++ libvirt: - spec: Remove use of %fdupes since it was only acting on files that should be excluded bsc#1184293 - Remove bogus comment from /etc/sysconfig/libvirtd bsc#1184253 ------------------------------------------------------------------ ------------------ 2021-4-1 - Apr 1 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: b3bf99daaee9 drm/i915/display: Defer initial modeset until after GGTT is initialised - commit 2d3d7c9 - drm/i915: Fix ICL MG PHY vswing handling (git-fixes). - commit cc5d549 - Update patches.suse/btrfs-fix-race-when-cloning-extent-buffer-during-rew.patch (bsc#1184193 CVE-2021-28964). - commit 2c0102a - drm/nouveau/kms/nv50-: Get rid of bogus nouveau_conn_mode_valid() (git-fixes). - commit 67c74c9 - drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (git-fixes). - commit b6ebc10 - Update references of patches.suse/edac-amd64-set-grain-per-dimm.patch - commit 881829d - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1184264). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1184264). - commit 4dd3d12 - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - commit 5d2df4e - pinctrl: rockchip: fix restore error in resume (git-fixes). - commit 55f3605 - fix patch metadata - fix Patch-mainline: patches.suse/mm-numa-fix-bad-pmd-by-atomically-check-for-pmd_trans_huge-when-marking-page-tables-prot_numa.patch - commit e108d2c - perf/x86/intel: Fix a crash caused by zero PEBS status (CVE-2021-28971 bsc#1184196). - commit fbc79f5 ++++ multipath-tools: - Update to version 0.8.6+9+suse.6c05a61: Update to upstream 0.8.6. * add eh_deadline option to avoid endless SCSI error handling * add wwid_recheck option to detect storage configuration changes * add library versioning for libmultipath, libmpathpersist etc. and to libmultipath plugins * move some global symbols to libmultipath (udev, logsink, etc) and provide default implementations for get_multipath_config() etc. This allows simplifiying libmpathpersist_example.c drastically. * fixes for shutdown issues and various race conditions on exit * improve cleanup on exit, fix memory leaks * add libmpathvalid library * fixes for SAS expanders (bsc#1178377, bsc#1178379, bsc#1177081) * Avoid access to root FS while queueing IO (bsc#1178049, bsc#1181234) * lots of bug fixes, additions to built-in hardware table, and CI improvements (bsc#1186212) * kpartx: free loop device after listing partitions (boo#1107187) Bug fixes on top of 0.8.5 mentioned below are also included in this upstream version. - Update to version 0.8.5+30+suse.633836e: * multipathd: give up "add missing path" after multiple failures (bsc#1183963) ++++ ceph: - Update to 16.2.0-31-g5922b2b9c1: + rebase on top of upstream v16.2.0 (first stable release in Pacific series) see https://ceph.io/releases/v16-2-0-pacific-released/ ++++ supermin: - Fix typo risc64 -> riscv64 ------------------------------------------------------------------ ------------------ 2021-3-31 - Mar 31 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.76.0 * Security fixes: - [bsc#1183933, CVE-2021-22876]: strip credentials from the auto-referer header field - [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to Curl_ssl_get/addsessionid() * Changes: - cookies: Support multiple -b parameters - curl: add --fail-with-body - doh: add options to disable ssl verification - http: add support to read and store the referrer header - sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl - vtls: initial implementation of rustls backend * Bugfixes: - CVE-2021-22876: strip credentials from the auto-referer header field - CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() - c-hyper: support automatic content-encoding - configure: only add OpenSSL paths if they are defined - configure: provide Largefile feature for curl-config - curl: set CURLOPT_NEW_FILE_PERMS if requested - doh: Fix sharing user's resolve list with DOH handles - doh: Inherit CURLOPT_STDERR from user's easy handle - dynbuf: bump the max HTTP request to 1MB - ftp: add 'list_only' to the transfer state struct - ftp: add 'prefer_ascii' to the transfer state struct - ftp: allow SIZE to fail when doing (resumed) upload - ftp: avoid SIZE when asking for a TYPE A file - ftp: fix memory leak in ftp_done - ftp: never set data->set.ftp_append outside setopt - gnutls: assume nettle crypto support - http2: don't set KEEP_SEND when there's no more data to be sent - http2: fail if connection terminated without END_STREAM - http: do not add a referrer header with empty value - http: strip default port from URL sent to proxy - http: use credentials from transfer, not connection - lib: remove 'conn->data' completely - multi: close the connection when h2=>h1 downgrading - multi: do once-per-transfer inits in before_perform in DID state - multi: rename the multi transfer states - multi: update pending list when removing handle - ngtcp2: adapt to the new recv_datagram callback - ngtcp2: clarify calculation precedence - ngtcp2: sync with recent API updates - openssl: adapt to v3's new const for a few API calls - openssl: ensure to check SSL_CTX_set_alpn_protos return values - openssl: remove get_ssl_version_txt in favor of SSL_get_version - parse_proxy: fix a memory leak in the OOM path - url: fix memory leak if OOM in the HSTS handling - url: fix possible use-after-free in default protocol - urldata: don't touch data->set.httpversion at run-time - urldata: merge "struct DynamicStatic" into "struct UrlState" - urldata: remove the 'rtspversion' field - urldata: remove the _ORIG suffix from string names - wolfssl: don't store a NULL sessionid ++++ ignition: - Update to version 2.9.0: * news: add notes for 2.9.0 * internal/providers: Run platform Init function before fetching config * internal/providers/aws: fix panic when an IMDSv2 token is present * internal/resource/http: re-order initial backoff ramping * internal/providers/util: drop dead code * ci: move Travis jobs to GitHub actions * *: fix errcheck warnings * internal/log: drop the error return to appease golanci-lint * internal/providers/packet: fix ineffassign warning * internal/exec/stages/files: fix the EntrySort test * internal: support IMDSv2 for AWS metadata service * config/*: require filesystems.format with wipeFilesystem or mountOptions * docs: make storage.filesystems.path field optional * aws: Log if we fail to determine the EC2 region * docs: move systemd.units.name uniqueness constraint to units * *: fix gosimple warnings * *: fix deadcode warnings * *: fix staticcheck warnings * config/*: fix nil deref on partitions with no number or label * config: add specs newer than 3.0 to TestConfigStructure * news: add notes for 2.8.1 * config/merge: support struct pointers * test: drop stale comment * tests: Remove unused checkOnStrings * news: add notes for 2.8.0 * config: deprecate MergeStruct() * config/merge: allow obtaining a transcript of merge operations * config/merge: access field name as fieldMeta.Name * config/merge: test primitive list items in slice case 1 * config/merge: fix typo * config/merge: fix comments and add a couple more * config/util: remove stray print when parsing invalid JSON * vendor: update vcontext * docs/development: update dep list for blackbox tests * tests/positive: Add tests for masking and unmasking units * units: add support for unmasking systemd units * release-checklist: minor updates to the release instructions * tests/positive/general: add test for merging multiple base configs * tests/positive/general: update base config reference * docs/development: update spec stabilization to avoid CI breakage * release-checklist: drop download_ignition.sh * providers/system: support .d directory for base config fragments * docs/migrating-configs: spell out Google Cloud Storage * release-checklist: update packaging section ++++ kernel-default: - xen-blkback: don't leak persistent grants from xen_blkbk_map() (bsc#1183646, CVE-2021-28688, XSA-371). - commit d927391 - xen-blkback: don't leak persistent grants from xen_blkbk_map() (bsc#1183646, CVE-2021-28688, XSA-371). - commit f0c74da - blacklist.conf: Add qspinlock commit revert. - commit fbfdb5d - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - commit 419a4b8 - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - commit ed1e8cf - Refresh patches.suse/netsec-restore-phy-power-state-after-controller-rese.patch. - commit ea9970d - blacklist.conf: breaks kABI - commit 7450a15 - drm/amdgpu: Add additional Sienna Cichlid PCI ID (git-fixes). - mac80211: Allow HE operation to be longer than expected (git-fixes). - drm/amdgpu: fb BO should be ttm_bo_type_device (git-fixes). - drm/amd/display: Revert dram_clock_change_latency for DCN2.1 (git-fixes). - commit f4fe93c - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - commit 1714c92 - blacklist.conf: cosmetic fix - commit 1478eb5 - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - commit 5533664 - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - drm/radeon: fix AGP dependency (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - commit dbf2451 - blacklist.conf: the fix is cosmetic - commit 5c3f4dc - bpf: Fix truncation handling for mod32 dst reg wrt zero (bsc#1184170 CVE-2021-3444). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - commit af158b0 - Update patches.suse/bpf-Fix-truncation-handling-for-mod32-dst-reg-wrt-ze.patch Update the tag for bsc#1184170 and CVE-2021-3444. - commit ad1dd40 - Update patch reference for a usbip fix (CVE-2021-29265 bsc#1184167) - commit 6988aeb - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264 bsc#1184168). - commit 9ae0342 - Update patch reference of a PCI fix (CVE-2021-28972 bsc#1184198) - commit dc7fd0e - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - commit c5a52b2 - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647 bsc#1184192). - commit f71857e - Update patch reference of a sound fix (CVE-2021-28952 bsc#1184197) - commit 5223811 - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - commit 6ae489b ++++ gpgme: - Fix t-json test in SP3: https://dev.gnupg.org/T4820 [bsc#1183801] * tests/json: Bravo key does not have secret key material * tests/json: Do not check for keygrip of pubkeys * core: Make sure the keygrip is available in WITH_SECRET mode - Add gpgme-test-json.patch ++++ ldb: - Update to ldb 2.3.0 ++++ procps: - Add upstream patch procps-3.3.17-bsc1181976.patch based on commit 3dd1661a to fix bsc#1181976 that is change descripton of psr, which is for 39th field of /proc/[pid]/stat ++++ talloc: - Update to 2.3.2 ++++ mdadm: - cluster-md/mdadm : avoid useless re-sync (bsc#1181341) 0114-super1-fix-Floating-point-exception.patch 0115-super1.c-avoid-useless-sync-when-bitmap-switches-fro.patch ++++ sed: - Build fix for the new glibc-2.31 (bsc#1183797, sed-tests-build-fix.patch). ++++ shim: - Update to 15.4 (bsc#1182057) + Rename the SBAT variable and fix the self-check of SBAT + sbat: add more dprint() + arm/aa64: Swizzle some sections to make old sbsign happier + arm/aa64 targets: put .rel* and .dyn* in .rodata - Drop upstreamed patch: + shim-bsc1182057-sbat-variable-enhancement.patch ++++ sysvinit: - (re)add also support for SLE-15-SP3 ------------------------------------------------------------------ ------------------ 2021-3-30 - Mar 30 2021 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.0.27: * bump to v2.0.27 * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary * bump to v2.0.27-dev ++++ gstreamer-plugins-base: - Update to version 1.18.4: + tag: id3v2: fix frame size check and potential invalid reads + audio: Fix gst_audio_buffer_truncate() meta handling for non-interleaved audio + audioresample: respect buffer layout when draining + audioaggregator: fix input_buffer ownership + decodebin3: change stream selection message owner, so that the app sends the stream-selection event to the right element + rtspconnection: correct data_size when tunneled mode + uridecodebin3: make caps property work + video-converter: Don't upsample invalid lines + videodecoder: Fix racy critical when pool negotiation occurs during flush + video: Convert gst_video_info_to_caps() to take self as const ptr + examples: added qt core dependency for qt overlay example ++++ haproxy: - Update to version 2.3.9+git1.afb63bc04: * BUILD: backend: fix build breakage in idle conn locking fix * [RELEASE] Released version 2.3.9 * BUG/MEDIUM: time: make sure to always initialize the global tick * BUG/MINOR: stats: Apply proper styles in HTML status page. * BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv * MEDIUM: backend: use a trylock to grab a connection on high FD counts as well * BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent ++++ kernel-default: - ionic: linearize tso skb with too many frags (bsc#1167773). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - commit 3e13df7 - ionic: linearize tso skb with too many frags (bsc#1167773). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - Revert "net: bonding: fix error return code of bond_neigh_init()" (bsc#1154353). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - commit dcb0376 - thunderbolt: Add support for Intel Tiger Lake-H (bsc#1184129). - commit a872918 - Replace ANA log reread patch Replace the fix with a simpler version. The upstream community has agreed on the simpler version after the ECN has been ratified. deleted: patches.suse/nvme-re-read-ana-log-on-ns-changed-aen.patch new file: patches.suse/nvme-retrigger-ana-log-update-if-group-descriptor-isn-t.patch - commit 391a31f - thunderbolt: Introduce tb_switch_is_tiger_lake() (bsc#1184129). - commit cb3c283 - ch_ktls: fix enum-conversion warning (jsc#SLE-15129). - net/mlx5e: Offload tuple rewrite for non-CT flows (jsc#SLE-15172). - net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP (jsc#SLE-15172). - net/mlx5: Add back multicast stats for uplink representor (jsc#SLE-15172). - netfilter: flowtable: Make sure GC works periodically in idle system (bsc#1176447). - netfilter: nftables: allow to update flowtable flags (bsc#1176447). - netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags (bsc#1176447). - nfp: flower: add ipv6 bit to pre_tunnel control message (bsc#1176447). - net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets (jsc#SLE-15172). - commit bcf4d7a - nvme-fc: fix racing controller reset and create association (bsc#1183048). - commit 69b4441 - Move patches.suse/nvme-fc-avoid-calling-_nvme_fc_abort_outstanding_ios-from-interrupt-context.patch Move the patch into the sorted section. - commit d6d55ac - series.conf: cleanup - update upstream reference and resort: patches.suse/scsi-lpfc-Change-wording-of-invalid-pci-reset-log-me.patch patches.suse/scsi-lpfc-Correct-function-header-comments-related-t.patch patches.suse/scsi-lpfc-Fix-ADISC-handling-that-never-frees-nodes.patch patches.suse/scsi-lpfc-Fix-FLOGI-failure-due-to-accessing-a-freed.patch patches.suse/scsi-lpfc-Fix-PLOGI-ACC-to-be-transmit-after-REG_LOG.patch patches.suse/scsi-lpfc-Fix-crash-caused-by-switch-reboot.patch patches.suse/scsi-lpfc-Fix-dropped-FLOGI-during-pt2pt-discovery-r.patch patches.suse/scsi-lpfc-Fix-incorrect-dbde-assignment-when-buildin.patch patches.suse/scsi-lpfc-Fix-lpfc_els_retry-possible-null-pointer-d.patch patches.suse/scsi-lpfc-Fix-nodeinfo-debugfs-output.patch patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch patches.suse/scsi-lpfc-Fix-pt2pt-connection-does-not-recover-afte.patch patches.suse/scsi-lpfc-Fix-pt2pt-state-transition-causing-rmmod-h.patch patches.suse/scsi-lpfc-Fix-reftag-generation-sizing-errors.patch patches.suse/scsi-lpfc-Fix-stale-node-accesses-on-stale-RRQ-reque.patch patches.suse/scsi-lpfc-Fix-status-returned-in-lpfc_els_retry-erro.patch patches.suse/scsi-lpfc-Fix-unnecessary-null-check-in-lpfc_release.patch patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_els_free_iocb.patch patches.suse/scsi-lpfc-Fix-vport-indices-in-lpfc_find_vport_by_vp.patch patches.suse/scsi-lpfc-Reduce-LOG_TRACE_EVENT-logging-for-vports.patch patches.suse/scsi-lpfc-Update-copyrights-for-12.8.0.7-and-12.8.0..patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.8.patch - commit 9b02aba - mm/mremap_pages: fix static key devmap_managed_key updates (bsc#1181787). - commit e836b25 - iwlwifi: Fix MODULE_FIRMWARE() ucode definitions for SLE15-SP3 (bsc#1183860). - commit 8e0bc83 - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf: Fix off-by-one for area size in creating mask to left (bsc#1183775 CVE-2020-27171). - bpf: Prohibit alu ops for pointer types not defining ptr_limit (bsc#1183686 CVE-2020-27170). - commit d95f56b ++++ libcontainers-common: - Update common to 0.35.3 0.35.3: * capabilities: add new method BoundingSet() * Bump github.com/containers/storage from 1.27.0 to 1.28.0 * Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 * Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1 * Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 * Remove `vendor` from dependabot config * Add dependabot config file to support vendoring * Bump github.com/onsi/gomega from 1.10.5 to 1.11.0 * Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1 * Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5 0.35.2: Vendor in containers/common and start using types subdir. shrink the vendoring size of containers/common/pkg/config Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4 - Update podman to 3.1.0 3.1.0: [#]## Features - A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release. - A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)). - The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)). - Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists. - The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container. - The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)). - The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options. - The Podman remote client's `podman push` command now supports the `--format` option. - The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options. - The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options. - The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)). - The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files. - The `podman generate kube` command can now generate `PersistentVolumeClaim` YAML for Podman named volumes ([#5788](https://github.com/containers/podman/issues/5788)). - The `podman generate kube` command can now generate YAML files containing multiple resources (pods or deployments) ([#9129](https://github.com/containers/podman/issues/9129)). [#]## Security - This release resolves CVE-2021-20291, a deadlock vulnerability in the storage library caused by pulling a specially-crafted container image. [#]## Changes - The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines. - The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID. - When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)). - The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls. - The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable. - Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)). - The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time. - The `podman generate systemd` command now generates `RequiresMountsFor` lines to ensure necessary storage directories are mounted before systemd starts Podman. - Podman will now emit a warning when `--tty` and `--interactive` are both passed, but `STDIN` is not a TTY. This will be made into an error in the next major Podman release some time next year. [#]## Bugfixes - Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)). - Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)). - Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)). - Fixed a bug where the `podman generate kube` command could not be used with containers that were not running. - Fixed a bug where the `podman generate systemd` command could duplicate some parameters to Podman in generated unit files ([#9776](https://github.com/containers/podman/issues/9776)). - Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers. - Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers. - Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend. - Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly. - Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)). - Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)). - Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)). - Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)). - Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)). - Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist. - Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers. - Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)). - Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)). - Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)). - Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances. - Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)). - Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)). - Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build. - Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)). - Fixed a bug where the `--pull-never` option to `podman build` was nonfunctional ([#9573](https://github.com/containers/podman/issues/9573)). - Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)). - Fixed a bug where the `--isolation` option to `podman build` in the remote Podman client was nonfunctional. - Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)). - Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)). - Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)). - Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)). - Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)). - Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman. - Fixed a bug where `podman commit` did not use the `TMPDIR` environment variable to place temporary files created during the commit ([#9825](https://github.com/containers/podman/issues/9825)). - Fixed a bug where remote Podman could error when attempting to resize short-lived containers ([#9831](https://github.com/containers/podman/issues/9831)). - Fixed a bug where Podman was unusable on kernels built without `CONFIG_USER_NS`. - Fixed a bug where the ownership of volumes created by `podman volume create` and then mounted into a container could be incorrect ([#9608](https://github.com/containers/podman/issues/9608)). - Fixed a bug where Podman volumes using a volume plugin could not pass certain options, and could not be used as non-root users. - Fixed a bug where the `--tz` option to `podman create` and `podman run` did not properly validate its input. [#]## API - Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value. - A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)). - Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now. - Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response. - Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response. - Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter). - Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body. - Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)). - Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options. - The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)). - Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)). - The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)). - Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)). - Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)). - Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)). - Fixed a bug where the Libpod create endpoint for Containers has a misnamed field in its JSON. - Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553)) - Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)). - Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0. - Fixed a bug where the compat and libpod Resize endpoints for Containers did not set the correct terminal sizes (dimensions were reversed) ([#9756](https://github.com/containers/podman/issues/9756)). - Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)). - Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified. - Numerous bugs related to filters have been addressed. [#]## Misc - Updated Buildah to v1.20.0 - Updated the containers/storage library to v1.28.1 - Updated the containers/image library to v5.10.5 - Updated the containers/common library to v0.35.4 3.1.0-RC2: This is the second release candidate for Podman v3.1.0 Preliminary release notes are below. Please note that these are subject to change until the final release. [#]## Features - A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release. - A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)). - The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)). - Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists. - The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container. - The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)). - The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options. - The Podman remote client's `podman push` command now supports the `--format` option. - The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options. - The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options. - The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)). - The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files. [#]## Changes - The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines. - The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID. - When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)). - The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls. - The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable. - Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)). - The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time. [#]## Bugfixes - Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)). - Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)). - Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)). - Fixed a bug where the `podman generate kube` command could not be used with containers that were not running. - Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers. - Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers. - Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend. - Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly. - Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)). - Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)). - Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)). - Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)). - Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)). - Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist. - Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers. - Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)). - Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)). - Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)). - Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances. - Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)). - Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)). - Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build. - Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)). - Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)). - Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)). - Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)). - Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)). - Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)). - Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)). - Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman. [#]## API - Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value. - A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)). - Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now. - Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response. - Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response. - Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter). - Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body. - Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)). - Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options. - The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)). - Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)). - The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)). - Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)). - Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)). - Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)). - Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553)) - Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)). - Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0. - Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)). - Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified. [#]## Misc - Updated Buildah to v1.19.8 - Updated the containers/storage library to v1.28.0 - Updated the containers/image library to v5.10.5 - Updated the containers/common library to v0.35.3 3.1.0-RC1: This is the first release candidate for Podman v3.1.0. Release is expected later this week. - Update storage to 1.28.1 1.28.1: overlay.recreateSymlinks: handle missing "link" files, add a test TestLockfileWriteConcurrent: stay below 8192 goroutines Use an xz library instead of shelling out to xz for decompression overlay: check selinux label support 1.28.0: Add dependabot.yml configuration file Add more mount information to errors Inherit system storage driver in rootless configurations archive: make getFileOwner public archive: make getWhiteoutConverter public archive: whiteout creation with a handler build(deps): bump github.com/Microsoft/hcsshim from 0.8.14 to 0.8.15 build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1 build(deps): bump github.com/klauspost/compress from 1.11.7 to 1.11.12 build(deps): bump github.com/moby/sys/mountinfo from 0.4.0 to 0.4.1 build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 chown: ignore both pkg/system.EOPNOTSUPP and pkg/system.ErrNotSupportedPlatform containers-storage: add --volatile to container create copy: create a unix socket with os.ModeSocket drivers: make copyRegular public drivers: new function CopyRegularToFile fswriters: honor nosync option overlay: add detection for overlay support in a user namespace overlay: allow to reset mount_program overlay: factor function out overlay: fix path to incompat/volatile overlay: improve overlay error message overlay: public function to check for overlay support overlay: record if using mount_program overlay: rootless move error to debug message overlay: use direct mount instead of mountFrom support patches to prepare #775 tests: test mount/unmount volatile container types: check for native overlay support 1.27.0: Move storageOpts structures into types subdir to shrink bindings. (*store).Diff: add missing unlock in error case pkg/lockfile: fix a race and re-enable unit tests Add warning about possible storage corruption pkg/chrootarchive.TestChrootUntarWithHugeExcludesList: fix compile error pkg/archive.TestCopyWithTarSrcFile(): update for NoOverwriteDirNonDir drivers/devmapper: default the rootfs directory to 0555 TestRootlessRuntimeDir: iterate tests using testing.T.Run() Fix TestDefaultStoreOpts() getRootlessRuntimeDirIsolated(): don't use an empty tmpPerUserDir drivers/zfs: default the base layer to 0555 drivers/btrfs: default the base layer to 0555 drivers/aufs: inherit permissions on "/" from parent layers drivers/vfs: inherit permissions on "/" from parent layers graphtest: expect 0555 permissions pkg/archive.parseDirent(): adjust to avoid unsafe pointer conversion Add warning about possible storage corruption pkg/idtools.TestParseSubidFileWithNewlinesAndComments(): clean up pkg/mount.TestSubtreeUnbindable(): check for wrapped EINVAL pkg/directory: count inodes of directories Makefile local-test-unit: use -race if it's available pkg/mount: don't complain if the filesystem volunteers inode32/inode64 CI: run unit tests again pkg/lockfile: fix a race and an incorrect unit test 1.26.0: build(deps): bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0 homedir: add GetCacheHome Call recreateSymlinks when not found during Readlink build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1 We should ignore metacopy option on kernels that do not support it drivers: add support for volatile to overlay store: support volatile containers overlay: support native rootless mounts overlay: force metacopy=on for naivediff build(deps): bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc93 1.25.0: layers: support BigData Fix FreeBSD support Remove empty line as per feedback Improve project quota to support querying disk usage Use unix.Statfs instead of syscall.Statfs overlay: use XFS quota when possible drivers/quota: add GetDiskUsage endpoint - Update image to 5.10.5 v0.35.3: * capabilities: add new method BoundingSet() * Bump github.com/containers/storage from 1.27.0 to 1.28.0 * Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 * Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1 * Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 * Remove vendor from dependabot config * Add dependabot config file to support vendoring * Bump github.com/onsi/gomega from 1.10.5 to 1.11.0 * Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1 * Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5 v0.35.2: Vendor in containers/common and start using types subdir. shrink the vendoring size of containers/common/pkg/config Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4 ++++ Mesa: - update to 20.3.5 * fith bugfix release for the 20.3 branch * This is a quite large release with a huge number of fixes in it, and is the last planned release for the 20.3.x series. Radv and ACO dominate the changes for this release, but there are some other things mixed in there. ++++ systemd: - Import commit 14581e01203df7aa63c7c8383a12e6ebe258476f (merge of v246.13) 423b1e759c Revert "resolved: gracefully handle with packets with too large RR count" (bsc#1183745) 4723778738 meson.build: make xinitrcdir configurable (bsc#1183408) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/9753d1c17545a5d46530696cb14254f5f12024f1...14581e01203df7aa63c7c8383a12e6ebe258476f - Drop 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch as it's part of v246.13. - Make use of the new build option to ship xinitrc in /usr/etc/X11/xinit/xinitrc.d (bsc#1183408) ++++ qemu: - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103) * Patches dropped: hw-s390x-modularize-virtio-gpu-ccw.patch * Patches added: s390x-add-have_virtio_ccw.patch s390x-modularize-virtio-gpu-ccw.patch s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch ------------------------------------------------------------------ ------------------ 2021-3-29 - Mar 29 2021 ------------------- ------------------------------------------------------------------ ++++ glibc: - s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector support in memmove ifunc-selector (bsc#1184035, BZ #27511) ++++ kernel-default: - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - commit 1af614d - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - commit 036f522 - powerpc/64s/exception: Clean up a missed SRR specifier (jsc#SLE-9246 git-fixes). - powerpc: Fix inverted SET_FULL_REGS bitop (jsc#SLE-9246 git-fixes). - commit 7437426 - blacklist.conf: Add 5ae5fbd21079 powerpc/perf: Fix handling of privilege level checks in perf interrupt context - commit a7c4b4d - scsi: ibmvfc: Make ibmvfc_wait_for_ops() MQ aware (bsc#1184111 ltc#192232). - scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops() (bsc#1184111 ltc#192232). - commit ecee0a9 - arm64/crash_core: Export TCR_EL1.T1SZ in vmcoreinfo (bsc#1179863). - crash_core, vmcoreinfo: Append 'MAX_PHYSMEM_BITS' to vmcoreinfo (bsc#1179863). - commit 3277e15 - series.conf: cleanup - update upstream reference and resort: patches.suse/netsec-restore-phy-power-state-after-controller-rese.patch - commit a6a1fc0 ++++ libunistring: - version update to 0.9.10 [bsc#1183794] * The functions u8_casing_prefix_context, u8_casing_prefixes_context, u8_casing_suffix_context, u8_casing_suffixes_context, u16_casing_prefix_context, u16_casing_prefixes_context, u16_casing_suffix_context, u16_casing_suffixes_context, u32_casing_prefix_context, u32_casing_prefixes_context, u32_casing_suffix_context, u32_casing_suffixes_context, that are documented since version 0.9.1, are now actually implemented. * bump gnulib version ++++ podman: - Create docker subpackage to allow replacing docker with corresponding aliases to podman. ++++ samba: - Fix offline domain backup not possible using lmdb version >= 0.9.26; (bso#14676); - Require libldb >= 2.2.1; (bsc#1183572); (bsc#1183574); - Update to 4.13.6 * CVE-2020-27840: samba: Unauthenticated remote heap corruption via bad DNs; (bso#14595); (bsc#1183572). * CVE-2021-20277: samba: out of bounds read in ldb_handler_fold; (bso#14655); (bsc#1183574). - Update to 4.13.5 * s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure; (bso#14634); * s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection; (bso#13992); * smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services; (bso#14604); * dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones (bso#14593); * s3: Fix fcntl waf configure check; (bso#14503); * s3/auth: Implement "winbind:ignore domains"; (bso#14602); * smbd: Use fsp->conn->session_info for the initial delete-on-close token; (bso#14617); * s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path; (bso#14648); * classicupgrade: Treat old never expires value right; (bso#14624); * g_lock: Fix uninitalized variable reads; (bso#14636); * s3:pysmbd: Fix fd leak in py_smbd_create_file(); (bso#13898); * lib:util: Avoid free'ing our own pointer; (bso#14625); * HEIMDAL: krb5_storage_free(NULL) should work; (bso#12505); ++++ shim: - Add shim-bsc1182057-sbat-variable-enhancement.patch to change the SBAT variable name and enhance the handling of SBAT (bsc#1182057) ++++ toolbox: - Update to version 2.1+git20210329.d14ac82: * Fix localtime and mount sys, e.g., for tracing * Fix 'toolbox list' returning an error code even if working ++++ yast2: - Add a AbstractWidget#displayed? to determine whether a widget is in the UI (bsc#1184115). - 4.3.60 ++++ yast2-trans: - Update to version 84.87.20210327.c94c0a6cbe: * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * New POT for text domain 'control'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Finnish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2021-3-28 - Mar 28 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/msm: Fix suspend/resume on i.MX5 (git-fixes). - drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x (git-fixes). - commit 048049e - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - commit ab32250 - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - commit 54aa0c3 ------------------------------------------------------------------ ------------------ 2021-3-27 - Mar 27 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a *.service file ++++ gdk-pixbuf: - Disable building of docs: creates a cycle with python: + Drop python3-gi-docgen BuildRequires. + Pass gtk_doc=false to meson ++++ libapparmor: - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a *.service file ------------------------------------------------------------------ ------------------ 2021-3-26 - Mar 26 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1183934, CVE-2021-22890] * When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. - Add curl-CVE-2021-22890.patch ++++ kernel-default: - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - commit 7c2d106 - r8169: fix DMA being used after buffer free if WoL is enabled (git-fixes). - i915/perf: Start hrtimer only if sampling the OA buffer (git-fixes). - drm/amd/display: Correct algorithm for reversed gamma (git-fixes). - drm/amdgpu/display: use GFP_ATOMIC in dcn21_validate_bandwidth_fp() (git-fixes). - drm/amd/display: turn DPMS off on connector unplug (git-fixes). - commit 055deb9 - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). Explanation: this patch is meant to enable customers who encounter "lost IPI" issue to adjust the timeout to match their environment. The root cause is being investigated and we hope to drop it in the future. - commit 8e8af38 ++++ libassuan: - update to 2.5.5: * Fix a crash in the logging code * Upgrade autoconf ++++ libblockdev: - Add -Wno-deprecated-declarations to cflags: dealing with deprecations is upstreams business and should not hinder downstream packages from building. ++++ libgpg-error: - update to 1.42: * Improve cross-compiling support * Improve $libdir determination by gpgrt-config * Support --disable-thread by gen-lock-obj.sh * Interface changes relative to the 1.40 release GPG_ERR_SOURCE_TPM2D ++++ ceph: - Update to 16.1.0-1217-g8e1da7347e: + rpm: drop extraneous explicit sqlite-libs runtime dependency ++++ libsolv: - fixed regex code on win32 - fixed memory leak in choice rule generation - repo_add_conda: add flag to skip v2 packages - bump version to 0.7.18 ++++ ovmf: - Add ovmf-bsc1183713-fix-gcc10-brotli-errors.patch to fix the gcc10 error from brotli (bsc#1183713) ------------------------------------------------------------------ ------------------ 2021-3-25 - Mar 25 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add NM-restore-MAC-on-release-only-when-cloned.patch: bond: restore MAC on release only when there is a cloned MAC address (glfo#NetworkManager/NetworkManager!775, bsc#1183967). ++++ transactional-update: - Version 3.3.0 - Add support for more package managers by bind mounting their directories - Support snapshots without dedicated overlay [boo#1183539], [bsc#1183539] - Link RPM database correctly with older zypper versions [boo#1183521] - Don't discard manual changes in fstab [boo#1183856], [bsc#1192302] ++++ fcoe-utils: - Update to version 1.0.34 (fixing bsc#1182804), which replaces the source tarball, and removes these two patches, which are fixed upstream: * Handle-NIC-names-longer-than-7-characters.patch * fcoe-utils-fix-arm.patch Change summary: Chris Leech (6): 21 string-op truncation, format truncation, and format overflow errors use of uninitialized values detected during LTO Revert "Make gcc compiler happy about ifname string truncation." fix VLAN device name overflow check fix regressions caused by safe_makepath change in libopenfcoe.c minor fcoeadm output issues Guillaume Gardet (1): char can be unsigned on arm, so set signed explicitly as the check expects it can be negative Lee Duncan (6): Handle NIC names longer than 7 characters. Change debug->log message if daemon running Remove references to open-fcoe.org Fix two gcc-11 compiler warnings. Remove comment that doesn't match code. Preparing for version v1.0.34 Lily Nie (1): fix one bug introduced by commit b06c3df Nitin U. Yewale (1): Exit fcoemon command if fcoemon daemon is already running. ++++ haproxy: - Update to version 2.3.8+git0.e572195c7: * [RELEASE] Released version 2.3.8 * BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters * MINOR: tools: make url2ipv4 return the exact number of bytes parsed * BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless * BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available. * CLEANUP: fd: remove unused fd_set_running_excl() * BUG/MEDIUM: fd: do not wait on FD removal in fd_delete() * MINOR: fd: remove the unneeded running bit from fd_insert() * MINOR: fd: make fd_clr_running() return the remaining running mask * BUG/MEDIUM: lua: Always init the lua stack before referencing the context * BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback * MINOR: lua: Slightly improve function dumping the lua traceback * BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro * BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" * BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable * MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua * MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket * BUG/MINOR: protocol: add missing support of dgram unix socket. * BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable * MINOR: time: also provide a global, monotonic global_now_ms timer * BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback * BUG/MINOR: freq_ctr/threads: make use of the last updated global time * MINOR: time: export the global_now variable ++++ gpgme: - Can't assume non-existence of python38 macros in Leap. gh#openSUSE/python-rpm-macros#107 Test for suse_version instead. Only Tumbleweed has and needs the python_subpackage_only support. ++++ ceph: - pre_checkin.sh: add README-packaging.txt as a source file to ceph-test.spec (to pacify obs-service-source_validator) - Update to 16.1.0-1216-gbaca20b112: + spec: prepare openSUSE usrmerge (boo#1029961) - Update to 16.1.0-1215-gd99465b6ba + rebase on top of upstream commit 3eb70cf622aace689e45749e8a92fce033d3d55c (tip of "pacific" branch) * introduce libnpmem and libpmemobj dependencies to for RBD_RWL and RBD_SSD_CACHE features backed by system PMDK * introduce libcephsqlite - Add README-packaging.txt ------------------------------------------------------------------ ------------------ 2021-3-24 - Mar 24 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1183933, CVE-2021-22876] * The automatic referer leaks credentials - Add curl-CVE-2021-22876.patch ++++ kernel-default: - s390/vtime: fix increased steal time accounting (bsc#1183859). - commit 5026f60 - s390/vtime: fix increased steal time accounting (bsc#1183859). - commit c966973 - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - usb: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - commit fe3af72 - Revert "PM: runtime: Update device status before letting suppliers suspend" (git-fixes). - commit cc82105 ++++ ldb: - Release ldb 2.2.1 + CVE-2020-27840: samba: Unauthenticated remote heap corruption via bad DNs; (bso#14595); (bsc#1183572). + CVE-2021-20277: samba: out of bounds read in ldb_handler_fold; (bso#14655); (bsc#1183574). ++++ systemd: - Add 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch Temporary workaround for bsc#1183745 (upstream issue 18917) until an actual fix is found. ++++ makedumpfile: - Update to version 1.6.8: * Support newer kernels up to v5.9 * arm64: Add support for ARMv8.2-LPA (52-bit PA support) * Retrieve MAX_PHYSMEM_BITS from vmcoreinfo * sadump, kaslr: fix failure of calculating kaslr_offset * Introduce --check-params option * cope with not-present mem section - Drop upstreamed patches: * makedumpfile-Fix-cd_header-offset-overflow-with-large-pfn.patch * makedumpfile-arm64-Align-PMD_SECTION_MASK-with-PHYS_MASK.patch * makedumpfile-sadump-Fix-failure-of-reading.patch - Allow to read kernel log from the lockless ringbuffer (bsc#1183965): * makedumpfile-printk-add-support-for-lockless-ringbuffer.patch * makedumpfile-printk-use-committed-finalized-state-value.patch ++++ shim: - Update to 15.3 for SBAT support (bsc#1182057) + Drop gnu-efi from BuildRequires since upstream pull it into the tar ball. - Generate vender-specific SBAT metadata + Add dos2unix to BuildRequires since Makefile requires it for vendor SBAT - Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt - Refresh patches + shim-arch-independent-names.patch + shim-change-debug-file-path.patch + shim-bsc1177315-verify-eku-codesign.patch - Unified with shim-bsc1177315-fix-buffer-use-after-free.patch - Drop upstreamed fixes + shim-correct-license-in-headers.patch + shim-always-mirror-mok-variables.patch + shim-bsc1175509-more-tpm-fixes.patch + shim-bsc1173411-only-check-efi-var-on-sb.patch + shim-fix-verify-eku.patch + gcc9-fix-warnings.patch + shim-fix-gnu-efi-3.0.11.patch + shim-bsc1177404-fix-a-use-of-strlen.patch + shim-do-not-write-string-literals.patch + shim-VLogError-Avoid-Null-pointer-dereferences.patch + shim-bsc1092000-fallback-menu.patch + shim-bsc1175509-tpm2-fixes.patch + shim-bsc1174512-correct-license-in-headers.patch + shim-bsc1182776-fix-crash-at-exit.patch - Drop shim-opensuse-cert-prompt.patch + All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore. ------------------------------------------------------------------ ------------------ 2021-3-23 - Mar 23 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patch metadata. - Refresh patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch. - Refresh patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. - Refresh patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. - Refresh patches.suse/scsi-ibmvfc-Free-channel_setup_buf-during-device-tea.patch. - commit 815f258 - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1180197). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1180197). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1180197). - nvme: simplify error logic in nvme_validate_ns() (bsc#1180197). - commit fbf98de - series.conf: cleanup - move mainline patches into sorted section patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch patches.suse/nvme-allocate-the-keep-alive-request-using-BLK_MQ_RE.patch patches.suse/nvme-fabrics-only-reserve-a-single-tag.patch patches.suse/nvme-merge-nvme_keep_alive-into-nvme_keep_alive_work.patch patches.suse/scsi-ibmvfc-Free-channel_setup_buf-during-device-tea.patch patches.suse/scsi-lpfc-Change-wording-of-invalid-pci-reset-log-me.patch patches.suse/scsi-lpfc-Correct-function-header-comments-related-t.patch patches.suse/scsi-lpfc-Fix-ADISC-handling-that-never-frees-nodes.patch patches.suse/scsi-lpfc-Fix-FLOGI-failure-due-to-accessing-a-freed.patch patches.suse/scsi-lpfc-Fix-PLOGI-ACC-to-be-transmit-after-REG_LOG.patch patches.suse/scsi-lpfc-Fix-crash-caused-by-switch-reboot.patch patches.suse/scsi-lpfc-Fix-dropped-FLOGI-during-pt2pt-discovery-r.patch patches.suse/scsi-lpfc-Fix-incorrect-dbde-assignment-when-buildin.patch patches.suse/scsi-lpfc-Fix-lpfc_els_retry-possible-null-pointer-d.patch patches.suse/scsi-lpfc-Fix-nodeinfo-debugfs-output.patch patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch patches.suse/scsi-lpfc-Fix-pt2pt-connection-does-not-recover-afte.patch patches.suse/scsi-lpfc-Fix-pt2pt-state-transition-causing-rmmod-h.patch patches.suse/scsi-lpfc-Fix-reftag-generation-sizing-errors.patch patches.suse/scsi-lpfc-Fix-stale-node-accesses-on-stale-RRQ-reque.patch patches.suse/scsi-lpfc-Fix-status-returned-in-lpfc_els_retry-erro.patch patches.suse/scsi-lpfc-Fix-unnecessary-null-check-in-lpfc_release.patch patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_els_free_iocb.patch patches.suse/scsi-lpfc-Fix-vport-indices-in-lpfc_find_vport_by_vp.patch patches.suse/scsi-lpfc-Reduce-LOG_TRACE_EVENT-logging-for-vports.patch patches.suse/scsi-lpfc-Update-copyrights-for-12.8.0.7-and-12.8.0..patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.8.patch - commit c32363d - Drop patches.suse/nvme-return-an-error-if-nvme_set_queue_count-fails.patch Upstream fixed the problem differently than we have done in SLE15-SP2. Remove the SLE15-SP2 fix so that we can import then upstream fix for SLE15-SP3. - commit 15d6660 - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - commit cfb1933 - Refresh patches.suse/net-mlx5e-Fix-CQ-params-of-ICOSQ-and-async-ICOSQ.patch. Fixed backport (bsc#1183773) - commit 9959a4b ++++ libcontainers-common: - Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems ++++ openssl-1_1: - Fix NULL pointer deref in signature_algorithms * CVE-2021-3449 * bsc#1183852 * Add openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch ++++ systemd: - enable libiptc for masquerading support in networkd ++++ qemu: - Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282) hw-sd-sd-Actually-perform-the-erase-oper.patch hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch hw-sd-sdhci-Correctly-set-the-controller.patch hw-sd-sdhci-Don-t-transfer-any-data-when.patch hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch hw-sd-sdhci-Limit-block-size-only-when-S.patch hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch hw-sd-sd-Move-the-sd_block_-read-write-a.patch hw-sd-sd-Skip-write-protect-groups-check.patch - Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373) tools-virtiofsd-Replace-the-word-whiteli.patch viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch virtiofsd-extract-lo_do_open-from-lo_ope.patch virtiofsd-optionally-return-inode-pointe.patch virtiofsd-prevent-opening-of-special-fil.patch virtiofs-drop-remapped-security.capabili.patch virtiofsd-Save-error-code-early-at-the-f.patch - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) net-introduce-qemu_receive_packet.patch rtl8139-switch-to-use-qemu_receive_packe.patch - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) cadence_gem-switch-to-use-qemu_receive_p.patch dp8393x-switch-to-use-qemu_receive_packe.patch e1000-switch-to-use-qemu_receive_packet-.patch lan9118-switch-to-use-qemu_receive_packe.patch msf2-mac-switch-to-use-qemu_receive_pack.patch pcnet-switch-to-use-qemu_receive_packet-.patch sungem-switch-to-use-qemu_receive_packet.patch tx_pkt-switch-to-use-qemu_receive_packet.patch - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) memory-clamp-cached-translation-in-case-.patch - Include upstream patches designated as stable material and reviewed for applicability to include here hw-arm-virt-Disable-pl011-clock-migratio.patch xen-block-Fix-removal-of-backend-instanc.patch - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) ------------------------------------------------------------------ ------------------ 2021-3-22 - Mar 22 2021 ------------------- ------------------------------------------------------------------ ++++ gsettings-desktop-schemas: - Update to version 40.0: + Updated translations. ++++ kernel-default: - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - commit 658d714 - EDAC/amd64: Get rid of the ECC disabled long message (bsc#1183815). - commit 47c3bba - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch - Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch. - Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch. - Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch. - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch - Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch. - Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch. - Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch. - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - commit efd07e6 - EDAC/amd64: Check for memory before fully initializing an instance (bsc#1183815). - commit 6c70428 - EDAC/amd64: Use cached data when checking for ECC (bsc#1183815). - commit ef0c794 - squashfs: fix xattr id and id lookup sanity checks (bsc#1183850). - commit b1827ac - squashfs: fix inode lookup sanity checks (bsc#1183850). - commit 9b5c651 - series.conf: cleanup - move unsortable patches out of sorted section patches.suse/0001-squashfs-fix-inode-lookup-sanity-checks.patch patches.suse/0002-squashfs-fix-xattr-id-and-id-lookup-sanity-checks.patch - commit 1d6e2f2 - series.conf: cleanup - update upstream references and resort: patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch patches.suse/nvme-allocate-the-keep-alive-request-using-BLK_MQ_RE.patch patches.suse/nvme-fabrics-only-reserve-a-single-tag.patch patches.suse/nvme-merge-nvme_keep_alive-into-nvme_keep_alive_work.patch - commit 2e4b640 - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct (git-fixes). - thunderbolt: Initialize HopID IDAs in tb_switch_alloc() (git-fixes). - drm/i915/gvt: Set SNOOP for PAT3 on BXT/APL to workaround GPU BB hang (git-fixes). - commit 15bf327 - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - commit 5066b61 ++++ libcap: - update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure. ++++ systemd: - Default to the "unified" cgroup hierarchy. At this point, most users of cgroup (such as docker, libvirt, kubernetes) should be ready for this change. It's still possible to switch back to the old "hybrid" hierarchy by passing "systemd.unified_cgroup_hierarchy=0" option to the kernel command line. ++++ supportutils: - [powerpc] Collect dynamic_debug log files for ibmvNIC #98 (bsc#1183826) ++++ yast2-trans: - Update to version 84.87.20210321.8a6c5507f2: * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * New POT for text domain 'packager'. * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * New POT for text domain 'security'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2021-3-21 - Mar 21 2021 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Update to version 2.42.4: + Make enum type registration thread safe. + Do not install skipped test files. + Fix GIF initialization. + Always run GIF loader tests. + Fix leaks discovered via ASan. + Expose GdkPixbufLoader API via introspection. + Fix revert-to-previous first frame behaviour for GIF files. + Link to libintl if needed. + Improve support for using gdk-pixbuf as a subproject. + Fix build with GModule disabled. + Use gi-docgen to generate the API reference from introspection data. - Replace gtk-doc BuildRequires with python3-gi-docgen: follow upstreams port. - As a workaround to https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/177, delete the installed gi-docgen program files. ++++ libnettle: - GNU Nettle 3.7.2: * fix a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results (CVE-2021-20305, boo#1184401) * fix a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger ------------------------------------------------------------------ ------------------ 2021-3-20 - Mar 20 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.40.0: + No changes. ++++ gobject-introspection: - Update to version 1.68.0: + Update GLib annotations. + docs: cleanup. + Fix syntax errors in gir-1.2.rnc. ++++ glib-networking: - Update to version 2.68.0: + Fix double free in GnuTLS client certificate request code. ++++ kernel-default: - ALSA: usb-audio: Fix unintentional sign extension issue (git-fixes). - ASoC: rt711: add snd_soc_component remove callback (git-fixes). - ASoC: qcom: lpass-cpu: Fix lpass dai ids parse (git-fixes). - ASoC: codecs: wcd934x: add a sanity check in set channel map (git-fixes). - ASoC: qcom: sdm845: Fix array out of range on rx slim channels (git-fixes). - ASoC: qcom: sdm845: Fix array out of bounds access (git-fixes). - ASoC: SOF: intel: fix wrong poll bits in dsp power down (git-fixes). - ASoC: SOF: Intel: unregister DMIC device on probe error (git-fixes). - ASoC: rt1015: fix i2c communication error (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8 (git-fixes). - ALSA: dice: fix null pointer dereference when node is disconnected (git-fixes). - commit 3dfb189 - Fix tag of SCSI subsystem patches in sorted section Otherwise series_sort doesn't work - commit a1dd7fa - ASoC: rt5659: Update MCLK rate in set_sysclk() (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - commit f987c3c - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Don't enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - commit 61d6928 - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - commit 629faf0 - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - commit 01440d8 - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - commit fc72277 - net: make __dev_alloc_name consider all name nodes when looking for (bsc#1180103). - commit 3400412 ++++ sudo: - update to 1.9.6p1 * Fixed a regression introduced in sudo 1.9.6 that resulted in an error message instead of a usage message when sudo is run with no arguments. * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler. * Fixed a regression introduced in sudo 1.9.4 where the - -disable-root-mailer configure option had no effect. * Added a --disable-leaks configure option that avoids some memory leaks on exit that would otherwise occur. This is intended to be used with development tools that measure memory leaks. It is not safe to use in production at this time. * Plugged some memory leaks identified by oss-fuzz and ASAN. * Fixed the handling of sudoOptions for an LDAP sudoRole that contains multiple sudoCommands. Previously, some of the options would only be applied to the first sudoCommand. * Fixed a potential out of bounds read in the parsing of NOTBEFORE and NOTAFTER sudoers command options (and their LDAP equivalents). * The parser used for reading I/O log JSON files is now more resilient when processing invalid JSON. * Fixed typos that prevented "make uninstall" from working. * Fixed a regression introduced in sudo 1.9.4 where the last line in a sudoers file might not have a terminating NUL character added if no newline was present. * Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new - -enable-fuzzer configure option can be combined with the - -enable-sanitizer option to build sudo with fuzzing support. Multiple fuzz targets are available for fuzzing different parts of sudo. Fuzzers are built and tested via "make fuzz" or as part of "make check" (even when sudo is not built with fuzzing support). Fuzzing support currently requires the LLVM clang compiler (not gcc). * Fixed the --enable-static-sudoers configure option. * Fixed a potential out of bounds read sudo when is run by a user with more groups than the value of "max_groups" in sudo.conf. * Added an "admin_flag" sudoers option to make the use of the ~/.sudo_as_admin_successful file configurable on systems where sudo is build with the --enable-admin-flag configure option. This mostly affects Ubuntu and its derivatives. * The "max_groups" setting in sudo.conf is now limited to 1024. This setting is obsolete and should no longer be needed. * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir" sudoers command options. A path "~/foo" was expanded to "/home/userfoo" instead of "/home/user/foo". This also affects the runchroot and runcwd Defaults settings. * Fixed a bug on systems without a native getdelim(3) function where very long lines could cause parsing of the sudoers file to end prematurely. * Fixed a potential integer overflow when converting the timestamp_timeout and passwd_timeout sudoers settings to a timespec struct. * The default for the "group_source" setting in sudo.conf is now "dynamic" on macOS. Recent versions of macOS do not reliably return all of a user's non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. * Fixed a potential use-after-free in the PAM conversation function. * Fixed potential redefinition of sys/stat.h macros in sudo_compat.h. ------------------------------------------------------------------ ------------------ 2021-3-19 - Mar 19 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Set rust version to minimum required by upstream ++++ cups: - cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960) Fix web UI kerberos authentication ++++ gstreamer: - update to 1.18.4: important security fixes for ID3 tag reading, matroska and realmedia parsing, and gst-libav audio decoding Details: * audiomixer, audioaggregator: input buffer handling fixes * decodebin3: improve stream-selection message handling * uridecodebin3: make “caps” property work * wavenc: fix writing of INFO chunks in some cases * v4l2: bt601 colorimetry, allow encoder resolution changes, fix decoder frame rate negotiation * decklinkvideosink: fix auto format detection, and fixes for 29.97fps framerate output * mpeg-2 video handling fixes when seeking * avviddec: fix bufferpool negotiation and possible memory corruption when changing resolution * various stability, performance and reliability improvements * memory leak fixes * build fixes: rpicamsrc, qt overlay example, d3d11videosink on UWP * info: Don’t leak log function user_data if the debug system is compiled out * task: Use SetThreadDescription() Win32 API for setting thread names, which preserves thread names in dump files. * buffer, memory: Mark info in map functions as caller-allocates and pass allocation params as const pointers where possible * clock: define AUTO_CLEANUP_FREE_FUNC for GstClockID * tag: id3v2: fix frame size check and potential invalid reads * audio: Fix gst_audio_buffer_truncate() meta handling for non-interleaved audio * audioresample: respect buffer layout when draining * audioaggregator: fix input_buffer ownership * decodebin3: change stream selection message owner, so that the app sends the stream-selection event to the right element * rtspconnection: correct data_size when tunneled mode * uridecodebin3: make caps property work * video-converter: Don’t upsample invalid lines * videodecoder: Fix racy critical when pool negotiation occurs during flush * video: Convert gst_video_info_to_caps() to take self as const ptr * examples: added qt core dependency for qt overlay example * matroskademux: header parsing fixes * rpicamsrc: depend on posix threads and vchiq_arm to fix build on raspios again * wavenc: Fixed INFO chunk corruption, caused by odd sized data not being padded * wavpackdec: Add floating point format support to fix distortions in some cases * v4l2: recognize V4L2 bt601 colorimetry again * v4l2videoenc: support resolution change stream encode * v4l2h265codec: fix HEVC profile string issue * v4l2object: Need keep same transfer as input caps * v4l2videodec: Fix vp8 and vp9 streams can’t play on board with vendor bsp * v4l2videodec: fix src side frame rate negotiation * avwait: Don’t post messages with the mutex locked * d3d11h264dec: Reconfigure decoder object on DPB size change and keep track of actually configured DPB size * dashsink: fix double unref of sinkpad caps * decklinkvideosink: Use correct numerator for 29.97fps * decklinkvideosink: fix auto format detection * decklinksrc: Use a more accurate capture time * d3d11videosink: Fix build error on UWP * interlace: negotiation and buffer leak fixes * mpegvideoparse: do not clip, so decoder receives data from keyframe even if it’s before the segment start * mpegtsparse: Fix switched DTS/PTS when set-timestamps=false * nvh264sldec: Reopen decoder object if larger DPB size is required * sdpsrc: fix double free if sdp is provided as string via the property * vulkan: Fix elements long name. ++++ kernel-default: - Update patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch (bsc#1183746 jsc#SLE-7741). - commit e9dda35 - Add Alt-commit for duplicate Refresh patches.suse/1910-drm-amd-pm-setup-APU-dpm-clock-table-in-SMU-HW-initi.patch. - commit 58a6d9c - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - commit ffdf1ba - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - commit 77e1a65 - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - commit 86038a4 - netsec: restore phy power state after controller reset (bsc#1183756). - commit 45d0550 - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - commit 8006352 - squashfs: fix inode lookup sanity checks (bsc#1183750). - commit cd40a2e - PCI/LINK: Remove bandwidth notification (bsc#1183712). - commit 56c94c5 - netsec: restore phy power state after controller reset (bsc#1183757). - commit 05da5bc - blacklist.conf: Append 'drm/amdgpu: Add missing BOOTUP_DEFAULT to profile_name[]' - commit 82b8ebe - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes - commit 58990b2 - blacklist.conf: Append 'drm/msm: Fix race of GPU init vs timestamp power management.' - commit 5232b67 - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor - commit 7cd936b - blacklist.conf: Append 'drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask()' - commit 6048fb7 - drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel() - commit 5d50b21 - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) Backporting notes: * replaces patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch - commit b88077f - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes - commit 0c124bb ++++ util-linux: - ipcs: Avoid overflows (bsc#1178236, util-linux-ipcs-shmall-overflow-1.patch, util-linux-ipcs-shmall-overflow-2.patch). ++++ parted: - Direct file system manipulation support was removed in 2011. - Removed build dependencies on libreiserfs-devel and e2fsprogs-devel. ++++ snapper: - fixed creating root config (root prefix handling) (gh#openSUSE/snapper#627) ++++ sssd: - Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058); ++++ libtpms: - Update to version 0.7.7 * CryptSym: fix AES output IV (bsc#1183729, CVE-2021-3446) * tpm2: Fix public key context save due to ANY_OBJECT_Marshal usage * tpm2: Address some Coverity issues (false positives) * tpm1.2: Backported ASAN/UBSAN related fixes * tpm2: Return properly sized array for b parameter for NIST P521 (HLK) * tpm2: Addressed issues detected by UBSAN * tpm2: Addressed issues detected by cppcheck (false positives) ++++ libvirt-glib: - Update to version 4.0.0: + Replace autotools build system with meson. + Mandate libvirt >= 1.2.8. + Mandate libxml2 >= 2.9.1. + Mandate glib >= 2.48.0. + Mandate gobject-introspection >= 1.46.0. + Fix docs incompatibility with gtk-doc >= 1.30. + Misc API docs fixes. + Add constants related to NVRAM during domain delete. + Add domain config API for controller ports attribute. + Fix compat with newer glib by avoid volatile for enum types. + Updated translations. - Switch build system to meson: + Drop libtool BuildRequires: no longer needed. + Add meson BuildRequires. + Add gtk-doc BuildRequires: new dependency. + Replace configure/make/make_install macros with meson/meson_build/meson_install variants. ++++ python-gobject: - Update to version 3.40.0: + GTK 4 compatibility fixes. + Python 3.9 and 3.10 compatibility fixes. + New minimal dependency requirements. - Up glib2, gobject-introspection, and cairo required versions. ++++ util-linux-systemd: - ipcs: Avoid overflows (bsc#1178236, util-linux-ipcs-shmall-overflow-1.patch, util-linux-ipcs-shmall-overflow-2.patch). ------------------------------------------------------------------ ------------------ 2021-3-18 - Mar 18 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.39.91: + Fix a couple of memory leaks. + Remove const from AtspiDeviceListenerCB prototype. ++++ ca-certificates: - openssl is no longer required but coreutils and findutils are (boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this package might be the only one pulling it in. ++++ gobject-introspection: - Update to version 1.67.1: + Requires Python 3.6+. + Update GLib annotations. + Fix compatibility with Python 3.10. + Fix build with GIR data disabled. + Add test object for signal marshallers. ++++ glib2: - Update to version 2.68.0: + Bugs fixed: - build: Drop gconstructor_as_data_h usage from glib-compile-schemas. - glib.supp: Generalize some suppressions. - gbytesicon: Fix error in g_bytes_icon_new() documentation. - glocalfileoutputstream: Tidy up error handling. - tests: Fix copy/paste error in queue test. - Update to version 2.67.6: + Fix a security issue when using `g_file_replace()` with `G_FILE_CREATE_REPLACE_DESTINATION`. + Disallow operations on the empty path with `g_file_new_from_path()`. + Various fixes for GLib when building with clang-cl on Windows. + Updated translations. ++++ gsettings-desktop-schemas: - Update to version 40.rc: + Updated translations. ++++ kernel-default: - drm/amdgpu/swsmu: add interrupt work handler for smu11 parts (git-fixes). - commit f97424e - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - commit 8d20dc6 - drm/amdgpu/swsmu: add interrupt work function (git-fixes). - commit c8bf617 - Add Alt-commit for cherry pick Refresh patches.suse/1910-drm-amd-pm-setup-APU-dpm-clock-table-in-SMU-HW-initi.patch. - commit 680f414 - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - commit 418290b - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme-fabrics: only reserve a single tag (bsc#1182077). - commit c67a454 - Update patch reference of x25 fix (CVE-2020-35519 bsc#1183696) - commit 6cd53a3 - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1183662 ltc#191922). - commit 36f1612 - usbip: fix vudc to check for stream socket (git-fixes). - Refresh patches.suse/usbip-fix-vudc-usbip_sockfd_store-races-leading-to-g.patch. - commit ecca945 - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). - commit 594832e - usbip: fix vhci_hcd to check for stream socket (git-fixes). - Refresh patches.suse/usbip-fix-vhci_hcd-attach_store-races-leading-to-gpf.patch. - commit a57cde3 - usbip: fix stub_dev to check for stream socket (git-fixes). - Refresh patches.suse/usbip-fix-stub_dev-usbip_sockfd_store-races-leading-.patch. - commit 2ae7114 - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes). - usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - commit bc51b9d - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - Input: applespi - don't wait for responses to commands indefinitely (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - commit 3f405a7 - Goodix Fingerprint device is not a modem (git-fixes). - drm/compat: Clear bounce structures (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - commit 31fcf0f - blacklist.conf: Add capbilities entry that was reverted - commit dc865b3 ++++ kernel-firmware: - Update to version 20210315 (git commit 3568f962908c): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * rtw88: 8822c: Update normal firmware to v9.9.6 * iwlwifi: add new FWs from core59-66 release * iwlwifi: update 9000-family firmwares * iwlwifi: update 7265D firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406 * linux-firmware: add frimware for mediatek bluetooth chip (MT7921) * rtw89: 8852a: add firmware v0.9.12.2 * WHENCE: add missing symlink for BananaPi M3 * Add symlink for BananaPi M2 to brcmfmac43430-sdio config * brcm: Fix Raspberry Pi 4B NVRAM file * silabs: add new firmware for WF200 * amdgpu: add initial firmware for green sardine * rtw88: RTL8822C: Update normal firmware to v9.9.5 - Drop obsoleted patch: Revert-brcm-rpi4-boardflags3-bit.patch - Update topics and aliases ++++ multipath-tools: - Update to version 0.8.5+29+suse.5dabcd2: * 11-dm-mpath.rules: run "multipath -U" with -v1 (bsc#1182871) * libmultipath: merge update_multipath_table() and update_multipath_status() (bsc#1183666) ++++ libvirt: - spec: Fix exec-restart of virtlockd and virtlogd on package upgrade bsc#1183411 ++++ nfs-utils: - 0012-mountd-reject-unknown-client-IP-when-use_ipaddr.patch 0013-mountd-Don-t-proactively-add-export-info-when-fh-inf.patch 0014-mountd-add-logging-for-authentication-results-for-ac.patch 0015-mountd-add-cache-use-ipaddr-option-to-force-use_ipad.patch 0116-mountd-make-default-ttl-settable-by-option.patch Improve logging of authentication (bsc#1181540) - Add 0011-manpage-Add-a-description-of-the-nconnect-mount-opti.patch (bsc#1181651) - Add 0010-gssd-Fix-locking-for-machine-principal-list.patch (bsc#1183194) ------------------------------------------------------------------ ------------------ 2021-3-17 - Mar 17 2021 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Add disable-run-readelf-self-test.patch in order to disable a failing test-case with GCC 11 (PR27367). ++++ gtk3: - Update to version 3.24.27: + Input: Ensure preedit-start and preedit-end are emitted properly. + GtkScrolledWindow: Revert a change that broke touch scrolling. + Theme: - Fix a problem with size changes in SSD decorations that caused mutter crashes - Use transparent black for window border in the dark theme. + Updated translations. ++++ kernel-default: - Add Alt-commit for cherry pick Refresh patches.suse/drm-amdgpu-Fix-invalid-number-of-character-in-amdgpu.patch. - commit 82ef447 - Update patch reference of r8188eu fix (CVE-2021-28660 bsc#1183593) - commit fc23dca - Refresh patches.suse/ibmvnic-Fix-possibly-uninitialized-old_num_tx_queues.patch. - Refresh patches.suse/ibmvnic-always-store-valid-MAC-address.patch. - commit b49d041 - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - commit 583e298 - Update tags patches.suse/ext4-check-journal-inode-extents-more-carefully.patch (bsc#1173485 bsc#1183509 CVE-2021-3428). - commit 41a8fa6 - padata: upgrade smp_mb__after_atomic to smp_mb in padata_do_serial (bsc#1178648). - commit f3ee3cb - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - commit de5577f - drm/lima: fix reference leak in lima_pm_busy (git-fixes). - drm/tegra: Fix reference leak when pm_runtime_get_sync() fails (git-fixes). - drm: rcar-du: Fix PM reference leak in rcar_cmm_enable() (git-fixes). - commit 2a493b3 - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - commit f34c818 - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - commit e27c26d - Update patch reference for fastrpc fix (CVE-2021-28375 bsc#1183596) - commit 00ee058 - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - commit f996a8c - blacklist.conf: e504e74cc3a2 x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2 - commit 12930ec ++++ pango: - Update to version 1.48.3: + Miscellaneous introspection fixes + Make pango_attr_list_splice clip inserted attrbiutes + Do costly fontconfig calls in threads + markup: Fix issues with accel handling + docs: Convert docs to use gi-docgen + Fix build against harfbuzz < 2.6 - Disable gtk-doc for now since upstream have moved to gi-docgen and it is not in Factory yet ++++ libvirt: - spec: Move netcat-openbsd requirement from the libs to the daemon subpackage. It is only needed by the daemon and introduces an unneeded dependency for users of libvirt-libs. ++++ qemu: - Fix s390x "mediated device is in use" error condition (bsc#1183634) update-linux-headers-Include-const.h.patch Update-linux-headers-to-5.11-rc2.patch vfio-ccw-Connect-the-device-request-noti.patch ++++ u-boot-rpiarm64: Fix SMBIOS tables without a string present (bsc#1183079) Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches added: 0034-smbios-Fix-table-whit-no-string-is-.patch ------------------------------------------------------------------ ------------------ 2021-3-16 - Mar 16 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Reduce boilerplate emission from %service_*. Add a bit of build recipe modernization and safeguarding. - Initial commit ++++ bcm43xx-firmware: - Introduce Raspberry Pi 4 Compute Module's brcmfmac43455 configuration file. (bsc#1183524) ++++ glib-networking: - Update to version 2.68.rc: + Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED. + Fix check for certain handshake failure conditions. ++++ grub2: - Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of nvme namespace (bsc#1177751) 0001-ieee1275-Avoiding-many-unecessary-open-close.patch ++++ haproxy: - Update to version 2.3.7+git0.2d39ce334: * [RELEASE] Released version 2.3.7 * BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames * MINOR: resolvers: Don't try to match immediatly renewed ADD items * MINOR: resolvers: Use milliseconds for cached items in resolver responses * BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set * BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks * MINOR: resolvers: Directly call srvrq_update_srv_state() when possible * MINOR: resolvers: Add function to change the srv status based on SRV resolution * MINOR: resolvers: Purge answer items when a SRV resolution triggers an error * MINOR: resolvers: Use a function to remove answers attached to a resolution * BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete * BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item * MINOR: resolvers: new function find_srvrq_answer_record() * BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item * BUG/MEDIUM: resolvers: Don't set an address-less server as UP * BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution * BUG/MINOR: resolvers: Reset server address on DNS error only on status change * BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error * Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record" * CLEANUP: tcp-rules: add missing actions in the tcp-request error message * BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check * BUG/MINOR: session: Add some forgotten tests on session's listener * BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters * BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check * BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached * BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw() * BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc. * OPTIM: task: automatically adjust the default runqueue-depth to the threads * MINOR: task: give the scheduler a bit more flexibility in the runqueue size * MEDIUM: task: remove the tasks_run_queue counter and have one per thread * MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks * MINOR: xprt: add new xprt_set_idle and xprt_set_used methods * MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1 * MINOR: task: add an application specific flag to the state: TASK_F_USR1 * BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake * MINOR: ssl: mark the SSL handshake tasklet as heavy * MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY * MEDIUM: backend: use a trylock when trying to grab an idle connection * MINOR: pools: double the local pool cache size to 1 MB * MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS * MEDIUM: streams: do not use the streams lock anymore * MINOR: streams: use one list per stream instead of a global one * MINOR: cli/streams: make "show sess" dump all streams till the new epoch * MINOR: stream: add an "epoch" to figure which streams appeared when * MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold * MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait * MINOR: dynbuf: make the buffer wait queue per thread * OPTIM: lb-leastconn: do not unlink the server if it did not change * OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn * OPTIM: lb-first: do not take the server lock on take_conn/drop_conn * MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock * MINOR: server: move actconns to the per-thread structure * OPTIM: server: switch the actconn list to an mt-list * MINOR: listener: refine the default MAX_ACCEPT from 64 to 4 * MINOR: tasks: refine the default run queue depth * BUG/MEDIUM: session: NULL dereference possible when accessing the listener * MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs * MINOR: atomic: add armv8.1-a atomics variant for cas-dw * BUG/MINOR: mt-list: always perform a cpu_relax call on failure * REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h * BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode * BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() * BUG/MINOR: backend: fix condition for reuse on mode HTTP ++++ iputils: - Binaries were found to be not optimized or built with proper %optflags. ++++ kernel-default: - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552 bsc#1183598). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552 bsc#1183598). - commit 8173e6a - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - commit cd602fc - Move upstreamed sound fixes into sorted section - commit 4b54f4c - Refresh sorted section. - commit c4b4430 - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - commit cfa810c - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - commit aa3dcbf - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - commit 1350ad6 - blacklist.conf: Append 'drm/panfrost: Move the GPU reset bits outside the timeout handler' - commit 5140c1f - Delete patches.suse/powerpc-Implement-smp_cond_load_relaxed.patch This has been shown to hurt performance at various levels when using qspinlocks (bsc#1182161). - commit 6cec69e ++++ mozilla-nss: - update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt "cachedCertTable" * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 - required for Firefox 87 ++++ qemu: - Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) e1000-fail-early-for-evil-descriptor.patch ++++ raspberrypi-firmware: - Fix previous change. No need to set DWC2 in host mode. OTG works fine on production CM4 IO boards. It was being tested earlier on a pre-release development board. (bsc#1183241) - Run pre_checkin.sh, which fixed some style issues. ++++ raspberrypi-firmware-config: - Fix previous change. No need to set DWC2 in host mode. OTG works fine on production CM4 IO boards. It was being tested earlier on a pre-release development board. (bsc#1183241) - Run pre_checkin.sh, which fixed some style issues. ------------------------------------------------------------------ ------------------ 2021-3-15 - Mar 15 2021 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Security fix: [bsc#1183456, CVE-2021-20232] * A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. - Add gnutls-CVE-2021-20232.patch - Security fix: [bsc#1183457, CVE-2021-20231] * A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. - Add gnutls-CVE-2021-20231.patch ++++ kernel-default: - Refresh patches.suse/ibmvnic-Fix-possibly-uninitialized-old_num_tx_queues.patch. - Refresh patches.suse/ibmvnic-always-store-valid-MAC-address.patch. - commit b83f198 - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - apparmor: Fix aa_label refcnt leak in policy_update (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - fuse: verify write return (git-fixes). - commit 55b045e - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - commit dbe17e3 - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) This patch has been pointed out to break boot on qemu version 3 with azure config. - commit d2d00bd - Refresh patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. - Refresh patches.suse/x86-sev-es-handle-db-events. Remove lockdep_assert_irqs_disabled() from patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. It can't possibly work correctly on a 5.3 kernel because there is no NMI-safe hardirq state tracking yet. - commit 1234b14 - blacklist.conf: Add 62441a1fb532 x86/sev-es: Correctly track IRQ states in runtime #VC handler - commit 1b48e04 - x86/sev-es: Use __copy_from_user_inatomic() (bsc#1183553). - x86/sev-es: Check regs->sp is trusted before adjusting #VC IST stack (bsc#1183551). - x86/sev-es: Introduce ip_within_syscall_gap() helper (bsc#1183552). - commit 8bcc6e7 - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - commit 860b1de - cifs: check pointer before freeing (bsc#1183534). - commit 03b0110 - nvme-hwmon: Return error code when registration fails (bsc#1177326). - commit 73e4ae9 - nvme-fabrics: fix kato initialization (bsc#1182591). - commit 4bcdc01 - Remove patches.suse/nvme-hwmon-Return-error-code-when-registration-fails.patch hwmon_init() has no return value, hence we don't need this patch. The patch is only relevant for SLE15-SP3. - commit b165e35 - bnxt_en: Re-write PCI BARs after PCI fatal error (git-fixes). - Refresh patches.suse/bnxt_en-Fix-AER-recovery.patch. - commit 05952f2 - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - commit d9b9ce4 - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - commit 85c34ec - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - commit 6a3b52e - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - commit f8b10af - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - commit d3a2816 - xen/events: don't unmask an event channel when an eoi is pending (git-fixes). - commit 29c2c45 - blacklist.conf: Add an inapplicable etnry for rtw88 - commit 65391e2 - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - commit 43f9b1d - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - commit 93f1c3c - net: enic: Cure the enic api locking trainwreck (git-fixes). - commit ee3b02c - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - commit abc3215 - Update patches.suse/Xen-gnttab-handle-p2m-update-errors-on-a-per-slot-ba.patch (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number - Update patches.suse/xen-netback-respect-gnttab_map_refs-s-return-value.patch (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number - commit 49dfaa1 - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes - commit f2973f5 - drm/panfrost: Don't corrupt the queue mutex on open/close (bsc#1152472) Backporting notes: * context changes - commit ab54c88 - Update patches.suse/Xen-gnttab-handle-p2m-update-errors-on-a-per-slot-ba.patch (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number - Update patches.suse/xen-netback-respect-gnttab_map_refs-s-return-value.patch (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number - commit 91d5751 - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - commit 2c830e3 - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - commit 952bf43 - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ("drm/msm: Fix use-after-free in msm_gem with carveout") * context changes - commit 37d3ff2 - RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep (jsc#SLE-15176). - commit c9eeebe - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - commit f06fb53 - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes - commit 69d2605 - drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - commit 6a3acb4 - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - commit c115d9f - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes - commit 485d7ba - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes: * context changes - commit ef50c07 - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - commit 979bc2a - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes). - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes). - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes). - staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes). - staging: comedi: me4000: Fix endian problem for AI command data (git-fixes). - staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes). - staging: comedi: das800: Fix endian problem for AI command data (git-fixes). - staging: comedi: das6402: Fix endian problem for AI command data (git-fixes). - staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes). - staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes). - staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes). - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes). - staging: rtl8712: unterminated string leads to read overflow (git-fixes). - usb: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - usb: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - usb: gadget: f_uac1: stop playback on function disable (git-fixes). - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - commit e8f5b15 ++++ systemd: - Import commit 9753d1c17545a5d46530696cb14254f5f12024f1 (merge of v246.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/134cf1c8bc3e361a2641161aa11ac2b5b990480b...9753d1c17545a5d46530696cb14254f5f12024f1 - Rebase 0001-conf-parser-introduce-early-drop-ins.patch - Import commit 13bc08870147b35f87cefb074aec22e767b7ac04 846d61e0a1 boot: Move console declarations to missing_efi.h 171a37228b boot: Add startswith() and endswith() functions with no_case variants 0fad9f309a boot: Drop unnecessary braces c38bbb0874 boot: Fix void pointer arithmetic warning 438210924b boot: Replace raw efivar gets with typed variants e46cb3e4a0 boot: Add efivar_get/set_uint64_le() functions e16bee35c8 boot: Rename efivar_get/set_int() to efivar_get/set_uint_string() 2808d0e9a3 boot: Tighten scope of variables used in loops d3f3d57743 boot: Add efivar_get_boolean_u8() 0551ecce71 boot: Make all efivar util functions take the guid as an argument 8376ba3b9f boot: Turn all guid constants into C99 compound initializers 166fc2dad2 boot: Enable C99 c87d66e261 boot: Move Secure Boot logic to new file da7bba9438 udev: fix memleak e06139117c nspawn: make rootfs relative to oci bundle path (bsc#1182598) 8ba587d46c PATCH] Always free deserialized_subscribed on reload (bsc#1180020) ++++ qemu: - Fix incorrect guest data in s390x PCI passthrough (bsc#1183372) s390x-pci-restore-missing-Query-PCI-Func.patch ++++ raspberrypi-firmware: - Set CM4's DWC2 in host mode by default (bsc#1183241) ++++ raspberrypi-firmware-config: - Set CM4's DWC2 in host mode by default (bsc#1183241) ++++ raspberrypi-firmware-dt: - Update to 16991af20b (2021-03-15) (bsc#1183238): * overlays: Add pcie-32bit-dma overlay ++++ yast2-trans: - Update to version 84.87.20210314.90853260a8: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Italian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * New POT for text domain 'network'. * New POT for text domain 'add-on'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'packager'. * New POT for text domain 'network'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * New POT for text domain 'storage'. * New POT for text domain 'country'. * New POT for text domain 'bootloader'. * Translated using Weblate (Spanish) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Finnish) * Translated using Weblate (Croatian) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * New POT for text domain 'packager'. * New POT for text domain 'base'. * New POT for text domain 'packager'. * New POT for text domain 'base'. * Translated using Weblate (Spanish) * Translated using Weblate (Hindi) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Portuguese) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (Chinese (China)) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Spanish) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (French) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Finnish) * Translated using Weblate (Portuguese (Portugal)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (German) * Translated using Weblate (Galician) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (French) * Translated using Weblate (Portuguese) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (Chinese (China)) * Translated using Weblate (German) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (German) * Translated using Weblate (Turkish) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (French) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (French) * Translated using Weblate (Chinese (Taiwan)) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Added translation using Weblate (Sinhala) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Italian) * Translated using Weblate (Portuguese) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese) * Translated using Weblate (Finnish) * Translated using Weblate (Italian) * Added translation using Weblate (Portuguese (Portugal)) ------------------------------------------------------------------ ------------------ 2021-3-14 - Mar 14 2021 ------------------- ------------------------------------------------------------------ ++++ e2fsprogs: - e2fsprogs 1.46.2: * tune2fs -c now takes "random" argument * Add support for the FS_NOCOMP_FL flag to chattr and lsattr * Fix warnings when resizing small file systems to a super-large * Fix the debugfs rdump and ls commands so they will work correctly for uid's and gid's => 65536 * Fix the debugfs write and symlink commands so they support targets which contain a pathname * Fix Direct I/O support on block devices where the logical block size is greater 1k * Fix debugfs's logdump so it works on file systems whose block size is greater than 8k * Fix a crash when there is error while e2fsck is trying to open the file system, and e2fsck calls ext2fs_mmp_stop() before MMP has been initialized * Improved error checking in the fast commit replay code in e2fsck * Fix various compiler and Coverity warnings * Update the Spanish translation from the translation project ------------------------------------------------------------------ ------------------ 2021-3-13 - Mar 13 2021 ------------------- ------------------------------------------------------------------ ++++ cryptsetup: - cryptsetup 2.3.5: * Fix partial reads of passphrase from an interactive terminal * Fix maximum length of password entered through a terminal * integritysetup: support new dm-integrity HMAC recalculation options * integritysetup: display of recalculating sector in dump command * veritysetup: fix verity FEC if stored in the same image with hashes * veritysetup: run FEC repair check even if root hash fails * veritysetup: do not process hash image if hash area is empty * veritysetup: store verity hash algorithm in superblock in lowercase * bitlk: fix a crash if the device disappears during BitLocker scan * bitlk: show a better error when trying to open an NTFS device * bitlk: add support for startup key protected VMKs * Fix LUKS1 repair code (regression since version 1.7.x) * Fix luksKeyChange for LUKS2 with assigned tokens * Fix cryptsetup resize using LUKS2 tokens * Print a visible error if device resize is not supported * Add error message when suspending wrong non-LUKS device * Fix default XTS mode key size in reencryption * Rephrase missing locking directory warning and move it to debug level * Many fixes for the use of cipher_null (empty debug cipher) * Fixes for libpasswdqc 2.0.x (optional passphrase quality check) * Fixes for problems discovered by various tools for code analysis * Various fixes to man pages - silence hmac packaging warnings ++++ kernel-default: - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: add mixer quirks for Pioneer DJM-900NXS2 (git-fixes). - ALSA: usb-audio: Add DJM750 to Pioneer mixer quirk (git-fixes). - ALSA: usb-audio: Add DJM-450 to the quirks table (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add support for Pioneer DJM-750 (git-fixes). - ALSA: usb-audio: Convert the last strlcpy() usage (git-fixes). - ALSA: usb-audio: Convert remaining strlcpy() to strscpy() (git-fixes). - ALSA: Convert strlcpy to strscpy when return value is unused (git-fixes). - commit 8cf6568 - ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - commit 761b71c - Move upstreamed HD-audio fixes into sorted section - commit 61816e8 - ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support (git-fixes). - ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook G5 (git-fixes). - ALSA: hda: ignore invalid NHLT table (git-fixes). - commit 490714c - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - software node: Fix node registration (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - commit c895b3d - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - commit dcc7c7c - Move upstreamed sound fixes into sorted section - commit 8879ec1 ++++ liburing2: - skip building the tests that are neither installed nor run as they fail to build on 32bit platforms (like e.g. armv7l) (bsc#1181571) - update to 2.0: * Sync io_uring.h API file with Linux 5.12 * helpers: prefix any helper with t_ instead of io_uring_ * helpers: add io_uring_create_buffers() helper * helpers: add io_uring_create_file() helper * helpers: add io_uring_calloc helper * helpers: add io_uring_posix_memalign helper * setup: cleanup probe code * setup: check whether malloc succ before using it * io_uring_prep_sync_file_range: cleanups * .gitignore: add sendmsg_fs_cve * Added prep function for sync_file_range op * Install man7 pages * src/queue: never clear data->wait_nr * src/queue: control kernel enter with a var * src/queue: don't re-wait for CQEs * src/queue: don't loop when don't enter * src/queue: clean _io_uring_get_cqe() err handling * src/queue: don't wait for less than expected * Add inline doc in the comments for io_uring_prep_splice * Fix sigset_t not found in liburing.h * src/queue: update comment on io_uring_wait_cqes() with timeouts * io_uring.h: 5.12 pending kernel sync * man/io_uring_register.2: fix spelling error * man/io_uring_register.2: Add documentation on IORING_REGISTER_FILES_SKIP * Add two ring deadlock case * Fix IORING_OP_FALLOCATE args in io_uring_enter(2) man page * src/queue: Fix a typo in `__io_uring_flush_sq()` * src/queue: fix `sq_ring_needs_enter()` indentation * src/queue: refactor io_uring_get_sqe() * man/io_uring_setup.2: correct 5.10 -> 5.11 for non-fixed files and SQPOLL * man/io_uring_enter.2: document new opcodes * man/io_uring_enter.2: ensure all IORING_ENTER_* flags are documented * src/queue: add comment on why reading SQ->head for flush isn't atomic * liburing.h: fix 32-bit compile warning * man/io_uring.7: Fix typo * man/io_uring_enter.2: describe timeout updates * Don't enter the kernel to wait on cqes if they are already available. * Add timeout update * remove zero-size array in io_uring.h * Rename SIG_IS_DATA -> EXT_ARG * Update SIG_IS_DATA to modified kernel API * Use IORING_ENTER_GETEVENTS_TIMEOUT if available * Add wrapper for __io_uring_get_cqe() * Add __sys_io_uring_enter2() * Include 'features' in struct io_uring * io_uring.h: update with 5.11-pending copy * Fix compilation with iso C standard (c89, c99 and c11) * examples: disable ucontext-cp if ucontext.h is not available * Moves function calls out of assert(). * liburing.h: add renameat/unlinkat prep helpers * io_uring.h: add renameat and unlinkat opcodes * configure: Fix unsafe temporary file creation * Add const modifier to functions that do not change the state of the ring * man/io_uring_enter.2: clarify POLL_ADD return value * Add get_sqe manpage to debian package * Add man page for io_uring_get_sqe * man/io_uring_enter.2: add EACCES and EBADFD errors * man/io_uring_register.2: add description of restrictions * man/io_uring_setup.2: add IORING_SETUP_R_DISABLED description * Makefile: add .PHONY dependency * man/io_uring_enter.2: split ERRORS section in two sections * liburing.h: add `io_uring_prep_tee` * Fix build flag settings * .gitignore: Add sq-poll-dup * man/io_uring_enter.2: clarify PROVIDE_BUFFERS requirements * Update packaging/installation for new man pages * man/io_uring.7: clarify submission/completion ordering * man/io_uring.7: style and barrier updates * Add man page for io_uring_queue_exit * Add man page for io_uring_queue_init * Adding section 7 man page for io_uring * probes: provide our own free function * .gitignore: add pipe-reuse * Fold versioned symbols into LIBURING_2.0 version node * Remove versioned symbols not provided by the shared library anymore * man/io_uring_setup.2: improve SQPOLL wakeup example * Fix io_uring_sq_ready() to use load acquire to read khead. * io_uring.h: fix missing tab * Bump major version to 2 * Add IORING_OP_SHUTDOWN and prep helper * Add a few function comments in liburing.h * Add io_uring_sqring_wait() * io_uring.h: add new definitions from 5.10 * man/io_uring_setup.2: document missing IORING_FEAT_* feature flags * man/io_uring_enter.2: add description of buffer selections * build: Output CXX on quiet output when using a C++ compiler * Fix missing 'c' in sigfd-deadlock addition * Add helper to enable rings * Add helper to register restrictions * io_uring.h: add register restrictions and enable ring defines * io_uring.h: use an enumeration for io_uring_register(2) opcodes * io_uring_prep_splice(): fix type (again) * Use the right type for io_uring_prep_splice() * syscall: make syscall.h independently includeable * sq_ring_needs_enter: revert change to only enter if submit != 0 * man/io_uring_setup.2: document IORING_SETUP_ATTACH_WQ * update debian/changelog * update debian/liburing1.symbols * debian/rules: pass down relativelibdir in order to get an absolute path * man/io_uring_setup.2: document IORING_SETUP_CLAMP * man/io_uring_enter: fix openat sqe doc - update to 0.7: * io_uring.h: sync with kernel * io_uring_peek_batch_cqe should also check cq ring overflow * Check cq ring overflow status * configure: fix typos in help/error messages * src/setup: clarify that we always return -errno on error * man/io_uring_enter.2: updated io_uring_sqe and fixed incorrect flag references. * Removed misplaced periods from io_uring_enter(2). * Merge branch 'readme' of https://github.com/jobs-git/liburing * Make readme sensible * man/io_uring_enter: update connect to note use of const * Merge branch 'master' of https://github.com/KayEss/liburing * Take `sockaddr` immutably in io_uring_prep_connect * Merge branch 'dev' of https://github.com/CarterLi/liburing * Merge branch 'fix-splice-docs' of https://github.com/gerow/liburing * man: fix description of splice offsets * .travis.yml: Change the language from C to C++ * configure: Use $CC and $CXX as default compilers if set * Make the liburing header files again compatible with C++ * src/include/liburing/barrier.h: Restore clang compatibility * src/Makefile: Only specify -shared at link time * Merge branch 'openat_o_path' of https://github.com/MaxKellermann/liburing * Convert __io_uring_get_sqe() from a macro into an inline function * src/include/liburing/barrier.h: Use C11 atomics * Makefiles: Enable -Wextra * Bump version to 1.0.7 * change poll_events to 32 bits to cover EPOLLEXCLUSIVE * examples/ucontext-cp.c: use IORING_OP_TIMEOUT * man/io_uring_enter: correct the description of * man/io_uring_register.2: add IORING_CQ_EVENTFD_DISABLED description * Add helpers to set and get eventfd notification status * man/io_uring_setup.2: add 'flags' field in the struct io_cqring_offsets * Add CQ ring 'flags' field * remove duplicate call to __io_uring_peek_cqe() * update wait_nr to account for completed event * preseve wait_nr if SETUP_IOPOLL is set * man/io_uring_enter.2: add IORING_OP_TEE entry * update io_uring.h with tee() * Merge branch 'master' of https://github.com/shuveb/liburing * Adding section to describe IORING_OP_EPOLL_CTL * fix missing '#include ' in 'src/include/liburing.h * fix build on musl libc * Use uint64_t for splice offsets * Use __off64_t for offsets * Merge branch 'master' of https://github.com/shuveb/liburing * Adding description for the IORING_OP_SPLICE operation * Merge branch 'master' of https://github.com/shuveb/liburing * Adding section describing IORING_OP_OPENAT2 * Fix 32-bit warnings on compile * __io_uring_get_cqe: silence signed vs unsigned comparison warning * io_uring_get_sqe: always use khead ++++ xfsprogs: - update to v5.11.0: - xfs_admin: don't hide xfs_repair output when upgrading - man: document attr2, ikeep option deprecation in xfs.5 - mkfs: make use of xfs_validate_stripe_geometry() - mkfs: fix wrong inobtcount usage error output - xfs_repair: enable bigtime upgrade via repair - xfs_repair: enable inobtcount upgrade via repair - xfs_repair: set NEEDSREPAIR on first write - xfs_repair: clear the needsrepair flag when done - xfs_repair: check dquot id and type - xfs_fsr: Verify bulkstat version in qsort's cmp() - xfs_fsr: Interpret args of qsort's cmp() correctly - xfs_scrub: load and unload libicu properly - xfs_scrub: various fixes - xfs_admin: support adding features to V5 filesystems - xfs_admin: support filesystems with realtime devices - man: mark all deprecated V4 format options - misc: fix valgrind complaints - xfs_db: disallow label/uuid setting if NEEDSREPAIR - xfs_db: show NEEDSREPAIR in check & version commands - xfs_db: add an ls command - xfs_db: add a directory path lookup command - libxfs changes merged from kernel 5.11 ------------------------------------------------------------------ ------------------ 2021-3-12 - Mar 12 2021 ------------------- ------------------------------------------------------------------ ++++ cryptsetup: - move licenses to licensedir ++++ transactional-update: - Revert inotify-tools dependency: The package is not available in SLE. This will probably have to be implemented as a native C version. - Version 3.2.2 - Don't skip patches with rebootSuggested flag [bsc#1183442] ++++ gnutls: - Update to 3.7.1: [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231] * Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. * Fixed a regression in handling duplicated certs in a chain. * Fixed sending of session ID in TLS 1.3 middlebox compatibility mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions. * Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode. * Added padlock acceleration for AES-192-CBC. - Remove patches upstream: * gnutls-gnutls-cli-debug.patch * gnutls-ignore-duplicate-certificates.patch * gnutls-test-fixes.patch ++++ kernel-default: - kABI: repair after "nVMX: Properly handle userspace interrupt window request" Restore the signature of member function of kvm_x86_ops, which is kABI. The implementation does not use the second argument any longer, so mark it as __unused. - commit ac3267f - jfs: Fix array index bounds check in dbAdjTree (bsc#1179454 CVE-2020-27815). - commit 8c97baa - Refresh media fixes to the upstreamed version (bsc#1181104) Refreshed: patches.suse/media-dvb-usb-Fix-memory-leak-at-error-in-dvb_usb_de.patch patches.suse/media-dvb-usb-Fix-use-after-free-access.patch - commit 0dafc68 - Move upstreamed amdgpu patches into sorted section - commit 7d79443 - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - commit 07c11e6 - ASoC: Intel: sof_sdw: reorganize quirks by generation (git-fixes). - Refresh patches.suse/ASoC-Intel-sof-sdw-indent-and-add-quirks-consistentl.patch. - commit 50ee7a3 - drm/amd/display: Fix nested FPU context in dcn21_validate_bandwidth() (git-fixes). - drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff (git-fixes). - drm/shmem-helper: Check for purged buffers in fault handler (git-fixes). - ASoC: Intel: sof_sdw: add quirk for HP Spectre x360 convertible (git-fixes). - Bluetooth: btqca: Add valid le states quirk (git-fixes). - commit 30958f3 - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). Also refreshes: patches.suse/kvm-x86-fix-cpuid-range-checks-for-hypervisor-and-centaur-classes. - commit e678df6 - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - commit c95acf7 - drm: meson_drv add shutdown function (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - commit f5bb9e4 - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - update config files - GCC_PLUGINS=y - GCC_PLUGIN_CYC_COMPLEXITY=n - GCC_PLUGIN_LATENT_ENTROPY=n - GCC_PLUGIN_RANDSTRUCT=n - GCC_PLUGIN_STRUCTLEAK_USER=n - GCC_PLUGIN_STRUCTLEAK_BYREF=n - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=n - GCC_PLUGIN_STACKLEAK=n - commit f16b7b9 - ibmvfc: free channel_setup_buf during device tear down (bsc#1183440 ltc#191464). - commit b86b88e - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - commit 0d2798a - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - commit 3773bcc - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - commit 3cc1c3a - kvm: svm: Update svm_xsaves_supported (jsc#SLE-13573). - commit 2e53071 - KVM: x86: Expose XSAVEERPTR to the guest (jsc#SLE-13573). - commit 4f9517b - kvm: x86: Enumerate support for CLZERO instruction (jsc#SLE-13573). - commit e2e8bf7 - patches.suse/0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - patches.suse/0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - patches.suse/0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). Update patches related to bsc#1171295 which were merged sooner due to other reasons. - commit 2cd1e12 ++++ multipath-tools: - Update to version 0.8.5+26+suse.2cbedfd: Avoid "illegal request" errors on non-RDAC storage (bsc#1182072, bsc#1177371) ++++ openldap2: - bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch ++++ nghttp2: - security update - added patches fix CVE-2020-11080 [bsc#1181358], HTTP/2 Large Settings Frame DoS + nghttp2-CVE-2020-11080.patch ++++ libvirt: - virtlockd, virtlogd: Fix exec-restart 6b8e9613-avoid-use-after-free.patch, eab7ae6b-fix-array-access.patch, c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch, ccc6dd8f-fix-exec-restart.patch bsc#1183411 ++++ opensc: - move licenses to licensedir ++++ qemu: - Include upstream patches designated as stable material and reviewed for applicability to include here lsilogic-Use-PCIDevice-exit-instead-of-D.patch vhost-user-blk-fix-blkcfg-num_queues-end.patch - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) net-vmxnet3-validate-configuration-value.patch - Add #!ForceMultiversion to qemu.spec: + As the spec file defines different Version: fiels for various subpackages, we must instruct OBS to not ever reset the checkin-counter, as it would by defalut on a version increase. Resetting the version counter results in sub-packages reusing their VERSION-RELEASE from the past (e.g. qemu-ipxe is version 1.0.0+, and upon checkin of a new qemu version, RELEASE is reset to 1.1, thus again producing qemu-ipxe-1.0.0+-1.1.noarch.rpm. ++++ raspberrypi-firmware: - Update to 0591568b29 (2021-03-10) (bsc#1183444): * firmware: video_decode lockup handling * firmware: isp: Initialise extras to avoid vpitch being random * firmware: usb: Fix dropouts with USB ethernet gadget * firmware: imx477: Allow long exposures for the binned modes. * firmware: arm_dispmanx: Use ALPHA_MIX flag * firmware: power: Refactor the interface to the PMICs * firmware: platform: vl805: Get BAR2 address from PCIe BAR2 registers * firmware: arm_loader: Return all borrowed DMA channels ++++ raspberrypi-firmware-config: - Update to 0591568b29 (2021-03-10) (bsc#1183444): * firmware: video_decode lockup handling * firmware: isp: Initialise extras to avoid vpitch being random * firmware: usb: Fix dropouts with USB ethernet gadget * firmware: imx477: Allow long exposures for the binned modes. * firmware: arm_dispmanx: Use ALPHA_MIX flag * firmware: power: Refactor the interface to the PMICs * firmware: platform: vl805: Get BAR2 address from PCIe BAR2 registers * firmware: arm_loader: Return all borrowed DMA channels ++++ selinux-policy: - Adjust fix_init.patch to allow systemd to do sd-listen on tcp socket [bsc#1183177] ------------------------------------------------------------------ ------------------ 2021-3-11 - Mar 11 2021 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Require qemu-img in any filesystem based image This commit moves the qemu-img requirement into the `kiwi-systemdeps-filesystems` to ensure ISO, OEM and PXE images include it in the build service. Also this is required for images that are simple root-trees in a filesystem (image=ext4). (cherry picked from commit 4e91e028eba763321a0958ff0febee107d944af8) - Add a requirement for kiwi-systemdeps-iso-media on disk images This commit adds a requirement for `kiwi-systemdeps-iso-media` in `kiwi-systemdeps-disk-images`. This is to ensure that installing `kiwi-systemdeps-disk-images` is enough to build OEM images including install media. (cherry picked from commit 307b7e0234c01846587024c008166310e8d7d8b0) - Turn fb-util-for-appx requirement into a recommendation This commit relaxes the requirement for `fb-util-for-appx` since the utiliy is not part of all SLE-15 service packs. - Bump version: 9.23.19 → 9.23.20 This version upgrade includes several fixes: * Refactor grub2 installation This commit refactors grub2 installation method to split it in two parts. Former grub2.install method was meant to run the grub2-install tool, however, in addition it was also running the secure boot installation shim-install. The install method in KIWI is skipped for those architectures and firmware combinations for which bios support doesn't exist. This was leading to skip the secure boot installation. The current approach strips the secure boot installation logic from the grub2.install method, so skipping the install method does not automatically result in skipping the secure boot installation. Fixes bsc#1182211 * Fix lsblk flags to get sorted output This commit modifies the lsblk command flags to get a sorted output according to the disk layout. This is related to 176c7eab commita and it fixes bsc#1182264, bsc#1182963 and bsc#1183059 * Avoid using generators in pre-mount hooks This commit deletes the generator that was creating the sysroot.mount unit for ramdisk deployments. Generators, specially the sysroot.mount is expected to be created on very early stages of the boot procedure as this has impact on relevant targets such as initrd-root-fs.target, which does not depend on sysroot.mount if the unit is not there. In ramdisk deployments some data is known on pre-mount stage as as it is downloaded from the PXE server. At this stage it is not safe to generate a sysroot.mount unit that depends on initrd-root-fs.target as the target is close to finalize or even finalized already and could potentially skip sysroot.mount exection. Instead we include a mount hook which is only executed on ramdisk deployments that simply runs the mount command to mount /sysroot. This fixes bsc#1178670 ++++ grub2: - Fix chainloading windows on dual boot machine (bsc#1183073) * 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch ++++ open-iscsi: - Updated to latest upstream 2.1.4 as 2.1.4-suse, which contains these changes not already present: * Enable iscsi.service asynchronous logins, cleanup services (bsc#1183421) * libopeniscsiusr: dont error loudly if a session isn't found when working through iscsi_sessions_get() * libopeniscsiusr: skip over removed sessions * libopeniscsiusr: fix error messages * Avoid hardcoding pkg-config to fix cross build * Fix iscsistart login issue when target is delayed. ++++ kernel-default: - fix patch metadata - fix Patch-mainline: patches.suse/PCI-Add-a-REBAR-size-quirk-for-Sapphire-RX-5600-XT-P.patch - commit e2c9c81 - series.conf: cleanup - move mainline patches into sorted section patches.suse/btrfs-unlock-extents-in-btrfs_zero_range-in-case-of-errors.patch patches.suse/btrfs-free-correct-amount-of-space-in-btrfs_delayed_inode_reserve_metadata.patch patches.suse/btrfs-don-t-flush-from-btrfs_delayed_inode_reserve_metadata.patch (no effect on expanded tree) - commit 00edfef - series.conf: cleanup - update upstream references and resort: patches.suse/ibmvnic-Fix-possibly-uninitialized-old_num_tx_queues.patch patches.suse/ibmvnic-always-store-valid-MAC-address.patch patches.suse/powerpc-pseries-Don-t-enforce-MSI-affinity-with-kdum.patch - commit 31cb799 - Update patches.suse/apparmor-Fix-use-after-free-in-aa_audit_rule_init.patch (CVE-2019-18814 bsc#1156256). - commit 7636680 - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - commit 19f4943 - patches.suse/loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - commit e598133 - patches.suse/blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - commit b590c4c - patches.suse/block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - commit 252fb3e - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - commit 16ce873 - patches.suse/blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - commit fbf1322 - patches.suse/blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - commit 3bfed47 - net: mvneta: fix double free of txq->buf (git-fixes). - commit 1c0789f - net: mvneta: make tx buffer array agnostic (git-fixes). - commit 49c79a4 - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - commit c51e8e9 - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - commit 89b67ef - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - commit c74de85 - ice: fix memory leak in ice_vsi_setup (git-fixes). - commit 7c0d558 - ice: fix memory leak if register_netdev_fails (git-fixes). - commit 8c0fdc3 - nvme: remove nvme_identify_ns_list (bsc#1180197). - nvme: refactor nvme_validate_ns (bsc#1180197). - nvme: move nvme_validate_ns (bsc#1180197). - nvme: query namespace identifiers before adding the namespace (bsc#1180197). - nvme: revalidate zone bitmaps in nvme_update_ns_info (bsc#1180197). - nvme: remove nvme_update_formats (bsc#1180197). - nvme: update the known admin effects (bsc#1180197). - nvme: set the queue limits in nvme_update_ns_info (bsc#1180197). - nvme: remove the 0 lba_shift check in nvme_update_ns_info (bsc#1180197). - nvme: clean up the check for too large logic block sizes (bsc#1180197). - nvme: freeze the queue over ->lba_shift updates (bsc#1180197). - nvme: factor out a nvme_configure_metadata helper (bsc#1180197). - nvme: call nvme_identify_ns as the first thing in nvme_alloc_ns_block (bsc#1180197). - nvme: lift the check for an unallocated namespace into nvme_identify_ns (bsc#1180197). - nvme: rename __nvme_revalidate_disk (bsc#1180197). - nvme: rename _nvme_revalidate_disk (bsc#1180197). - nvme: rename nvme_validate_ns to nvme_validate_or_alloc_ns (bsc#1180197). - nvme: remove the disk argument to nvme_update_zone_info (bsc#1180197). - nvme: fix initialization of the zone bitmaps (bsc#1180197). - nvme: opencode revalidate_disk in nvme_validate_ns (bsc#1180197). - commit bf92aeb - Refresh patches.suse/iommu-vt-d-fix-kernel-null-pointer-dereference-in-find_domain. - commit fca53e1 - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - commit 3238faa - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - commit a3fe770 - Update bpf-Fix-signed_-sub-add32-_overflows-type-handling.patch Add the following tags: bsc#1183077, CVE-2021-20268 - commit 01dcc33 - Import kabi reference files from the RC1 submission (commit 52197697dc8) - commit f143546 - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - commit 9aadbb2 - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - commit f71dec5 - iavf: use generic power management (git-fixes). - commit 23712b8 - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - commit d783a1f - s390: lock down kernel in secure boot mode (jsc#SLE-7741). - Update config files. - commit 1499b7b ++++ inih:  - Update to version 53 * Add architecture ppc64le to travis build (#122) * enable distro settings by default (#125) * meson: optionally depend on c++ (#124) * meson: add static compile args to inih_dep (#126) ++++ systemd: - create subpackage systemd-experimental to host pstore, repart, userdb and homed - Make sure the udev socket units are reloaded during udev package updates ++++ ovmf: - Update to edk2-stable202102 * ArmVirtPkg: support extra pci root bridges (pxb) * SEV Encrypted Boot for Ovmf (remote attestation) * virtio-fs driver for OvmfPkg and ArmVirtPkg * Apply SEV-ES mitigations for encryption bit position and MMIO * Add Core CI support for StandaloneMmPkg * Update LZMA module to LZMA SDK latest version 19.00 * Port open source JSON library (jansson) * add file buffering to the UEFI shell's COMP command * Shell: pathname / filename sorting * Extend support of peripheral x64 MM_STANDALONE drivers * BaseTools: Convert the Split tool from C language to Python * ArmPkg: Add Universal/Smbios * Move to Pip based Basetools python * Add support for use of FF-A callsw - Drop upstreamed patches: + ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch + ovmf-bsc1180079-amd-sev-es-mitigation.patch ++++ shim: - Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup also when Secure Boot is disabled (bsc#1183213, bsc#1182776) - Merged linker-version.pl into timestamp.pl and add the linker version to signature files accordingly ++++ supportutils: - Fixed mismatched taint flags (bsc#1178491) - Removed redundant fdisk code that can cause timeout issues (bsc#1181679) - Supportconfig processes -f without hanging (bsc#1182904) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#471 - ensure base modules are loaded before starting the rescue system (bsc#1183388) - 16.56 ++++ toolbox: - Update to version 2.1+git20210311.15cb3ad: * Don't check for subuid if root calls toolbox [bsc#1183375] ------------------------------------------------------------------ ------------------ 2021-3-10 - Mar 10 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.2.1 - t-u: Forward --quiet option to tukit - Regression: Add /opt as bind mount into update environment - Remove output indicators of the called command to not tamper the result line - Fix /etc syncing with --drop-if-no-change - Requires inotify-tool to have --drop-if-no-change available ++++ glibc: - Update glibc-2.31-HTM-vzeroupper.diff with a AVX-SSE transition fix. - Add glibc-2.31-HTM-vzeroupper.diff to avoid VZEROUPPER in the AVX2 accelerated string routines which cause HTM transaction aborts. Instead use EVEX or SSE. (bsc#1181403) ++++ irqbalance: - Update to version 1.7.0+git20210222.9db8d5c: * ui: fix cpu/irq menu off by one * fix uint64_t printf format (use PRIu64) * Also fetch node info for non-PCI devices * Add hot pull method for irqbalance * Add log for hotplug appropriately * add irq hotplug feature for irqbalance * Remove some unused constant macros in constants.h * Add a deprecation notice for IRQBALANCE_BANNED_CPUS * Add IRQBALANCE_BANNED_CPULIST to env file * log correctly for isolated and nohz_full cpus * Update README.md * Add some examples for IRQBALANCE_BANNED_CPUS * Adjust how we determine if a cpu is online * activate_mapping: activate only online CPUs * add env variable to ban cpus using cpulist syntax * put arg parsing detail into parse_command_line() * Updating configure script to version 1.7.0 * Add strlen checking for IRQBALANCE_BANNED_CPUS * remove redundant "/" in SOCKET_TMPFS * Fix typo in service unit file * arm64: Add irq aff change check For aarch64, the PPIs format in /proc/interrputs can be parsed and add to interrupt db, and next, the number of interrupts is counted and used to calculate the load. Finally these interrupts maybe scheduled between the NUMA domains. * Correct typos in irqbalance.c * free cpu_ban_string when the next request come * improve irq migrate rule to avoid high irq load * make the option 'V' closer to the option with no arg ++++ kernel-default: - Update patches.suse/scsi-iscsi-ensure-sysfs-attributes-are-limited-to-page_size (CVE-2021-27365 bsc#1182715). - Update patches.suse/scsi-iscsi-restrict-sessions-and-handles-to-admin-capabilities (CVE-2021-27363 CVE-2021-27364 bsc#1182716 bsc#1182717). - Update patches.suse/scsi-iscsi-verify-lengths-on-passthrough-pdus (CVE-2021-27365 bsc#1182715). - commit da2d102 - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - commit a1a57eb - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183315). - Refresh patches.suse/x86-tboot-don-t-disable-swiotlb-when-iommu-is-forced-on. - commit 457c28f - locks: reinstate locks_delete_block optimization (CVE-2019-19769 bsc#1159280). - locks: fix a potential use-after-free problem when wakeup a waiter (CVE-2019-19769 bsc#1159280). - commit 4a9973d - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183310). - iommu/vt-d: Fix status code for Allocate/Free PASID command (bsc#1183320). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183310). - vfio/iommu_type1: Populate full dirty when detach non-pinned group (bsc#1183326). - iommu: Switch gather->end to the inclusive end (bsc#1183314). - memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops (bsc#1183325). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183324). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183323). - iommu: Check dev->iommu in dev_iommu_priv_get() before dereferencing it (bsc#1183311). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183317). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183316). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183321). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183319). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183318). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183322). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183312). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183313). - commit f8bf292 - Refresh ibmvfc patches to upstream version. - commit e1a83f9 - ALSA: hda/hdmi: Cancel pending works before suspend (bsc#1182377). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (bsc#1182377). - ALSA: hda: Flush pending unsolicited events before suspend (bsc#1182377). - commit de11888 - powerpc/sstep: Fix VSX instruction emulation (jsc#SLE-13847 bsc#1180581 ltc#190174). - commit 2216ba0 - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - commit 3c13549 - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - Refresh patches.kabi/kABI-Fix-kABI-after-AMD-SEV-PCID-fixes.patch. - commit cb76db4 - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - commit b6d08d2 - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - commit e6e6e8c - r8169: fix r8168fp_adjust_ocp_cmd function (git-fixes). - gpiolib: acpi: Allow to find GpioInt() resource by name and index (git-fixes). - gpiolib: acpi: Add ACPI_GPIO_QUIRK_ABSOLUTE_NUMBER quirk (git-fixes). - drm/amdgpu:disable VCN for Navi12 SKU (git-fixes). - ALSA: usb-audio: use Corsair Virtuoso mapping for Corsair Virtuoso SE (git-fixes). - r8169: Add support for another RTL8168FP (git-fixes). - r8169: improve DASH support (git-fixes). - drm/amdgpu: enable DCN for navi10 headless SKU (git-fixes). - drm/amdgpu: rename nv_is_headless_sku() (git-fixes). - drm/amdgpu: disable DCN and VCN for Navi14 0x7340/C9 SKU (git-fixes). - commit 16a0ee9 - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - usbip: tools: fix build error for multiple definition (git-fixes). - commit 15f1b1c - arm64: select CPUMASK_OFFSTACK if NUMA (bsc#1183033, bsc#1183030). - Update config files: CONFIG_CPUMASK_OFFSTACK=y for arm64 - commit 1e2e7ba - rpm/check-for-config-changes: comment on the list To explain what it actually is. - commit e94bacf - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - commit f61e954 - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - commit 67c6b55 - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - commit 018b013 - scsi: iscsi: Verify lengths on passthrough PDUs (CVE-2021-27365 bsc#1182715). - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (CVE-2021-27365 bsc#1182715). - scsi: iscsi: Restrict sessions and handles to admin capabilities (CVE-2021-27363 CVE-2021-27364 bsc#1182716 bsc#1182717). - commit e5416af ++++ multipath-tools: - Update to version 0.8.5+23+suse.c11b054: * multipath -U: reduce log level of "adding new path" message (bsc#1181435, bsc#1183666) ++++ snapper: - updated translations (bsc#1149754) ++++ systemd: - fix-machines-btrfs-subvol.sh is only shipped when machined is built ++++ libvirt: - Replace libxl-default-pcistub-name.patch with upstream variant ee3dc2c2-libxl-default-pcistub-name.patch ++++ pam: - pam_limits: "unlimited" is not a legitimate value for "nofile" (see setrlimit(2)). So, when "nofile" is set to one of the "unlimited" values, it is set to the contents of "/proc/sys/fs/nr_open" instead. Also changed the manpage of pam_limits to express this. [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] ++++ patterns-microos: - include rollback-helper in the default patterns (bsc#1183228) ++++ salt: - virt.network_update: handle missing ipv4 netmask attribute - Set distro requirement to oldest supported version in requirements/base.txt - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Don't require python3-certifi - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Added: * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch * 3002-set-distro-requirement-to-oldest-supported-vers.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * virt.network_update-handle-missing-ipv4-netmask-attr.patch ++++ raspberrypi-firmware: - Fix typo s/pannel/panel/ ++++ raspberrypi-firmware-config: - Fix typo s/pannel/panel/ ++++ systemd-presets-common-SUSE: - Enable user service pipewire-media-session.service (used with pipewire >= 0.3.23). ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#469 - Add bcond to build debug iso (boo#1183264) - 16.55 - merge gh#openSUSE/installation-images#467 - Only create lib64 dirs if filesystem has it (boo#1183264) - 16.54 - merge gh#openSUSE/installation-images#468 - disable zram swap only if there's another swap active (bsc#1183276) - 16.53 - merge gh#openSUSE/installation-images#466 - susepaste only for Tumbleweed/Leap (bsc#1182212) - 16.52 ------------------------------------------------------------------ ------------------ 2021-3-9 - Mar 9 2021 ------------------- ------------------------------------------------------------------ ++++ ca-certificates: - backport bash rewrite from Factory to make sure to trigger in transactional mode (boo#1179884) ++++ cifs-utils: - CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in container; (bsc#1183239); CVE-2021-20208. * add 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch ++++ kernel-default: - Refresh patches.suse/powerpc-pseries-Don-t-enforce-MSI-affinity-with-kdum.patch. Update patch metadata. - commit 5b5a037 - crypto: qat - replace CRYPTO_AES with CRYPTO_LIB_AES in Kconfig (git-fixes). - commit 79f6b38 - Update config files. - commit a7710ca - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - commit e710608 - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - commit 6c94cd0 - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - commit 05decbb - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - commit 5898dda - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - commit a31c30f - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - commit 8bcb8c8 - net/mlx5: Delete extra dump stack that gives nothing (git-fixes). - commit 8adc626 - fsl/fman: fix eth hash table allocation (git-fixes). - commit 888f0c2 - Refresh patches.suse/powerpc-vdso-Replace-vdso_base-by-vdso.patch. Fix warnings. - commit e4e515f - fsl/fman: check dereferencing null pointer (git-fixes). - commit 8b2d58f - fsl/fman: fix unreachable code (git-fixes). - commit 44dfe0c - fsl/fman: fix dereference null return value (git-fixes). - commit 54941fb - fsl/fman: use 32-bit unsigned integer (git-fixes). - commit b5edb51 - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - commit 62d1c07 - bpf: Fix truncation handling for mod32 dst reg wrt zero (bsc#1177028). - selftests/bpf: Convert test_xdp_redirect.sh to bash (bsc#1177028). - commit c084826 - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - commit 30d5020 - bpf: Clear subreg_def for global function return values (bsc#1177028). - bpf, devmap: Use GFP_KERNEL for xdp bulk queue allocation (bsc#1177028). - libbpf: Ignore non function pointer member in struct_ops (bsc#1177028). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (bsc#1177028). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1177028). - bpf: Fix verifier jmp32 pruning decision logic (bsc#1177028). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1177028). - commit 4d1a1f2 - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - commit e4781c6 ++++ selinux-policy: - Update to version 20210309 - Refreshed * fix_systemd.patch * fix_selinuxutil.patch * fix_iptables.patch * fix_init.patch * fix_logging.patch * fix_nscd.patch * fix_hadoop.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * fix_cron.patch * fix_usermanage.patch * fix_unprivuser.patch * fix_rpm.patch - Ensure that /usr/etc is labeled according to /etc rules ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#463 - Add susepaste to the rescue system (bsc#1182212) - Add susepaste to the inst-sys as well - susepaste dependency - 16.51 ++++ yast2: - Use meaningful button labels when asking the user if would like to continue when an installation client is missing (related to bsc#1180954). - 4.3.59 ------------------------------------------------------------------ ------------------ 2021-3-8 - Mar 8 2021 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.67.5: + Fix more issues with `glib_typeof` macro from 2.67.3–2.67.4. + Fix regression with some FD mappings passed to `g_subprocess_launcher_spawnv()` caused by changes for #2097 in GLib 2.67.4. + Fix detection of `str[n]casecmp()` when building with `clang-cl`. + Use zlib from subproject if configured with `wrap_mode=forcefallback`. + Updated translations. ++++ keepalived: - drop linux-4.15.patch: No longer needed as it was a backport from upstream - Cleanup configure options after consultation with upstream: - --enable-regex-timers is for debugging purposes - --enable-snmp-checker and --enable-snmp-vrrp are enabled by - -enable-snmp - --enable-snmp-rfcv2 and --enable-snmp-rfcv3 anre enabled by - -enable-snmp-rfc - --enable-stacktrace is definitely a debugging option - on systems where we have nftables support we will only ship with nftables support (>= 15.0) and use iptables support only on older distributions. ++++ kernel-default: - powerpc: Add kABI placeholder to struct pci_controller and mm_context_t (bsc#1183030). - commit d01a093 - scsi: iscsi: Verify lengths on passthrough PDUs (CVE-2021-27365 bsc#182715). - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (CVE-2021-27365 bsc#182715). - scsi: iscsi: Restrict sessions and handles to admin capabilities (CVE-2021-27363 CVE-2021-27364 bsc#182716 bsc#182717). - commit 71d447d - arch/arm64: Add a kABI placeholder for the future TLBI boradcast fixes (bsc#1183030). - commit 7797213 - blacklist.conf: Blacklist CONFIG_UCLAMP_TASK fixes dcd6dffb0a75 sched/core: Fix size of rq::uclamp initialization eaf5a92ebde5 sched/core: Fix reset-on-fork from RT with uclamp d81ae8aac85c sched/uclamp: Fix initialization of struct uclamp_rq 46609ce22703 sched/uclamp: Protect uclamp fast path code with static key - commit 04723ee - Rename duplicate patches to their SLE15-SP2 equivalents. This is to prepare for the next SLE15-SP2 -> SLE15-SP3 merge. - commit 87e9aa1 - net: ethernet: aquantia: Fix wrong return value (git-fixes). - commit d7e8c64 - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - commit 332c76d - nvme-hwmon: Return error code when registration fails (bsc#1177326). - commit 1f91b69 - Refresh patches.suse/0003-kabi-Add-placeholders-to-a-couple-of-important-struc.patch. Add KABI padding to mm_struct, which is mentioned in the patch description but was actually missing. - commit 17c4dee - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - commit eaed13b - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - Refresh patches.suse/livepatch-dump-ipa-clones.patch - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - commit 9b47d75 - blacklist.conf: blacklist btrfs subpage RW related fixes As btrfs in SLE won't support subpage RW until SLE15-SP4. - commit 74db4da - drm/i915/gem: Support parsing of oversize batches (bsc#1152489) Backporting notes: * context changes - commit dc05c54 - blacklist.conf: Append 'drm/i915: Keep rings pinned while the context is active' Backporting notes: * ac65bdfef14a ("drm/i915: Keep rings pinned while the context is active") is in the v5.3 base tree, but got blacklisted with the wrong duplicate-of rev. The patch at hand fixes this. - commit 81ad7e0 - ASoC: Intel: sof_sdw: detect DMIC number based on mach params (git-fixes). - ASoC: Intel: sof-sdw: indent and add quirks consistently (git-fixes). - ASoC: Intel: bytcr_rt5640: Add new BYT_RT5640_NO_SPEAKERS quirk-flag (git-fixes). - Bluetooth: Add new HCI_QUIRK_NO_SUSPEND_NOTIFIER quirk (git-fixes). - Bluetooth: btusb: fix memory leak on suspend and resume (git-fixes). - drm/virtio: use kvmalloc for large allocations (git-fixes). - commit 2f41145 - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - commit 9236947 - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes). - staging: most: sound: add sanity check for function argument (git-fixes). - staging: fwserial: Fix error handling in fwserial_create (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - commit 2608a34 - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - commit 4e131ac - Refresh patches.suse/btrfs-don-t-flush-from-btrfs_delayed_inode_reserve_metadata.patch. - Refresh patches.suse/btrfs-free-correct-amount-of-space-in-btrfs_delayed_inode_reserve_metadata.patch. - Refresh patches.suse/btrfs-unlock-extents-in-btrfs_zero_range-in-case-of-errors.patch. - commit bafd254 - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - commit d053b67 ++++ gcc11: - Update embedded newlib version from 3.3.0 to 4.1.0. ++++ raspberrypi-firmware: - Enable bluetooth over PL011 by default (jsc#SLE-17223) - Enable VC4 by default on RPi4 (jsc#SLE-12151) ++++ raspberrypi-firmware-config: - Enable bluetooth over PL011 by default (jsc#SLE-17223) - Enable VC4 by default on RPi4 (jsc#SLE-12151) ++++ shim: - Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential crash at Exit() (bsc#1182776) ++++ yast2: - save_y2logs: Make modified content of log files just warning instead of fatal (bsc#1182710 see comment 2) - 4.3.58 - Ask the user if would like to continue when an installation client is missing (related to bsc#1180594). - 4.3.57 ++++ yast2-trans: - Update to version 84.87.20210306.35a69d414b: * New POT for text domain 'registration'. * New POT for text domain 'packager'. * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-3-7 - Mar 7 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.11 * fix device path canonicalization for device mapper devices * receive: remove workaround for setting capabilities, all stable kernels have been patched * receive: fix duplicate mount path detection * rescue: new subcommand create-control-device * device stats: minor fix for plain text format output * build: detect if e2fsprogs support 64bit timestamps * build: drop libmount, required functionality has been reimplemented * mkfs: warn when raid56 is used * balance convert: warn when raid56 is used * other * new and updated tests * documentation updates * seeding device * raid56 status * CI updates * docker images for various distros - Update to 5.10.1 * static build works again * other: * add a way to test static binaries with the testsuite * clarify scrub docs * update dependencies, minimum version for libmount is 2.24, this may change in the future - Update to 5.10 * scrub status: * print percentage of progress * add size unit options * fi usage: also print free space from statfs * convert: copy full 64 bit timestamp from ext4 if availalble * check: * add ability to repair extent item generation * new option to remove leftovers from inode number cache (-o inode_cache) * check for already running exclusive operation (balance, device add/...) when starting one * preliminary json output support for 'device stats' * fixes: * subvolume set-default: id 0 correctly falls back to toplevel * receive: align internal buffer to allow fast CRC calculation * logical-resolve: distinguish -o subvol and bind mounts * build: new dependency libmount * other * doc fixes and updates * new tests * ci on gitlab temporarily disabled * debugging output enhancements ++++ keepalived: - Update to 2.2.2 https://www.keepalived.org/release-notes/Release-2.2.2.html - change how we install documentation to avoid duplicated files - Link all the files for ipset, iptables, libnl instead of dlopen. Drop the previous workaround for generating requires for the dlopen-ed libaries. - remove unsupported configure option: --enable-libiptc ------------------------------------------------------------------ ------------------ 2021-3-6 - Mar 6 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.4.4, to fix CVE-2021-21334. ++++ kernel-default: - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - commit 5937701 - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - PM: runtime: Update device status before letting suppliers suspend (git-fixes). - commit e05652b - drm/amd/display: Add a backlight module option (bsc#1180749). - drm/amdgpu/display: handle aux backlight in backlight_get_brightness (bsc#1180749). - drm/amdgpu/display: don't assert in set backlight function (bsc#1180749). - drm/amdgpu/display: simplify backlight setting (bsc#1180749). - commit 5a8f9fa - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - commit 5819136 ------------------------------------------------------------------ ------------------ 2021-3-5 - Mar 5 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit-wicked: - Version 4: * Properly detect whether the interface is up (gh#123 and bsc#1182189). * Clarify that the "Routing" tab is about user-defined routes (related to gh#122). ++++ combustion: - Expand and clarify README ++++ kdump: - kdump-mounts.cc-Include-sys-ioctl.h.patch: mounts.cc: Include . - Update to 0.9.1 * Add build dependency on libmount * Drop build dependency on OpenSSL * Build with --stdc=c++11 * Bug fixes (bsc#1173914, bsc#1177196, bsc#1180513) - Remove patches that have been upstreamed: * kdump-block-initrd-parse-etc.service.patch * kdump-fadump-avoid-multipath-optimizations.patch * kdump-split-cmdline-purpose-wise.patch * kdump-fadump-fix-network-bring-up.patch * kdump-fadump-add-udev-support.patch * kdump-turn-off-NUMA-in-kdump-kernel.patch * kdump-remove-noefi-and-acpi_rsdp-for-efi-firmware.patch * kdump-Restore-only-static-routes-in-kdump-initrd.patch * kdump-fallback-re-register-fadump-from-userspace.patch * kdump-recover-from-missing-CRASHTIME.patch * kdump-fix-multipath-user_friendly_names.patch * kdump-Add-skip_balance-option-to-BTRFS-mounts.patch * kdump-kdumprd-Look-for-boot-image-and-boot-Image.patch * kdump-savedump-search-also-for-vmlinux.xz.patch * kdump-preserve-white-space.patch * kdump-Clean-up-the-use-of-current-vs-boot-network-iface.patch * kdump-Use-a-custom-namespace-for-physical-NICs.patch * kdump-clean-up-kdump-mount-points.patch * kdump-skip-mounts-if-no-proc-vmcore.patch * kdump-nss-modules.patch * kdump-Add-force-option-to-KDUMP_NETCONFIG.patch * kdump-Add-fence_kdump_send-when-fence-agents-installed.patch * kdump-FENCE_KDUMP_SEND-variable.patch * kdump-Document-fence_kdump_send.patch * kdump-powerpc-no-reload-on-CPU-removal.patch * kdump-prefer-by-path-and-device-mapper.patch * kdump-calibrate-Update-values.patch * kdump-activate-udev-rules-late-during-boot.patch * kdump-make-sure-that-the-udev-runtime-directory-exists.patch * kdump-make-sure-that-initrd.target.wants-directory-exists.patch * kdump-check-explicit-ip-options.patch * kdump-query-systemd-network.service.patch - kdump-query-systemd-network.service.patch: Query systemd network.service to find out if wicked is used (bsc#1182309). - kdump-check-explicit-ip-options.patch: Do not add network-related dracut options if ip= is set explicitly (bsc#1182309). ++++ kernel-default: - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - refresh config files (drop PLUGIN_HOSTCC) - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - commit 9094f62 - powerpc/vdso: Retrieve sigtramp offsets at buildtime (bsc#1183002). - Refresh patches.suse/powerpc-64-signal-Fix-regression-in-__kernel_sigtram.patch. - powerpc/vdso: Replace vdso_base by vdso (bsc#1183002). - commit 0f7fda0 - ARMv6/v7: Update config files. (bsc#1183009) enable CONFIG_ARM_MODULE_PLTS to fix module loading issues (cherry picked from commit b3d2cd1b65794d32c02319c8e2376f15360ff8ec) - commit 5723968 - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - commit 77ad0cc - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - Delete patches.rpmify/Kconfig-make-CONFIG_CC_CAN_LINK-always-true.patch. - commit 928cf1d - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: arm64/poly1305-neon - reorder PAC authentication with SP update (git-fixes). - commit c931ac8 - objtool: Fix ".cold" section suffix check for newer versions of GCC (bsc#1169514). - commit 4b4e63c - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - commit 486024a - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - commit a1976d2 - ALSA: hda: intel-nhlt: verify config type (git-fixes). - commit 4504e76 - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - commit acba99b - Move upstreamed USB-audio fixes into sorted section - commit 28c79bd - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - commit 83ee089 - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - commit 5a927d9 - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - commit b394e32 - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - commit 53b7528 - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - commit 846e338 ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Fix bsc#1178407: fuser does not show open kvm storage image files such as qcow2 files. Patch from Ali Abdallah ++++ qemu: - Fix GCC11 compiler issue in brotli (edk2) code (boo#1181922) brotli-fix-actual-variable-array-paramet.patch - Tweak a few submodule descriptions and summaries - Fix a backward compatibility issue in ACPI data i386-acpi-restore-device-paths-for-pre-5.patch ++++ systemd-rpm-macros: - Bump to version 7 - Remove confusing --user before --global in %systemd_user_preun It's actually a backport of upstream commit 28d36da64a7a23a55e8d0a139f2620384fd058b3 - Update a few comments - Don't pass -f to rm to make sure that rm failures will be logged But also make sure to not abort the scriptlet prematurely if rm fails. - Add a %systemd_user_pre macro (boo#1183051, boo#1183012) It creates a /run/systemd/rpm/needs-user-preset/$service file for each new service being installed so %systemd_user_post can call `systemctl --global preset $service` properly for newly installed user services (even when it's introduced via a package update). - Fix %systemd_user_post (boo#1183051, boo#1182661) The --global parameter was handled as if it was another service name so %systemd_user_post wasn't working properly. Replace %systemd_user_post with the code from %service_add_post it was being expanded to but correctly passing --global to systemctl. - Tabify %service_del_postun_without_restart To make it consistent with the other macros. No functional change. ++++ toolbox: - Update to version 2.1+git20210305.ca2bc53: * Avoid copying the user setup script with 'podman cp' ++++ yast2-trans: - Update to version 84.87.20210305.d5777911c2: * New POT for text domain 'security'. * New POT for text domain 'base'. * New POT for text domain 'security'. * New POT for text domain 'security'. * New POT for text domain 'control'. * New POT for text domain 'security'. * New POT for text domain 'installation'. * New POT for text domain 'control'. * New POT for text domain 'bootloader'. * New POT for text domain 'storage'. * New POT for text domain 'qt'. * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * New POT for text domain 'security'. * New POT for text domain 'network'. * New POT for text domain 'storage'. * New POT for text domain 'qt'. ------------------------------------------------------------------ ------------------ 2021-3-4 - Mar 4 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Harden build, enable full RELRO - Never allow undefined symbols anywhere. ++++ glib2: - Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328, glgo#GNOME/glib!1944) ++++ gzip: - gzip.spec: move %patch10 from the ifarch condition (mistake) ++++ kernel-default: - drm/amd/display: Remove Assert from dcn10_get_dig_frontend (git-fixes). - drm/amd/display: Add vupdate_no_lock interrupts for DCN2.1 (git-fixes). - drm/amdgpu: Set reference clock to 100Mhz on Renoir (v2) (git-fixes). - drm/amdkfd: Fix recursive lock warnings (git-fixes). - drm/amd/display: Add FPU wrappers to dcn21_validate_bandwidth() (git-fixes). - drm/modes: Switch to 64bit maths to avoid integer overflow (git-fixes). - commit dbc87d2 - watchdog: mei_wdt: request stop on unregister (git-fixes). - commit 1de5431 - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (git-fixes). - USB: serial: option: update interface mapping for ZTE P685M (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - commit b47408f - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - staging: gdm724x: Fix DMA from stack (git-fixes). - commit 837d6c3 - drm/msm/mdp5: Fix wait-for-commit for cmd panels (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - commit d2c4de8 - rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_* * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel's dummy-tools. - commit d12dcbd - objtool: Fix retpoline detection in asm code (bsc#1169514). - commit 15a53c5 - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - commit 68ed094 - dmaengine: move .device_release missing log warning to debug level (bsc#1182992). - dmaengine: ioat: Support in-use unbind (bsc#1182992). - commit fb94c70 - Add kABI placeholders for ASoC (bsc#1179531). - Add kABI placeholders for HD-audio (bsc#1179531). - commit 9e31dbc - printk: fix deadlock when kernel panic (bsc#1183018). - commit 069ec3d - printk: fix deadlock when kernel panic (bsc#1183018). - commit 5021e3a - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - commit fb7ed7c - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - commit a815647 - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - commit b29b589 ++++ libcontainers-common: - Require util-linux-systemd for %post scripts (findmnt) (boo#1182998) ++++ libxkbcommon: - Update to release 1.1.0 * Update keysym definitions to latest xorgproto. In particular, this adds many special keysyms corresponding to Linux evdev keycodes. * New XKB_KEY_* definitions. ++++ zlib: - Fix hw compression on z15 bsc#1176201 - Add zlib-s390x-z15-fix-hw-compression.patch ++++ zstd: - Update to version 1.4.9 * https://github.com/facebook/zstd/releases/tag/v1.4.9 * >2x Faster Long Distance Mode * New Experimental Decompression Feature: ZSTD_d_refMultipleDDicts * bug: Use umask() to Constrain Created File Permissions * bug: Make Simple Single-Pass Functions Ignore Advanced Parameters * cli: Fix --output-dir-mirror's Rejection of ..-Containing Paths * cli: Allow Input From Console When -f/--force is Passed ++++ systemd-presets-common-SUSE: - Enable user services pipewire.socket and pipewire-pulse.socket (boo#1183012). ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#465 - Prepare UsrMerge (boo#1029961) - remove explicit libblogger2 dep - clean up kernel module config - 16.50 ++++ u-boot-rpiarm64: - Fix confname assignment for zynqmp and zynq case (bsc#1182962) - Guard 'export BL31' for sun50i_h6 and sun50i_a64 with '%{with uboot_atf}' condition (bsc#1182962) ++++ wicked: - version 0.6.65 - ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215) - client: parse sysctl files in the correct order (bsc#1181186) - ifup: fix for set up with unenslave from unconfigured master (boo#954329) - rpm: prepare for new builds using usrmerged rpm macro (boo#1029961) - rpm: Let wicked-service also provide service(network) - cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815) - dbus: add variant container, generic object-path and uint32 array macros ++++ yast2: - Fix backward compatibility for focus parameter of Report.AnyQuestion/Report.ErrorAnyQuestion (bsc#1183011) - 4.3.56 ------------------------------------------------------------------ ------------------ 2021-3-3 - Mar 3 2021 ------------------- ------------------------------------------------------------------ ++++ docker: - Update to Docker 20.10.5-ce. See upstream changelog online at . bsc#1182947 - Update runc dependency to 1.0.0~rc93. - Remove upstreamed patches: - cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Switch version to use -ce suffix rather than _ce to avoid confusing other tools. boo#1182476 ++++ dracut: - Update to version 053+suse.93.g039ac07d: * fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs - Update to version 053+suse.91.g4a0bdda1: * fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs (bsc#1180822) ++++ glib2: - Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933, glgo#GNOME/glib!1943) ++++ glibc: - nscd-netgroupcache.patch: nscd: Fix double free in netgroupcache (CVE-2021-27645, bsc#1182733, BZ #27462) ++++ haproxy: - Update to version 2.3.6+git0.7851701ed: * [RELEASE] Released version 2.3.6 * BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout * BUG/MINOR: mux-h2: Fix typo in scheme adjustment * DOC: spoe: Add a note about fragmentation support in HAProxy * BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 * BUG/MINOR: connection: Use the client's dst family for adressless servers * BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule * BUG/MINOR: http-ana: Only consider dst address to process originalto option * BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() * BUG/MINOR: stats: fix compare of no-maint url suffix * CLEANUP: muxes: Remove useless if condition in show_fd function * BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup() * BUG/MEDIUM: resolvers: Reset address for unresolved servers * BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records * BUG/MINOR: resolvers: new callback to properly handle SRV record errors * BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record * BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned * BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() * BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal * BUG/MEDIUM: cli/shutdown sessions: make it thread-safe * BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop * BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe * BUG/MINOR: sample: secure convs that accept base64 string and var name as args * MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes * BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert" * BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok * BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line * BUG/MINOR: server: Init params before parsing a new server-state line * BUG/MINOR: http-rules: Always replace the response status on a return action * BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer * BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ(). * DOC: explain the relation between pool-low-conn and tune.idle-pool.shared * BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions * BUG/MINOR: sample: Always consider zero size string samples as unsafe * BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust() * BUG/MINOR: checks: properly handle wrapping time in __health_adjust() * BUG/MINOR: session: atomically increment the tracked sessions counter * BUG/MINOR: server: Remove RMAINT from admin state when loading server state * CLEANUP: channel: fix comment in ci_putblk. * DOC: tune: explain the origin of block size for ssl.cachesize * BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL * BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines * BUG/MINOR: stats: revert the change on ST_CONVDONE * BUG/MEDIUM: config: don't pick unset values from last defaults section * CLEANUP: deinit: release global and per-proxy server-state variables on deinit * BUG/MINOR: server: Fix server-state-file-name directive * BUG/MINOR: backend: hold correctly lock when killing idle conn * BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() * BUG/MINOR: server: re-align state file fields number * BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state * BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors * BUG/MINOR: intops: fix mul32hi()'s off-by-one * BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro * BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro * BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro * MINOR: check: do not ignore a connection header for http-check send ++++ kernel-default: - Refresh patches.suse/ibmvnic-Fix-possibly-uninitialized-old_num_tx_queues.patch. Update patch metadata - commit d8a9644 - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - commit 0a8c8cf - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - commit d7a202d - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - commit d9a7a48 - ice: update the number of available RSS queues (jsc#SLE-7926). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - commit 51a1824 - net: freescale: change xgmac-mdio to built-in References: bsc#1182595 - commit b25e0d8 - RDMA/rtrs-srv: Do not pass a valid pointer to PTR_ERR() (jsc#SLE-15176). - commit b3bb6ea - ice: update the number of available RSS queues (jsc#SLE-7926). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: Set trusted VF as default VSI when setting allmulti on (jsc#SLE-12878). - RDMA/rtrs-srv-sysfs: fix missing put_device (jsc#SLE-15176). - RDMA/rtrs-srv: fix memory leak by missing kobject free (jsc#SLE-15176). - RDMA/rtrs: Only allow addition of path to an already established session (jsc#SLE-15176). - RDMA/rtrs-srv: Fix stack-out-of-bounds (jsc#SLE-15176). - RDMA/ucma: Fix use-after-free bug in ucma_create_uevent (bsc#1181147). - RDMA/mlx5: Allow creating all QPs even when non RDMA profile is used (jsc#SLE-15175). - RDMA/rtrs: Fix KASAN: stack-out-of-bounds bug (jsc#SLE-15176). - RDMA/rtrs-srv: Init wr_cnt as 1 (jsc#SLE-15176). - RDMA/rtrs-srv: Do not signal REG_MR (jsc#SLE-15176). - RDMA/rtrs-clt: Use bitmask to check sess->flags (jsc#SLE-15176). - RDMA/rtrs: Do not signal for heatbeat (jsc#SLE-15176). - RDMA/rtrs-clt: Refactor the failure cases in alloc_clt (jsc#SLE-15176). - RDMA/rtrs-srv: Fix missing wr_cqe (jsc#SLE-15176). - RDMA/rtrs: Call kobject_put in the failure path (jsc#SLE-15176). - RDMA/rtrs-srv: Jump to dereg_mr label if allocate iu fails (jsc#SLE-15176). - RDMA/rtrs-clt: Set mininum limit when create QP (jsc#SLE-15176). - RDMA/rtrs-srv: Use sysfs_remove_file_self for disconnect (jsc#SLE-15176). - RDMA/rtrs-srv: Release lock before call into close_sess (jsc#SLE-15176). - RDMA/rtrs: Extend ibtrs_cq_qp_create (jsc#SLE-15176). - net/mlx5e: kTLS, Use refcounts to free kTLS RX priv context (jsc#SLE-15172). - net/mlx5e: Fix CQ params of ICOSQ and async ICOSQ (jsc#SLE-15172). - net/mlx5e: Replace synchronize_rcu with synchronize_net (jsc#SLE-15172). - net/mlx5e: Change interrupt moderation channel params also when channels are closed (jsc#SLE-15172). - net/mlx5e: Enable XDP for Connect-X IPsec capable devices (jsc#SLE-15172). - net/mlx5e: Enable striding RQ for Connect-X IPsec capable devices (jsc#SLE-15172). - bnxt_en: Fix devlink info's stored fw.psid version format (jsc#SLE-16649). - ice: log message when trusted VF goes in/out of promisc mode (jsc#SLE-12878). - RDMA/rtrs: Introduce rtrs_post_send (jsc#SLE-15176). - RDMA/rtrs: Remove unnecessary argument dir of rtrs_iu_free (jsc#SLE-15176). - commit 4eae933 - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - commit e90afb3 - ice: report correct max number of TCs (jsc#SLE-7926). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - commit 5c94309 - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Don't abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - commit 037cfcf - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ("kvm: tracing: Fix unmatched kvm_entry and kvm_exit events", bsc#1182770). - commit bca7352 ++++ openssl-1_1: - Security fixes: * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback protection [bsc#1182333, CVE-2021-23840] * Null pointer deref in X509_issuer_and_serial_hash() [bsc#1182331, CVE-2021-23841] - Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch ++++ qemu: - Add patch from IBM to improve modularization situation on s390 where a new qemu module, hw-s390x-virtio-gpu-ccw.so, and a corresponding new qemu-hw-s390x-virtio-gpu-ccw subpackage, is split out (this parallels the hw-display-virtio-gpu-pci.so module). Split-provides file is also used to track this functionality splitout. Both the packages supplying the above mentioned modules now have a Requires on the qemu-hw-display-virtio-gpu package. It is anticipated that this change is going in upstream as well, and if done differently the plan is to update to the upstream implementation if possible (bsc#1181103) hw-s390x-modularize-virtio-gpu-ccw.patch ++++ supportutils: - Remove net-tools from requires, it does not contain any tool anymore used by supportutils pr#96 ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#462 - support using zram device as root file system (jsc#SLE-17630) - 16.49 - merge gh#openSUSE/installation-images#464 - fix efi local boot entry on x86_64 (bsc#1182891) - 16.48 ++++ tpm2-tss-engine: - pass --disable-defaultflags to avoid breakage of our gcc-PIE profile (-> resulted in non-position-independent executable). - Update to upstream version 1.1.0: * Added: - Configure option for ptpm tests - Configure script AX_CHECK_ENABLE_DEBUG - Option for setting tcti on executable - TCTI-env variable used by default - Support for parent key passwords - openssl.cnf sample file * Changed: - Fix several build system, autotools and testing related issues Now adhere to CFLAGS conventions - Include pkg-config dependecy on libtss2-mu in order to work with tpm2-tss 2.3 - Enables parallel testing of integration tests: Make integration tests use TPM simulator; instead of first TPM it finds Use of different port numbers for TCP based tests - Fix EC param info (using named curve format) - Use tpm2-tools 4.X stable branch for integration tests - Use libtss2-tctildr.so instead of custom code for tcti setup - Fix manpages for -P/--parent option and correct engine name - Fix TCTI env variable handling - Set parent handle to OWNER ++++ wpa_supplicant: - Fix systemd device ready dependencies in wpa_supplicant@.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844) ------------------------------------------------------------------ ------------------ 2021-3-2 - Mar 2 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.2.0 - tukit: Add new command 'callext' to execute an application while the snapshot is mounted. '{}' as a parameter will be replaced with the path of the bind mount. - Fix --drop-if-no-change [boo#1182525] - Check whether self-updated version is executable (e.g. on noexec /tmp) [bsc#1173842] - Fix overlay synchronisation with SELinux (again) - Always overwrite supplemental files (e.g. for network configuration) even if they exist in the snapshot already [boo#1182544] - Improve logging and error messages ++++ kernel-default: - series.conf: cleanup - move unsortable patch out of sorted section patches.suse/ibmvnic-Fix-possibly-uninitialized-old_num_tx_queues.patch - commit be18357 - Update kabi files. - update from March 2021 maintenance update submission (commit c35b1245712f) - commit ebf0b27 - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - commit 2b2d062 - blacklist.conf: c7ff651960a6 ("blktrace: fix blk_rq_issue documentation") Cosmetic. - commit ee4b49c - blacklist.conf: 179d16007236 ("block: remove superfluous param in blk_fill_rwbs()") Cleanup only. - commit ed3c6d0 - coresight: etm4x: Modify core-commit to avoid HiSilicon ETM overflow (jsc#SLE-14776). - commit f817d44 - coresight: etm4x: Skip accessing TRCPDCR in save/restore (git-fixes). - commit 8b8fa95 - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - commit 08badc9 - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - commit d717867 - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - commit f88a325 - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - commit fb4cf71 - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - update config files (CSD_LOCK_WAIT_DEBUG=n) - commit 59bec34 - series.conf: refresh - update upstream reference and resort: patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch - commit 9ab8f38 - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - commit 3c0b378 - series.conf: cleanup - move submitted patches to appropriate section: patches.suse/btrfs-free-correct-amount-of-space-in-btrfs_delayed_inode_reserve_metadata.patch patches.suse/btrfs-don-t-flush-from-btrfs_delayed_inode_reserve_metadata.patch patches.suse/btrfs-cleanup-try_flush_qgroup.patch patches.suse/btrfs-remove-btrfs_inode-from-btrfs_delayed_inode_reserve_metadata.patch patches.suse/btrfs-simplify-code-flow-in-btrfs_delayed_inode_reserve_metadata.patch patches.suse/btrfs-unlock-extents-in-btrfs_zero_range-in-case-of-errors.patch (no effect on expanded tree) - commit d631784 - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - commit 10244d3 ++++ efivar: - Add efivar-bsc1181967-fix-nvme-parsing.patch to fix the NVME path parsing (bsc#1181967) ++++ openssl-1_1: - Fix unresolved error codes [bsc#1182959] - Update openssl-1.1.1-fips.patch ++++ osinfo-db: - Update to database version 20210215 osinfo-db-20210215.tar.xz - Fix AutoYaST profiles to pass the validation during installation (bsc#1182144). fix-autoyast-validation.patch ++++ python-libvirt-python: - Update to 7.1.0 - Add all new APIs and constants in libvirt 7.1.0 ++++ supportutils: - Collect logs for power specific components (using iprconfig) pr#94 (bsc#1182950) + Additional nvme information + Additional kdump configuration and logs ------------------------------------------------------------------ ------------------ 2021-3-1 - Mar 1 2021 ------------------- ------------------------------------------------------------------ ++++ bcm43xx-firmware: - Cater for old and new ways of configuring bluetooth on RPi. Users of 'hciattach' expect the firmware in '/lib/firmware' while users of the serdev configured bluetooth setups will expect it in '/lib/firmware/brcm' (bsc#1177189). ++++ hwdata: - Update to version 0.345: + Updated pci, usb and vendor ids. + Resolves boo#1182482 jsc#SLE-13791 bnc#1170160 ++++ jeos-firstboot: - Fix git url in _service ++++ kernel-default: - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - commit be6fb41 - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - Refresh patches.suse/powerpc-pseries-group-lmb-operation-and-memblock-s.patch. - commit 8cb9bdd - powerpc/pseries: Don't enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - commit cfc7153 - pseries/drmem: don't cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - Refresh patches.suse/powerpc-pseries-group-lmb-operation-and-memblock-s.patch. - Refresh patches.suse/powerpc-pseries-update-device-tree-before-ejecting-h.patch. - commit fe4f641 - cifs: fix nodfs mount option (bsc#1181710). - commit 94844a1 - cifs: introduce helper for finding referral server (bsc#1181710). - commit f74681b - cifs: check all path components in resolved dfs target (bsc#1181710). - commit 91cd435 - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes). - commit 401e086 - net: nixge: fix potential memory leak in nixge_probe() (git-fixes). - commit cdc643b - net: hns3: fix for VLAN config when reset failed (git-fixes). - commit 4209fa0 - net: hns3: add reset check for VF updating port based VLAN (git-fixes). - commit 9609b2a - net: ethernet: ave: Fix error returns in ave_init (git-fixes). - commit 166a8fe - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes). - commit cead210 - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - commit 342b694 - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes). - commit e7fb27b - net: macb: mark device wake capable when "magic-packet" property present (git-fixes). - commit 3e9fa11 - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes). - commit 0dfe6dc - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes). - commit 0c2ca01 - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - commit 11f5fde - smsc95xx: check return value of smsc95xx_reset (git-fixes). - commit 02e26ea - net: bcmgenet: use hardware padding of runt frames (git-fixes). - commit b2f215a - powerpc/optprobes: Remove unused routine patch_imm32_load_insns() (jsc#SLE-13847). - commit f56b470 - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (FATE#322022, bsc#1065729. git-fixes). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (FATE#324970, bsc#1078720, git-fixes). - commit 5742f0f - docs: filesystems: vfs: correct flag name (bsc#1182857). - commit f89f9ce - blacklist.conf: d0995b53130e f2fs: add missing documents of reserve_root/resuid/resgid - commit 63a6155 - docs: filesystems: vfs: correct flag name (bsc#1182856). - commit 969c3e4 - blacklist.conf: d0995b53130e f2fs: add missing documents of reserve_root/resuid/resgid - commit 95579b0 - ceph: fix flush_snap logic after putting caps (bsc#1182854). - commit eacaa0a - ceph: fix flush_snap logic after putting caps (bsc#1182853). - commit 9a38be6 - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - commit a24afd4 - rpm/kernel-source.spec.in: temporary workaround for a build failure Upstream c6x architecture removal left a dangling link behind which triggers openSUSE post-build check in kernel-source, failing kernel-source build. A fix deleting the danglink link has been submitted but it did not make it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch utility does not handle symlink removal. Add a temporary band-aid which deletes all dangling symlinks after unpacking the kernel source tarball. [jslaby] It's not that temporary as we are dragging this for quite some time in master. The reason is that this can happen any time again, so let's have this in packaging instead. - commit 52a1ad7 - bus: fsl-mc: Fix test for end of loop (git-fixes). - commit a7e273c - Move upstreamed fsl patches into sorted section - commit 6e876b3 - i2c: exynos5: Preserve high speed master code (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - drm/panel: kd35t133: allow using non-continuous dsi clock (git-fixes). - drm/rockchip: Require the YTR modifier for AFBC (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs timestamps (git-fixes). - drm/msm: Fix race of GPU init vs timestamp power management (git-fixes). - drm/msm/mdp5: Fix wait-for-commit for cmd panels (git-fixes). - r8169: fix jumbo packet handling on RTL8168e (git-fixes). - PCI: rockchip: Make 'ep-gpios' DT property optional (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working (git-fixes). - drm/xlnx: fix kmemleak by sending vblank_event in atomic_disable (git-fixes). - commit ecbb9ac - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: quirks: sort quirk entries (git-fixes). - NET: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). - commit ae76757 ++++ libqmi: - Update to version 1.28.2 * libqmi-glib: + Fixed build with GLib < 2.58. + Simplified the qmi_wwan add_mux/del_mux logic assuming there is no delay in the creation and deletion of the net links. ++++ libvirt: - libxl: Fix node device detach when driver unspecified libxl-default-pcistub-name.patch boo#1182885 - spec: Bump minimum glib version to 2.56 - Update to libvirt 7.1.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - bsc#1182367, bsc#1182515 - Dropped patches: 32c5e432-revert-f035f53b.patch, e3d60f76-fix-socket-file-gen.patch, 7cf60006-qemu-swtpm-aarch64.patch, afb823fc-qemu-validate-swtpm.patch, 8a4b8996-conf-move-virDomainCheckVirtioOptions.patch, c05f0066-conf-drop-empty-virDomainNetDefPostParse.patch, 19d4e467-conf-improve-virDomainVirtioOptionsCheckABIStability.patch, bd112c9e-qemu-virtio-options-vsock.patch ++++ salt: - Allow extra_filerefs as sanitized kwargs for SSH client - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Bring missing part of async batch implementation back (bsc#1182382) (CVE-2021-25315) - Always require python3-distro (bsc#1182293) - Added: * async-batch-implementation-fix-320.patch * implementation-of-suse_ip-execution-module-bsc-10999.patch * fix-for-some-cves-bsc1181550.patch * fixes-56144-to-enable-hotadd-profile-support.patch * add-sleep-on-exception-handling-on-minion-connection.patch * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch ++++ raspberrypi-firmware-dt: - Introduce enable-bt-overlay.dts (bsc#1182759) ++++ samba: - Spec file fixes around systemd and requires; (bsc#1182830); - Align systemd service unit files with upstream provided ones. ++++ u-boot-rpiarm64: - update_git.sh: use safe tmp directories, use authenticated https:// procotol. - Build with arm-trusted-firmware for Tumbleweed - Drop unused uboot_atf_pine64 option ------------------------------------------------------------------ ------------------ 2021-2-28 - Feb 28 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - commit 761c100 ++++ mozilla-nss: - Add nss-btrfs-sqlite.patch to address bmo#1690232 ------------------------------------------------------------------ ------------------ 2021-2-27 - Feb 27 2021 ------------------- ------------------------------------------------------------------ ++++ wpa_supplicant: - Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability (bsc#1182805) ------------------------------------------------------------------ ------------------ 2021-2-26 - Feb 26 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch * 0036-util-mkimage-Improve-data_size-value-calculation.patch * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch * 0039-grub-install-common-Add-sbat-option.patch - Fix CVE-2021-20225 (bsc#1182262) * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - Fix CVE-2020-27749 (bsc#1179264) * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch * 0025-kern-parser-Fix-a-memory-leak.patch * 0026-kern-parser-Introduce-process_char-helper.patch * 0027-kern-parser-Introduce-terminate_arg-helper.patch * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - Fix CVE-2020-25647 (bsc#1177883) * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - Fix CVE-2020-25632 (bsc#1176711) * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch * 0005-efi-Add-secure-boot-detection.patch * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch * 0009-kern-Add-lockdown-support.patch * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch * 0018-gdb-Restrict-GDB-access-when-locked-down.patch * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch * 0042-squash-grub2-efi-chainload-harder.patch * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch * 0044-squash-kern-Add-lockdown-support.patch * 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - Drop patch supersceded by the new backport * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch - Add SBAT metadata section to grub.efi - Drop shim_lock module as it is part of core of grub.efi * grub2.spec ++++ gtk3: - Update to version 3.24.26: + Input: - Fix a few oversights in Compose file parsing. - Fine-tune Compose preedit display. + Theme: - Fine-tune scrollbar size and transitions. - Reinstate invisible borders for tiled windows. + Wayland: Fix a problem with font settings not being found. + Updated translations. ++++ kernel-default: - bcache: Avoid comma separated statements (git-fixes). - bcache: Move journal work to new flush wq (git-fixes). - bcache: Give btree_io_wq correct semantics again (git-fixes). - Revert "bcache: Kill btree_io_wq" (git-fixes). - bcache: Fix register_device_aync typo (git-fixes). - bcache: consider the fragmentation when update the writeback rate (git-fixes). - bcache: only check feature sets when sb->version >= BCACHE_SB_VERSION_CDEV_WITH_FEATURES (git-fixes). - bcache: set bcache device into read-only mode for BCH_FEATURE_INCOMPAT_OBSO_LARGE_BUCKET (git-fixes). - bcache: introduce BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE for large bucket (git-fixes). - bcache: check unsupported feature sets for bcache register (git-fixes). - bcache: fix typo from SUUP to SUPP in features.h (git-fixes). - bcache: set pdev_set_uuid before scond loop iteration (git-fixes). - md/bcache: convert comma to semicolon (git-fixes). - bcache:remove a superfluous check in register_bcache (git-fixes). - dm: remove unnecessary current->bio_list check when submitting split bio (git-fixes). - bcache: fix race between setting bdev state to none and new write request direct to backing (git-fixes). - dm: fix double RCU unlock in dm_dax_zero_page_range() error path (git-fixes). - dm: fix missing imposition of queue_limits from dm_wq_work() thread (git-fixes). - md: fix the checking of wrong work queue (git-fixes). - bcache: remove embedded struct cache_sb from struct cache_set (git-fixes). - bcache: check and set sync status on cache's in-memory super block (git-fixes). - bcache: remove can_attach_cache() (git-fixes). - bcache: don't check seq numbers in register_cache_set() (git-fixes). - bcache: only use bucket_bytes() on struct cache (git-fixes). - bcache: remove useless bucket_pages() (git-fixes). - bcache: remove useless alloc_bucket_pages() (git-fixes). - bcache: only use block_bytes() on struct cache (git-fixes). - bcache: add set_uuid in struct cache_set (git-fixes). - bcache: remove for_each_cache() (git-fixes). - bcache: explicitly make cache_set only have single cache (git-fixes). - bcache: remove 'int n' from parameter list of bch_bucket_alloc_set() (git-fixes). - bcache: check c->root with IS_ERR_OR_NULL() in mca_reserve() (git-fixes). - dm crypt: document new no_workqueue flags (git-fixes). - commit 89ed52b - x86/cpufeatures: Add kABI padding (bsc#1179531). - commit 305ba7d - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801). - commit 2b89cec - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800). - commit 4ea5d1c - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798). - commit 41a7998 - clk: fsl-flexspi: new driver (bsc#1182743). - dt-bindings: clock: document the fsl-flexspi-clk device (bsc#1182743). - clk: qoriq: provide constants for the type (bsc#1182743). - commit 2f668c8 - ibmvfc: reinitialize sub-CRQs and perform channel enquiry after LPM (bsc#1182632 ltc#191222). - commit 18964bb - Refresh ibmvfc patches to v4 submission (bsc#1182632 ltc#191222). - Refresh patches.suse/ibmvfc-fix-invalid-sub-CRQ-handles-after-hard-reset.patch. - Refresh patches.suse/ibmvfc-simplify-handling-of-sub-CRQ-initialization.patch. - Refresh patches.suse/ibmvfc-store-return-code-of-H_FREE_SUB_CRQ-during-cl.patch. - Refresh patches.suse/ibmvfc-treat-H_CLOSED-as-success-during-sub-CRQ-regi.patch. - commit 597b27d - net: phy: marvell10g: fix null pointer dereference (git-fixes). - commit ba9ce5a - Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch. Update patch metadata - commit 8c08d90 - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - commit 46d342e ++++ libsoup2: - Run the regression tests using GnuTLS NORMAL priority ++++ qemu: - Added a few more usability improvements for our git packaging workflow ++++ toolbox: - Update to version 2.1+git20210226.daeb191: * Set trap only after option parsing (#22) ------------------------------------------------------------------ ------------------ 2021-2-25 - Feb 25 2021 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment ++++ crypto-policies: - Update to version 20210225.05203d2: * Disable DTLS0.9 protocol in the DEFAULT policy. * policies/FIPS: insignificant reformatting * policygenerators/libssh: respect ssh_certs * policies/modules/OSPP: tighten to follow RHEL 8 * crypto-policies(7): drop not-reenableable comment * follow up on disabling RC4 - Remove not needed scripts: fips-finish-install fips-mode-setup ++++ jeos-firstboot: - Update to version 1.0.0: * Use race-free DBus API to silence systemd (bsc#1119382) * Implement separate configuration for wifi (bsc#1156775) * Major refactoring and final version of jeos-config (bsc#1181957) ++++ kernel-default: - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268). - commit fc08b49 - kvm: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770). - commit 0b40723 - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes). - commit 966d874 - net: octeon: mgmt: Repair filling of RX ring (git-fixes). - commit a1726f7 - net: dsa: mt7530: set CPU port to fallback mode (git-fixes). - commit 7c6d69a - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes). - commit aad32ea - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - commit 023e4aa - Revert "net: bcmgenet: remove unused function in bcmgenet.c" (git-fixes). - commit 6e0622b - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - commit 8a76658 - net: bcmgenet: set Rx mode before starting netif (git-fixes). - commit 95bbb6f - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes). - commit 80b675a - dt-bindings: can: fsl,flexcan.yaml: fix compatible for i.MX35 and i.MX53 (jsc#SLE-12251). - dt-bindings: can: fsl,flexcan.yaml: fix fsl,stop-mode (jsc#SLE-12251). - commit c4572f2 - Refresh patches.suse/PCI-dwc-Support-multiple-ATU-memory-regions.patch. Conflicts: patches.suse/PCI-dwc-Add-support-to-program-ATU-for-4GB-memory.patch. - commit 4e15800 - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293). - commit df69724 - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - commit 26c4220 - Fix bug number - commit 3175ddf - regmap: sdw: use _no_pm functions in regmap_read/write (git-fixes). - soundwire: bus: fix confusion on device used by pm_runtime (git-fixes). - soundwire: export sdw_write/read_no_pm functions (git-fixes). - soundwire: bus: use sdw_write_no_pm when setting the bus scale registers (git-fixes). - soundwire: bus: use sdw_update_no_pm when initializing a device (git-fixes). - soundwire: cadence: fix ACK/NAK handling (git-fixes). - soundwire: debugfs: use controller id instead of link_id (git-fixes). - commit f0289e1 - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes). - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - commit f380250 ++++ libcontainers-common: - Update commonver to 0.35.1 v0.35.1: Bump github.com/containers/image/v5 from 5.10.2 to 5.10.3 Stop logging messages about using DOCKER_CONFIG Add autocompletions to be shared between buildah and podman Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0 Export error constants from pkg/secrets v0.35: Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1 Move EnforceRange and HasTable out of Podman and into common Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 Bump github.com/containers/image/v5 from 5.10.1 to 5.10.2 Add missing values to containers.conf man page update pause image to 3.4.1 v0.34: Add image_default_format Change default log driver to journald Add compatible template functions Add U volume flag to chown source volumes Bump github.com/containers/image/v5 from 5.09.0 to 5.10.1 seccomp: various updates pkg: check ownership for XDG_RUNTIME_DIR seccomp: update profile to Linux 5.11 list seccomp: add CI check for up-to-date seccomp.json seccomp: re-add generation script seccomp: deduplicate default profile Add image_parallel_copies engine config Fix secret create prefix cgroupv2: fix typo in comment Add accessor for log-driver Fix secret name validation Fix name validation and dir mode in secrets Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 config: fix runtime_supports_nocgroup key name fix - make target all on osx Fix secret name regex Rename internal functions to make them easier to understand - Update podmanver to 3.0.1 3.0.1: [#]## Changes - Several frequently-occurring `WARN` level log messages have been downgraded to `INFO` or `DEBUG` to not clutter terminal output. [#]## Bugfixes - Fixed a bug where the `Created` field of `podman ps --format=json` was formatted as a string instead of an Unix timestamp (integer) ([#9315](https://github.com/containers/podman/issues/9315)). - Fixed a bug where failing lookups of individual layers during the `podman images` command would cause the whole command to fail without printing output. - Fixed a bug where `--cgroups=split` did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail ([#9393](https://github.com/containers/podman/issues/9393)). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume ([#9415](https://github.com/containers/podman/pull/9415)). - Fixed a bug where Podman would treat the `--entrypoint=[""]` option to `podman run` and `podman create` as a literal empty string in the entrypoint, when instead it should have been ignored ([#9377](https://github.com/containers/podman/issues/9377)). - Fixed a bug where Podman would set the `HOME` environment variable to `""` when the container ran as a user without an assigned home directory ([#9378](https://github.com/containers/podman/issues/9378)). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause `podman pod create` to panic ([#9374](https://github.com/containers/podman/issues/9374)). - Fixed a bug where the `--runtime` option was not properly handled by the `podman build` command ([#9365](https://github.com/containers/podman/issues/9365)). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed ([#9387](https://github.com/containers/podman/issues/9387)). - Fixed a bug where the `podman generate systemd --new` command would incorrectly escape `%t` when generating the path for the PID file ([#9373](https://github.com/containers/podman/issues/9373)). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in ([#9191](https://github.com/containers/podman/issues/9191)). - Fixed a bug where some options of the `podman build` command (including but not limited to `--jobs`) were nonfunctional ([#9247](https://github.com/containers/podman/issues/9247)). [#]## API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 ([#9351](https://github.com/containers/podman/issues/9351)). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry ([#9232](https://github.com/containers/podman/issues/9232)). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the `docker-java` library. [#]## Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 3.0.0: [#]## Features - Podman now features initial support for Docker Compose. - Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)). - The Podman remote client now supports the `podman copy` command. - A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`). - Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them. - The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)). - The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes. - The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times. - The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)). - The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)). - The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)). - The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)). - The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`. - The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container. - The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths. - The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945). - The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)). - The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter. - The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option. - The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned. - The `podman volume prune` commands now supports filtering what volumes will be pruned. - The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)). - The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems. - The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)). - The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`. - Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`. - The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`). [#]## Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. [#]## Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md). - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year. - The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)). - The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)). - Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for `podman run` when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. [#]## Bugfixes - Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)). - Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)). - Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)). - Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176) - Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)). - Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)). - Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)). - Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)). - Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)). - Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers. - Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)). - Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)). - Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)). - Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)). - Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)). - Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)). - Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`. - Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)). - Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)). - Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)). - Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)). - Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)). - Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`. - Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)). - Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile. - Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)). - Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)). - Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)). - Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)). - Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored. - Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)). - Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)). - Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined. - Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)). - Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)). - Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)). - Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)). - Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)). - Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)). - Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)). - Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)). - Fixed a bug where specifying Go templates to the `--format` option to multiple Podman commands did not support the `join` function ([#8773](https://github.com/containers/podman/issues/8773)). - Fixed a bug where the `podman rmi` command could, when run in parallel on multiple images, return `layer not known` errors ([#6510](https://github.com/containers/podman/issues/6510)). - Fixed a bug where the `podman inspect` command on containers displayed unlimited ulimits incorrectly ([#9303](https://github.com/containers/podman/issues/9303)). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories ([#6003](https://github.com/containers/podman/issues/6003)). [#]## API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281)) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. [#]## Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 3.0.0-RC3: Please note that these release notes are preliminary until v3.0.0 final is released [#]## Features - Podman now features initial support for Docker Compose. - Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)). - The Podman remote client now supports the `podman copy` command. - A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`). - Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them. - The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)). - The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes. - The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times. - The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)). - The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)). - The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)). - The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)). - The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`. - The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container. - The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths. - The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945). - The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)). - The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter. - The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option. - The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned. - The `podman volume prune` commands now supports filtering what volumes will be pruned. - The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)). - The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems. - The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)). - The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`. - Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`. - The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`). [#]## Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. [#]## Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md). - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year. - The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)). - The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)). - Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for `podman run` when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. [#]## Bugfixes - Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)). - Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)). - Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)). - Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176) - Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)). - Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)). - Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)). - Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)). - Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)). - Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers. - Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)). - Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)). - Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)). - Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)). - Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)). - Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)). - Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`. - Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)). - Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)). - Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)). - Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)). - Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)). - Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`. - Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)). - Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile. - Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)). - Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)). - Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)). - Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)). - Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored. - Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)). - Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)). - Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined. - Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)). - Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)). - Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)). - Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)). - Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)). - Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)). - Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)). - Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)). [#]## API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281)) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. [#]## Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/common library to v0.33.4 3.0.0-rc2: This is the second release candidate of Podman v3.0. 3.0.0-rc1: [#]## Features - Add ability to set system wide options for slirp4netns - Add --cidfile to container kill - Add commas between mount options - Add compose regression to ci - Add containerenv information to /run/.containerenv - Add default sysctls for pod infra containers - Add --filter to podman system prune - Adding json formatting to `--list-tags` option in `podman search` command. - Add mask and unmask option to --security-opt - Add 'MemUsageBytes' format option - Add more information and examples on podman and pipes - Add network filter for podman ps and pod ps - Add Networks format placeholder to podman ps and pod ps - Add pod filter for ps - Add podman network create option for bridge mtu - Add podman network create option for bridge vlan - Add pre checkpoint - Add Security information to podman info - Add support for Gentoo file to package query - Add support for network ids - Add support for pacman package version query - Add support for persistent volume claims in kube files - Add support for --platform - Add systempaths=unconfined option - Add volume filters to system prune - Add volume prune --filter support - Allow podman push to push manifest lists - Allow users to specify TMPDIR in containers.conf - Always add the default gateway to the cni config file - Drop default log-level from error to warn - Enable short-name aliasing - Generate kube on multiple containers - Generate systemd: do not set `KillMode` - Image sign using per user registries.d - Implement pod-network-reload - Include named volumes in container migration - Initial implementation of renaming containers - Initial implementation of volume plugins - Network connect disconnect on non-running containers - Not use local image create/add manifest - Podman network label support - Prepare support in kube play for other volume types than hostPath - Remote copy - Remove the ability to use [name:tag] in podman load command - Remove varlink support from Podman - Sign multi-arch images - Support --network=default as if it was private - Support Unix timestamps for `podman logs --since` [#]## Changes - Add LogSize to container inspect - Allow image errors to bubble up from lower level functions. - Change name of imageVolumes in container config JSON - Cleanup CNI Networks on reboot - Consolidate filter logic to pkg subdirectory - Make `podman stats` slirp check more robust - More /var/run -> /run - Prefer read/write images over read/only images - Refactor kube.ToSpecGen parameters to struct - Rename AutocompletePortCommand func - Repeat system pruning until there is nothing removed - Switch references of /var/run -> /run - Use HTTPProxy settings from containers.conf - Use Libpod tmpdir for pause path - Use Options as CRImportCheckpoint() argument - Use Options as exportCheckpoint() argument - Use PasswordCallback instead of Password for ssh - Use abi PodPs implementation for libpod/pods/json endpoint - Validate that the bridge option is supported - archive: move stat-header handling into copy package - libpod, conmon: change log level for rootless - libpod: change function to accept ExecOptions - libpod: handle single user mapped as root - make podman play use ENVs from image - pkg/copy: introduce a Copier - podman events allow future time for --until - podman.service should be an exec service not a notify service - rewrite podman-cp - rootless: add function to retrieve gid/uid mappings - rootless: automatically split userns ranges - runtime: set XDG_* env variables if missing - shell completion for the network flag - specgen: improve heuristic for /sys bind mount - systemd: make rundir always accessible [#]## Bugfixes - Close image rawSource when each loop ends - Containers should not get inheritable caps by default - Correct port range logic for port generation - Correct which network commands can be run as rootless - Disable CGv1 pod stats on net=host post - Do not error on installing duplicate shutdown handler - Do not ignore infra command from config files - Do not mount sysfs as rootless in more cases - Do not pull if image domain is localhost - Do not use "true" after "syslog" in exit commands - Do not validate the volume source path in specgen - Don't accidently remove XDG_RUNTIME_DIR when reseting storage - Ensure that `podman play kube` actually reports errors - Ensure that user-specified HOSTNAME is honored - Ensure we do not edit container config in Exec - Exorcise Driver code from libpod/define - Expose Height/Width fields to decoder - Expose security attribute errors with their own messages - Fix Wrong image tag is used when creating a container from an image with multiple tags - Fix `podman images...` missing headers in table templates - Fix build for mips architecture - Fix build for mips architecture follow-up - Fix custom mac address with a custom cni network - Fix extra quotation mark in manpages. - Fix missing options in volumes display while setting uid and gid - Fix missing podman-container-rename man page link - Fix network ls --filter invalid value flake - Fix option names --subuidname and --subgidname - Fix panic in libpod images exists endpoint - Fix podman build --logfile - Fix podman logs read partial log lines - Fix problems reported by staticcheck - Fix problems with network remove - Fix shell completion for ps --filter ancestor - Fix some nit - Fix spelling mistakes - Fix storage.conf to define driver in the VM - Fix support for rpmbuild < 4.12.0. - Fix: unpause not supported for CGv1 rootless - Fxes /etc/hosts duplicated every time after container restarted in a pod - Handle --rm when starting a container - Handle podman exec capabilities correctly - Honor the --layers flag - Ignore containers.conf sysctls when sharing namespaces - Improve error message when the the podman service is not enabled - Make podman generate systemd --new flag parsing more robust - Pass down EnableKeyring from containers.conf to conmon - Properly handle --cap-add all when running with a --user flag - Revert "Allow multiple --network flags for podman run/create" - Revert e6fbc15f26b2a609936dfc11732037c70ee14cba - Revert the custom cobra vendor - Rework pruning to report reclaimed space - Set NetNS mode instead of value - The slirp4netns sandbox requires pivot_root - close journald when reading - container create: do not clear image name - container stop: release lock before calling the runtime - exec: honor --privileged - fix: disable seccomp by default when privileged. - image list: ignore bare manifest list - network: disallow CNI networks with user namespaces - oci: keep LC_ env variables to conmon - oci: use /proc/self/fd/FD to open unix socket - pass full NetworkMode to ParseNetworkNamespace - play kube: fix args/command handling - play kube: set entrypoint when interpreting Command - podman build --force-rm defaults to true in code - podman logs honor stderr correctly - podman, exec: move conmon to the correct cgroup - podman-remote fix sending tar content - podman: drop checking valid rootless UID - re-open container log files - security: honor systempaths=unconfined for ro paths [#]## API - Add API for communicating with Docker volume plugins - Change bindings to stop two API calls for ping - Close the stdin/tty when using podman as a restAPI. - Compat api containers/json add support for filters - Container rename bindings - Do not pass name argument to Load API - Docker compat API - /images/search returns wrong structure (#7857) - Docker compat API - containers create ignores the name - Fix some network compat api problems - Jira RUN-1106 Container handlers updates - Jira RUN-1106 Image handlers updates - Jira RUN-1106 Network handlers updates - Jira RUN-1106 System handlers updates - Jira RUN-1106 Volumes handlers updates - Makefile: add target to generate bindings - More docker compat API fixes - Podman image bindings for 3.0 - REST API v2 - ping - fix typo in header - REST API v2 - ping - remove newline from response to improve Docker compatibility - Reduce general binding binary size - Restore compatible API for prune endpoints - compat create should use bindings - hack/podman-socat captures the API stream - libpod API: pull: fix channel race - misc bindings to podman v3 - pkg/copy: add parsing API - podman v3 container bindings - podman v3 pod bindings [#]## Misc - Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0 - Bump github.com/containers/common from 0.30.0 to 0.31.1 - Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0 - Bump github.com/containers/storage from 1.24.1 to 1.24.5 - Bump github.com/cri-o/ocicni to latest master - Bump github.com/google/uuid from 1.1.2 to 1.1.5 - Bump github.com/onsi/gomega from 1.10.3 to 1.10.4 - Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0 - Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 - Bump k8s.io/apimachinery from 0.19.4 to 0.20.2 - Bump master to v3.0.0-dev - Bump to containers/buildah 1.9.2 - Bump version in README to v2.2.0 - vendor containers/psgo@v1.5.2 - Update storagever to 1.24.8 1.24.8: Call recreateSymlinks when not found during Readlink homedir: add GetCacheHome 1.24.7: ignore metacopy option on kernels that do not support it 1.24.6: overlay: force metacopy=on for naivediff - Update imagever to 5.10.4 5.10.4: * copy: compute blob compression on reused blobs based on source MediaType * copy: provide compression info about copied blobs 5.10.3: * place shortnames in `~/.cache` not `~/.config/.cache` 5.10.2: * short-name-aliases.conf: use cache folders instead of $HOME Note: the v5.10.x series is now cut from the `release-v5.10` branch. 5.10.1: Fix segfault if sys is not defined. 5.10.0: - tarball: fix example code - Bump github.com/ulikunitz/xz from 0.5.8 to 0.5.9 - Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0 - Bump github.com/vbauerster/mpb/v5 from 5.3.0 to 5.4.0 - Add DockerLogMirrirChoice to ctx for log - Rename variables in pkg/docker/config tests - Fix pkg/docker/config tests on non-Linux systems - Add macOS test cases to GetPathToAuth - Fix docker tests with recent c/storage - Fix signature tests with recent c/storage - Fix sysregistriesv2 tests with recent c/storage - Fix pkg/docker/config tests with recent c/storage - Bump github.com/containers/storage from 1.23.7 to 1.24.5 - Bump github.com/klauspost/compress from 1.11.3 to 1.11.6 - Enable subdomain matching in policy.json - Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 - Bump github.com/klauspost/compress from 1.11.6 to 1.11.7 - ostree.TestReferenceSignaturePath: fix a compiler warning in a test - manifest: add a test for UpdatedMIMEType - blobinfocache: track compression types for locations - Actually make a copy of ctx as the comment claims - Actually use the SystemContext copy in the one place that matters - Update golangci-lint - Clarify the canModifyBlob condition in copyBlobFromStream - Cleanup description of shortname expansion - Allow callers to set the MaxParallelDownloads field - Fix up errors linter is complaining about - Set a default User-Agent if unset ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#460 - go back to plymouth-theme-tribar (bsc#1182755) - adjust spec file - 16.47 ++++ toolbox: - Update to version 2.1+git20210225.5c541c8: * Check sub{u,g}id if rootless, and fail early if they're not setup * Fix creating a container with a specific name with `-c` ------------------------------------------------------------------ ------------------ 2021-2-24 - Feb 24 2021 ------------------- ------------------------------------------------------------------ ++++ bcache-tools: - bcache-tools: Update super block version in bch_set_feature_* routines (jsc#SLE-9807) 0028-bcache-tools-Update-super-block-version-in-bch_set_f.patch ++++ cockpit: - new version 238.1 https://cockpit-project.org/blog/cockpit-238.html https://cockpit-project.org/blog/cockpit-237.html - No longer recompress tarball at buildtime ++++ cockpit-podman: - new version 28.1 https://github.com/cockpit-project/cockpit-podman/releases/tag/28.1 - use upstream sources without bundled and pre-built dist since we want to rebuild it - use local-npm-registry for building - fix_dependencies.patch: fix build dependencies ++++ crypto-policies: - Disable DTLS0.9 protocol in GnuTLS DEFAULT policy. [bsc#1180938] * The minimum DTLS protocol version in the DEFAULT and FUTURE policies is DTLS1.2. * Fixed upstream: 05203d21f6d0ea9bbdb351e4600f1e273720bb8e ++++ kernel-default: - armv7hl: lpae: Update config files. Disable KVM support (bsc#1182697) - commit 9988ec5 - dm: fix bio splitting and its bio completion order for regular IO (git-fixes). - bcache: fix overflow in offset_to_stripe() (git-fixes). - dm crypt: avoid truncating the logical block size (git-fixes). - include/linux/memremap.h: remove stale comments (git-fixes). - commit f9b0dc3 - blacklist.conf: Add 8faeb1ffd795 mm: memcg/slab: fix root memcg vmstats - commit 6424df5 - blacklist:conf: Add 67197a4f28d2 mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary - commit c6bc092 - cgroup: fix psi monitor for root cgroup (bsc#1182686). - commit 248e7d8 - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684). - commit 511e4ac - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683). - commit 6c8979b - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676). - commit dfdcc97 - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost. - commit d0b887e - Refresh patches.suse/powerpc-Fix-build-error-in-paravirt.h.patch. Update patch metadata. - commit ca12b41 - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - commit 2543668 - Rename duplicate patches to their SLE15-SP2 equivalents. This is to prepare for the next SLE15-SP2 -> SLE15-SP3 merge. - commit 4208989 - ibmvfc: store return code of H_FREE_SUB_CRQ during cleanup (bsc#1182632 ltc#191222). - ibmvfc: treat H_CLOSED as success during sub-CRQ registration (bsc#1182632 ltc#191222). - ibmvfc: fix invalid sub-CRQ handles after hard reset (bsc#1182632 ltc#191222). - ibmvfc: simplify handling of sub-CRQ initialization (bsc#1182632 ltc#191222). - commit f68230e - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (git-fixes). - commit 8541380 - keys: Remove outdated __user annotations (git-fixes). - dmaengine: idxd: set DMA channel to be private (git-fixes). - ASoC: qcom: qdsp6: Move frontend AIFs to q6asm-dai (git-fixes). - ASoC: SOF: sof-pci-dev: add missing Up-Extreme quirk (git-fixes). - ASoC: rt5682: Fix panic in rt5682_jack_detect_handler happening during system shutdown (git-fixes). - ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A3E (git-fixes). - ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A32 (git-fixes). - ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A5E (git-fixes). - ASoC: rt5682-sdw: cancel_work_sync() in .remove and .suspend (git-fixes). - ASoC: rt711-sdw: use cancel_work_sync() for .remove (git-fixes). - ASoC: rt700-sdw: use cancel_work_sync() in .remove as well as .suspend (git-fixes). - ASoC: codecs: add missing max_register in regmap config (git-fixes). - ASoC: SOF: Intel: hda: cancel D0i3 work during runtime suspend (git-fixes). - ASoC: max98373: Fixes a typo in max98373_feedback_get (git-fixes). - ASoC: siu: Fix build error by a wrong const prefix (git-fixes). - ALSA: fireface: fix to parse sync status register of latter protocol (git-fixes). - ACPI: property: Make acpi_node_prop_read() static (git-fixes). - ACPI: property: Remove dead code (git-fixes). - Bluetooth: btusb: Always fallback to alt 1 for WBS (git-fixes). - commit 452f177 - dt-bindings: can: fsl,flexcan: add fsl,scu-index property to indicate a resource (jsc#SLE-12251). - can: flexcan: convert the driver to DT-only (jsc#SLE-12251). - can: flexcan: flexcan_close(): change order if commands to properly shut down the controller (jsc#SLE-12251). - can: flexcan: flexcan_open(): completely initialize controller before requesting IRQ (jsc#SLE-12251). - can: flexcan: flexcan_rx_offload_setup(): factor out mailbox and rx-offload setup into separate function (jsc#SLE-12251). - can: flexcan: move enabling/disabling of interrupts from flexcan_chip_{start,stop}() to callers (jsc#SLE-12251). - can: flexcan: factor out enabling and disabling of interrupts into separate function (jsc#SLE-12251). - can: flexcan: rename macro FLEXCAN_QUIRK_SETUP_STOP_MODE -> FLEXCAN_QUIRK_SETUP_STOP_MODE_GPR (jsc#SLE-12251). - dt-bindings: firmware: add IMX_SC_R_CAN(x) macro for CAN (jsc#SLE-12251). - dt-bindings: can: fsl,flexcan: fix fsl,clk-source property (jsc#SLE-12251). - dt-bindings: can: fsl,flexcan: add uint32 reference to clock-frequency property (jsc#SLE-12251). - can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery (jsc#SLE-12251). - can: flexcan: fix failure handling of pm_runtime_get_sync() (jsc#SLE-12251). - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop mode property comment (jsc#SLE-12251). - can: flexcan: flexcan_remove(): disable wakeup completely (jsc#SLE-12251). - can: flexcan: add ECC initialization for VF610 (jsc#SLE-12251). - can: flexcan: add ECC initialization for LX2160A (jsc#SLE-12251). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (jsc#SLE-12251). - dt-bindings: can: flexcan: convert fsl,*flexcan bindings to yaml (jsc#SLE-12251). - dt-bindings: can: add can-controller.yaml (jsc#SLE-12251). - can: flexcan: remove ack_grp and ack_bit handling from driver (jsc#SLE-12251). - dt-bindings: can: flexcan: remove ack_grp and ack_bit from fsl,stop-mode (jsc#SLE-12251). - dt-bindings: can: flexcan: list supported processors (jsc#SLE-12251). - can: flexcan: disable runtime PM if register flexcandev failed (jsc#SLE-12251). - can: flexcan: add flexcan driver for i.MX8MP (jsc#SLE-12251). - can: flexcan: initialize all flexcan memory for ECC function (jsc#SLE-12251). - can: flexcan: add lx2160ar1 support (jsc#SLE-12251). - can: flexcan: add imx8qm support (jsc#SLE-12251). - can: flexcan: add Transceiver Delay Compensation support (jsc#SLE-12251). - can: flexcan: add CAN FD BRS support (jsc#SLE-12251). - can: flexcan: add ISO CAN FD feature support (jsc#SLE-12251). - can: flexcan: add CAN-FD mode support (jsc#SLE-12251). - can: flexcan: use struct canfd_frame for CAN classic frame (jsc#SLE-12251). - can: flexcan: flexcan_set_bittiming(): move setup of CAN-2.0 bitiming into separate function (jsc#SLE-12251). - can: flexcan: add LPSR mode support (jsc#SLE-12251). - can: flexcan: disable clocks during stop mode (jsc#SLE-12251). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (jsc#SLE-12251). - can: flexcan: add correctable errors correction when HW supports ECC (jsc#SLE-12251). - can: flexcan: Add check for transceiver maximum bitrate limitation (jsc#SLE-12251). - can: flexcan: flexcan_probe(): make regulator xceiver optional (jsc#SLE-12251). - can: flexcan: Ack wakeup interrupt separately (jsc#SLE-12251). - can: flexcan: quirks: get rid of long lines (jsc#SLE-12251). - can: flexcan: struct flexcan_regs: document registers not affected by soft reset (jsc#SLE-12251). - can: flexcan: more register names (jsc#SLE-12251). - can: flexcan: flexcan_exit_stop_mode(): remove stray empty line (jsc#SLE-12251). - can: flexcan: sort include files alphabetically (jsc#SLE-12251). - can: flexcan: fix spelling mistake "reserverd" -> "reserved" (jsc#SLE-12251). - can: flexcan: poll MCR_LPM_ACK instead of GPR ACK for stop mode acknowledgment (jsc#SLE-12251). - can: flexcan: add low power enter/exit acknowledgment helper (jsc#SLE-12251). - can: flexcan: fix possible deadlock and out-of-order reception after wakeup (jsc#SLE-12251). - can: flexcan: flexcan_mailbox_read() make use of flexcan_write64() to mark the mailbox as read (jsc#SLE-12251). - can: flexcan: flexcan_irq(): add support for TX mailbox in iflag1 (jsc#SLE-12251). - can: flexcan: flexcan_read_reg_iflag_rx(): optimize reading (jsc#SLE-12251). - can: flexcan: introduce struct flexcan_priv::tx_mask and make use of it (jsc#SLE-12251). - can: flexcan: convert struct flexcan_priv::rx_mask{1,2} to rx_mask (jsc#SLE-12251). - can: flexcan: remove TX mailbox bit from struct flexcan_priv::rx_mask{1,2} (jsc#SLE-12251). - can: flexcan: rename struct flexcan_priv::reg_imask{1,2}_default to rx_mask{1,2} (jsc#SLE-12251). - can: flexcan: flexcan_irq(): rename variable reg_iflag -> reg_iflag_rx (jsc#SLE-12251). - can: flexcan: rename macro FLEXCAN_IFLAG_MB() -> FLEXCAN_IFLAG2_MB() (jsc#SLE-12251). - can: flexcan: flexcan_irq_state(): only read timestamp if needed (jsc#SLE-12251). - can: flexcan: use devm_platform_ioremap_resource() to simplify code (jsc#SLE-12251). - can: rx-offload: Prepare for CAN FD support (jsc#SLE-12251). - can: rx-offload: can_rx_offload_reset(): remove no-op function (jsc#SLE-12251). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): don't use assignment in if condition (jsc#SLE-12251). - can: rx-offload: can_rx_offload_compare(): fix typo (jsc#SLE-12251). - can: rx-offload: fix long lines (jsc#SLE-12251). - can: flexcan: increase error counters if skb enqueueing via can_rx_offload_queue_sorted() fails (jsc#SLE-12251). - can: flexcan: disable completely the ECC mechanism (jsc#SLE-12251). - can: flexcan: add support for DT property 'wakeup-source' (jsc#SLE-12251). - dt-bindings: can: flexcan: add can wakeup property (jsc#SLE-12251). - can: flexcan: add support for PE clock source select (jsc#SLE-12251). - dt-bindings: can: flexcan: add PE clock source property to device tree (jsc#SLE-12251). - can: flexcan: implement can Runtime PM (jsc#SLE-12251). - commit fabe848 - can: flexcan: remove all fixes Prepare for complete driver update. - commit 1f0c2bd - dmaengine: hsu: disable spurious interrupt (git-fixes). - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes). - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes). - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: sur40 - fix an error code in sur40_probe() (git-fixes). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - commit 9e6160a - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - commit bd5a9b2 - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - commit bf6dd14 - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - commit fb6d272 - btrfs: Cleanup try_flush_qgroup (bsc#1182047). - commit 13881b3 - btrfs: Don't flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - commit 942f628 - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - commit 22ecef4 - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes) - commit 260172d - series.conf: cleanup - update upstream references and move into sorted section: patches.suse/powerpc-perf-hv-24x7-Dont-create-sysfs-event-files-f.patch patches.suse/powerpc-pseries-dlpar-handle-ibm-configure-connector.patch patches.suse/scsi-lpfc-Enhancements-to-LOG_TRACE_EVENT-for-better.patch patches.suse/scsi-lpfc-Fix-FW-reset-action-if-I-Os-are-outstandin.patch patches.suse/scsi-lpfc-Fix-NVMe-recovery-after-mailbox-timeout.patch patches.suse/scsi-lpfc-Fix-PLOGI-S_ID-of-0-on-pt2pt-config.patch patches.suse/scsi-lpfc-Fix-auto-sli_mode-and-its-effect-on-CONFIG.patch patches.suse/scsi-lpfc-Fix-crash-when-a-fabric-node-is-released-p.patch patches.suse/scsi-lpfc-Fix-crash-when-nvmet-transport-calls-host_.patch patches.suse/scsi-lpfc-Fix-error-log-messages-being-logged-follow.patch patches.suse/scsi-lpfc-Fix-target-reset-failing.patch patches.suse/scsi-lpfc-Fix-vport-create-logging.patch patches.suse/scsi-lpfc-Implement-health-checking-when-aborting-I-.patch patches.suse/scsi-lpfc-Prevent-duplicate-requests-to-unregister-w.patch patches.suse/scsi-lpfc-Refresh-ndlp-when-a-new-PRLI-is-received-i.patch patches.suse/scsi-lpfc-Simplify-bool-comparison.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.7.patch patches.suse/scsi-lpfc-Use-the-nvme-fc-transport-supplied-timeout.patch - commit ff0a90f - ima: Free IMA measurement buffer after kexec syscall (git fixes (IMA)). - commit 481e98b - ima: Free IMA measurement buffer on error (git fixes (IMA)). - commit ac8b38c - Add Alt-commit for cherry pick Refresh patches.suse/1918-drm-amdgpu-fix-NULL-pointer-dereference-for-Renoir.patch. - commit 84dbff0 - rcu/nocb: Perform deferred wake up before last idle's (git-fixes) - commit f0bc502 - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes) - commit 7a90fca - Add Alt-commit for cherry pick Refresh patches.suse/1909-drm-amd-display-remove-duplicate-call-to-rn_vbios_sm.patch. - commit 28fa55a - Add Alt-commit for cherry-pick Refresh patches.suse/1906-drm-amdgpu-display-fix-CFLAGS-setup-for-DCN30.patch. - commit 6c5745f - sched: Reenable interrupts in do_sched_yield() (git-fixes) - commit 579dc67 ++++ libzypp: - Try to provide a mounted /proc in --root installs (bsc#1181328) Some systemd tools require /proc to be mounted and fail if it's not there. - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - version 17.25.8 (22) ++++ podman: - Drop obsolete varlink.patch - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 ++++ virt-manager: - bsc#1178926 - Unable to find any master var for loader /usr/share/qemu/{bios.bin, bios-256k.bin} virtman-legacy-bios-support.patch ++++ zypper: - doc: give more details about creating versioned package locks (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) - version 1.14.43 ------------------------------------------------------------------ ------------------ 2021-2-23 - Feb 23 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.39.90.1: + Fix a crash introduced in 2.39.90, along with a few warnings. ++++ cifs-utils: - Update to cifs-utils 6.12 * remove cifs-utils-6.11.tar.bz2 * remove cifs-utils-6.11.tar.bz2.asc * add cifs-utils-6.12.tar.bz2 * add cifs-utils-6.12.tar.bz2.asc - Remove backports already in 6.12 * remove 0001-cifs-utils-Respect-DESTDIR-when-installing-smb3-stuf.patch * remove 0002-cifs-utils-fix-probabilistic-compiling-error.patch - Refresh Makefile.am install fix * modify fix-sbin-install-error.patch - Hardcode python3 interpreter in shebang of smbinfo instead of /usr/bin/env to let rpm runtime dependency detect it. ++++ container-selinux: - Update to version 2.158.0 - Add nfs remount support - Allow containers to execmod on nfs, samba and cephs remote shares - Allow confined users to send dbus messages to container_runtime ++++ dracut: - Update to version 053+suse.90.gb89b6347: Highlights: https://github.com/dracutdevs/dracut/releases/tag/053 dracut.sh: unfreeze /boot on exit (d87ae137) proper return code for inst_multiple in dracut-init.sh (d437970c) fcoe: rename rd.nofcoe to rd.fcoe (6f7823bc) rd.nofcoe=0 should disable fcoe (805b46c2) i18n: get rid of eval calls (5387ed24), backported for 052 downstream create the keyboard symlinks again (9e1c7f3d), backported for 052 downstream network-manager: run as a service if systemd module is present (c17c5b76) rework how NM is started in debug mode (34c73b33) drm: skip empty modalias files in drm module setup (c3f24184) ++++ filesystem: - Remove /etc/init.d [jsc#SMO-14], /etc/cron.*, /selinux ++++ kernel-default: - blacklist.conf: bee1abc9cc02 drm/mediatek: reduce clear event Requried patches are not backported - commit a403845 - Add Alt-commit for cherry pick Refresh patches.suse/1832-drm-amdgpu-Specify-get_argument-function-for-ci_smu_.patch. - commit 0bc2e82 - Add Alt-commit for cherry pick Refresh patches.suse/1751-drm-amdgpu-Use-the-correct-size-when-allocating-memo.patch. - commit dd923d9 - Add Alt-commit for cherry pick Refresh patches.suse/1700-drm-amd-powerplay-off-by-one-bugs-in-smu_cmn_to_asic.patch. - commit d58a85c - blacklist.conf: b7ccc7858a33 drm/i915/gt: Remove errant assertion in __intel_context_do_pin Not needed since we didn't mess up the merge - commit 5f8e601 - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626). - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626). - btrfs: fix race between RO remount and the cleaner task (bsc#1182626). - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626). - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626). - btrfs: lift read-write mount setup from mount and remount (bsc#1182626). - commit 2361750 - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - commit 0c02797 - blacklist.conf: printk: not critical; allow to use the full buffer when using log dumpers - commit 4e198dc - Remove debug patch for boot failure (bsc#1182602 ltc#190924). Delete patches.suse/prom_init-enable-varbose-prints-bsc-1178142.patch. - commit 55e7bdd - fs: Handle I_DONTCACHE in iput_final() instead of generic_drop_inode() (bsc#1182616). - commit 8354395 - Update upstream reference and move into sorted section: patches.suse/target-fix-XCOPY-NAA-identifier-lookup.patch - commit e8f510f - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109). - commit 9e5609a - Refresh sorted section. - commit 33e772b - supported.conf: mark Wireguard armv7hl dependencies as supported (jsc#SLE-12250) - commit 661c1ff - Update config files. armv7 is missing CONFIG_KPROBE_EVENTS_ON_NOTRACE=n - commit c68b5c7 - Refresh patches.suse/coresight-tmc-etr-Assign-boolean-values-to-a-bool-va.patch. - commit 35a95ac - Refresh patches.suse/coresight-etb10-Fix-possible-NULL-ptr-dereference-in.patch. - commit 9d9fb1d - Refresh patches.suse/coresight-tmc-etf-Fix-NULL-ptr-dereference-in-tmc_en.patch. - commit 7c2beaf - powerpc/prom: Fix "ibm,arch-vec-5-platform-support" scan (bsc#1182602 ltc#190924). - commit f6d197a - Refresh patches.suse/coresight-Remove-unnecessary-THIS_MODULE-of-funnel-a.patch. - commit 473d7ac - Refresh patches.suse/coresight-etm4x-Handle-TRCVIPCSSCTLR-accesses.patch. - commit fcd1419 - Refresh patches.suse/coresight-etm4x-Fix-accesses-to-TRCPROCSELR.patch. - commit 42fd151 - Refresh patches.suse/coresight-etm4x-Update-TRCIDR3.NUMPROCS-handling-to-.patch. - commit c3d74e2 - Refresh patches.suse/coresight-etm4x-Fix-accesses-to-TRCCIDCTLR1.patch. - commit 8a55725 - Refresh patches.suse/coresight-etm4x-Fix-accesses-to-TRCVMIDCTLR1.patch. - commit e228859 - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599). - commit f0a1f3e - Refresh patches.suse/coresight-core-Remove-unneeded-semicolon.patch. - commit 9255eec - Refresh patches.suse/coresight-cti-Initialize-dynamic-sysfs-attributes.patch. blacklist.conf: Remove duplicate entry - commit bee32f7 - Refresh patches.suse/coresight-Fix-uninitialised-pointer-bug-in-etm_setup.patch. blacklist.conf: Remove duplicate entry - commit 43eb5a5 - Refresh patches.suse/coresight-add-module-license.patch. blacklist.conf: Remove duplicate entry - commit 42b5346 - Refresh patches.suse/phy-tegra-xusb-Fix-usb_phy-device-driver-field.patch. - commit a87f0e1 - Refresh patches.suse/clk-tegra-bpmp-Clamp-clock-rates-on-requests.patch. - commit 86bb8a3 - RDMA/bnxt: Do not use ib_umem_page_count() or ib_umem_num_pages() (bsc#1175499). - Refresh patches.suse/RDMA-bnxt_re-Fix-sizeof-mismatch-for-allocation-of-p.patch. - commit 12c2631 - RDMA/bnxt_re: Allow bigger MR creation (bsc#1175499). - RDMA/bnxt_re: Code refactor while populating user MRs (bsc#1175499). - RDMA/bnxt_re: Use rdma_umem_for_each_dma_block() (bsc#1175499). - RDMA/umem: Split ib_umem_num_pages() into ib_umem_num_dma_blocks() (bsc#1175499). - RDMA/umem: Add rdma_umem_for_each_dma_block() (bsc#1175499). - commit 8d37937 - Refresh patches.suse/PCI-tegra-Disable-LTSSM-during-L2-entry.patch. - commit 071b1e3 - Refresh patches.suse/PCI-tegra-Check-return-value-of-tegra_pcie_init_cont.patch. - commit a99e298 - Refresh patches.suse/PCI-tegra-Continue-unconfig-sequence-even-if-parts-f.patch. - commit 37fbae9 - Refresh patches.suse/PCI-tegra-Set-DesignWare-IP-version.patch. - commit f3056ad - Refresh patches.suse/PCI-tegra-Fix-ASPM-L1SS-advertisement-disable-code.patch. - commit 151b830 - Refresh patches.suse/PCI-tegra-Read-dbi-base-address-to-program-in-applic.patch. - commit c1ce36b - Refresh patches.suse/PCI-tegra-Move-dbi-accesses-to-post-common-DWC-initi.patch. - commit b8d9f1b - Refresh patches.suse/PCI-dwc-Detect-number-of-iATU-windows.patch. - commit 6869fbb - Refresh patches.suse/PCI-dwc-Move-inbound-and-outbound-windows-to-common-.patch. - commit bf7452a - Refresh patches.suse/PCI-dwc-Remove-unnecessary-wrappers-around-dw_pcie_h.patch. - commit b328586 - Refresh patches.suse/PCI-dwc-Move-dw_pcie_msi_init-into-core.patch. - commit 9b591ff - Refresh patches.suse/PCI-dwc-Move-link-handling-into-common-code.patch. - commit db1d380 - Refresh patches.suse/PCI-dwc-Rework-MSI-initialization.patch. - commit fc22d7b - Refresh patches.suse/PCI-dwc-Move-MSI-interrupt-setup-into-DWC-common-cod.patch. - commit 85e0e88 - Refresh patches.suse/PCI-dwc-Drop-the-.set_num_vectors-host-op.patch. - commit c8a821a - Refresh patches.suse/PCI-dwc-dra7xx-Use-the-common-MSI-irq_chip.patch. - commit 0f8a8d3 - Refresh patches.suse/PCI-dwc-Ensure-all-outbound-ATU-windows-are-reset.patch. - commit 5e3c2f6 - Refresh patches.suse/PCI-dwc-intel-gw-Remove-some-unneeded-function-wrapp.patch. - commit 42d2190 - Refresh patches.suse/PCI-dwc-Move-dbi-dbi2-and-addr_space-resource-setup-.patch. - commit 7a267fa - Refresh patches.suse/PCI-dwc-intel-gw-Move-ATU-offset-out-of-driver-match.patch. - commit fc7f014 - Refresh patches.suse/PCI-keystone-Enable-compile-testing-on-ARM.patch. - commit 674b74f - Refresh patches.suse/PCI-dwc-Add-support-to-program-ATU-for-4GB-memory.patch. - commit 79897e2 - Refresh patches.suse/PCI-of-Warn-if-non-prefetchable-memory-aperture-size.patch. - commit 11a2712 - Rename duplicate patches to their SLE15-SP2 equivalents. This is to prepare for the next SLE15-SP2 -> SLE15-SP3 merge. - commit d0f44e7 - KEYS: trusted: Reserve TPM for seal and unseal operations (git-fixes). - KEYS: trusted: Fix migratable=1 failing (git-fixes). - KEYS: trusted: Fix incorrect handling of tpm_get_random() (git-fixes). - drm/i915/gt: Correct surface base address for renderclear (git-fixes). - drm/i915/gt: Flush before changing register state (git-fixes). - drm/amdgpu/display: remove hdcp_srm sysfs on device removal (git-fixes). - mtd: spi-nor: core: Add erase size check for erase command initialization (git-fixes). - mtd: spi-nor: core: Fix erase type discovery for overlaid region (git-fixes). - mtd: spi-nor: sfdp: Fix last erase region marking (git-fixes). - mtd: spi-nor: sfdp: Fix wrong erase type bitmask for overlaid region (git-fixes). - mtd: spi-nor: hisi-sfc: Put child node np on error path (git-fixes). - mtd: parsers: afs: Fix freeing the part name memory in failure (git-fixes). - mtd: parser: imagetag: fix error codes in bcm963xx_parse_imagetag_partitions() (git-fixes). - pstore: Fix typo in compression option name (git-fixes). - commit 3d8b82d - drm/amdgpu: cleanup struct amdgpu_ring (git-fixes). - drm/dp_mst: Don't cache EDIDs for physical ports (git-fixes). - drm/vc4: hdmi: Update the CEC clock divider on HSM rate change (git-fixes). - drm/vc4: hdmi: Compute the CEC clock divider from the clock rate (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (git-fixes). - drm/vc4: hdmi: Fix up CEC registers (git-fixes). - drm/vc4: hdmi: Fix register offset with longer CEC messages (git-fixes). - drm/vc4: hdmi: Move hdmi reset to bind (git-fixes). - drm/mediatek: Check if fb is null (git-fixes). - commit 3a8d088 - drm/i915/gt: One more flush for Baytrail clear residuals (git-fixes). - drm/amdgpu: toggle on DF Cstate after finishing xgmi injection (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (git-fixes). - drm/fourcc: fix Amlogic format modifier masks (git-fixes). - drm/virtio: make sure context is created in gem open (git-fixes). - drm: rcar-du: Fix the return check of of_parse_phandle and of_find_device_by_node (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (git-fixes). - commit d709b9b - clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined (git-fixes). - spi: imx: Don't print error on -EPROBEDEFER (git-fixes). - spi: cadence-quadspi: Abort read if dummy cycles required are too many (git-fixes). - platform/x86: intel_pmt_crashlog: Add dependency on MFD_INTEL_PMT (git-fixes). - platform/x86: intel_pmt_telemetry: Add dependency on MFD_INTEL_PMT (git-fixes). - platform/x86: intel_pmt: Make INTEL_PMT_CLASS non-user-selectable (git-fixes). - watchdog: intel-mid_wdt: Postpone IRQ handler registration till SCU is ready (git-fixes). - drm/vc4: hdmi: Take into account the clock doubling flag in atomic_check (git-fixes). - commit 112de11 - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes). - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes). - gma500: clean up error handling in init (git-fixes). - commit af18775 - rtc: s5m: select REGMAP_I2C (git-fixes). - spi: stm32: properly handle 0 byte transfer (git-fixes). - spi: atmel: Put allocated master before return (git-fixes). - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes). - spi: spi-synquacer: fix set_cs handling (git-fixes). - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes). - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes). - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes). - commit fbcd516 - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - regulator: s5m8767: Drop regulators OF node reference (git-fixes). - regulator: s5m8767: Fix reference count leak (git-fixes). - regulator: axp20x: Fix reference cout leak (git-fixes). - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes). - Revert "platform/x86: ideapad-laptop: Switch touchpad attribute to be RO" (git-fixes). - commit 6d58f6a - gpio: pcf857x: Fix missing first interrupt (git-fixes). - i3c: master: dw: Drop redundant disec call (git-fixes). - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes). - i2c: iproc: update slave isr mask (ISR_MASK_SLAVE) (git-fixes). - i2c: iproc: handle only slave interrupts which are enabled (git-fixes). - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes). - drm/gma500: Fix error return code in psb_driver_load() (git-fixes). - commit e10cc76 - amba: Fix resource leak for drivers without .remove (git-fixes). - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes). - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes). - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes). - clk: meson: clk-pll: make "ret" a signed integer (git-fixes). - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes). - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes). - clk: sunxi-ng: h6: Fix CEC clock (git-fixes). - auxdisplay: ht16k33: Fix refresh rate handling (git-fixes). - commit 447d390 - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - Use the above upstream patch to replace the following in-house patch, patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch. - commit ef2652a - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529). - dm: use noio when sending kobject event (bsc#1177529). - dm thin metadata: fix lockdep complaint (bsc#1177529). - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529). - commit 3e2b6d9 - blacklist.conf: remove the following lines because it is time to have them now, - a4a8d286586d4b28c8517a51db8d86954aadc74b - 3918e0667bbac99400b44fa5aef3f8be2eeada4a - commit e7046a1 - dm crypt: fix copy and paste bug in crypt_alloc_req_aead (jsc#SLE-12226). - dm crypt: defer decryption to a tasklet if interrupts disabled (jsc#SLE-12226). - dm crypt: do not call bio_endio() from the dm-crypt tasklet (jsc#SLE-12226). - dm crypt: use GFP_ATOMIC when allocating crypto requests from softirq (jsc#SLE-12226). - dm crypt: do not wait for backlogged crypto request completion in softirq (jsc#SLE-12226). - dm crypt: don't use drivers that have CRYPTO_ALG_ALLOCATES_MEMORY (jsc#SLE-12226). - commit e584169 - libbpf: Avoid false unuinitialized variable warning in bpf_core_apply_relo (bsc#1177028). - commit 2ed6283 - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: "KVM: nVMX: Emulate MTF when performing instruction emulation" (bsc#1182380). - commit df4cbaa ++++ libqmi: - update to 1.28.0: * The QmiDevice interfaces to work with the expected data format and the wwan interface name should now be considered to be specific to QMI devices exposed by the upstream 'qmi_wwan' kernel driver. If the device is exposed with a different driver (e.g. PCIe or QRTR) these methods will always fail. * The QmiDevice now supports configuring the 'pass_through' sysfs setting in the network interfaces exposed by the 'qmi_wwan' kernel driver, with a new 'qmap-pass-through' expected data format type. In this mode, the network device will be managed by the rmnet kernel driver. A new method is also provided to check in runtime whether a given expected data format value is supported by the kernel or not. * The QmiDevice now includes methods to list, create and delete links on the network interface, that can be used to setup QMAP based multiplexing of different data streams, e.g. connected to different APNs. When using the 'qmi_wwan' kernel driver, the link management logic depends on the configured expected data format: * * rmnet netlink operations will be used if 'qmap-pass-through' expected data format is configured. * * add_mux/del_mux operations will be used if 'raw-ip' expected data format is configured. * New services: * * New 'SAR' (Specific Absorption Rate) service, with support for the "Set RF State" and "Get RF State" request/responses. * New request/response/indications: * * uim: implement "Refresh Register" request/response. * * uim: implement "Refresh Register All" request/response. * * uim: implement "Refresh Complete" request/response. * * uim: implement "Refresh" indication. * * loc: implement "Get Engine Lock" request/response. * * loc: implement "Set Engine Lock" request/response. * * nas: implement "Get DRX" request/response. * * nas: implement "Get PLMN Name" request/response. * * wms: implement "Send Ack" request/response. * * wds: implement "Bind Data Port" request/response. * * wds: implement "Get Max LTE Attach PDN Number" request/response. * * wds: implement "Get LTE Attach PDN List" request/response. * * wds: implement "Set LTE Attach PDN List" request/response. * * wds: implement "Set LTE Attach PDN List" indication. * * wds: implement "Get LTE Attach Parameters" request/response. * * wds: renamed "Get Default Profile Num" to "Get Default Profile Number", and provided compat symbols to avoid breaking API. * * wds: renamed "Set Default Profile Num" to "Set Default Profile Number", and provided compat symbols to avoid breaking API. * New TLVs supported in existing messages: * * nas: added the "Rx Chain 2/3 Info" TLVs in "Get Tx Rx Info". * * nas: added the "LTE Info Timing Advance" TLV in "Get Cell Location Info". * * nas: added the "LTE Voice Domain", "CDMA Registration Zone ID", "GSM Routing Area Code", "WCDMA Routing Area Code" and "CDMA Resolved MCC" TLVs in "Get System Info". * libqmi-glib: * * Added support for 'embedded' and 'pcie' endpoint types. * * Added support for QMAPv5 data aggregation type. * qmicli: * * When built with QRTR support, the '--device' option now allows QRTR URIs (e.g. 'qrtr://0'). * * New '--link-list', '--link-add', '--link-delete' and '--link-delete-all' commands. * * New '--uim-monitor-refresh-file' command. * * New '--uim-monitor-refresh-all' command. * * New '--wds-bind-data-port' command. * * New '-loc-get-operation-mode' and '--loc-set-operation-mode' commands. * * New '-loc-get-engine-lock' and '--loc-set-engine-lock' commands. * * New '--wds-get-lte-attach-parameters' command. * * New '--wds-get-max-lte-attach-pdn-num' command. * * New '--wds-get-lte-attach-pdn-list' and '--wds-set-lte-attach-pdn-list' commands. * * Updated the '--wds-start-network' command with a timeout of 180s. * * Updated the '--wds-stop-network' command with a timeout of 120s. * * Updated the '--dms-set-firmware-preference' command to use a key-value pair based input instead of predefined fields. * collections: * * basic: added UIM event registration commands. * * basic: added UIM slot management commands. * * basic: added UIM refresh related commands. * * basic: added WDS bind data port commands. * * basic: added WDS initial LTE bearer management commands. * * basic: added NAS PLMN name commands. ++++ libxml2: - Fails to build against Python 3.9: * Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1 - Add patch libxml2-python39.patch ++++ libxml2-python: - Fails to build against Python 3.9: * Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1 - Add patch libxml2-python39.patch ++++ python-pytz: - Bump tzdata_version ++++ selinux-policy: - Update to version 20210223 - Change name of tar file to a more common schema to allow parallel installation of several source versions - Adjust fix_init.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#459 - fix adapting grub.cfg for different architectures (bsc#1182593) - 16.46 ++++ vim: - install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch) ------------------------------------------------------------------ ------------------ 2021-2-22 - Feb 22 2021 ------------------- ------------------------------------------------------------------ ++++ gpg2: - Update gpg2 for SLE15-SP3 [jsc#SLE-17559, bsc#1182572] - Remove patches fixed upstream: * gnupg-gpg-agent-ssh-agent.patch * gnupg-2.2.22-fix-segv-import-keys.patch * gnupg-Allow-redirection-from-https-to-http-for-CRLs.patch * gnupg-CRL-fetching-via-https.patch * gnupg-CVE-2018-1000858.patch * gnupg-CVE-2018-12020.patch * gnupg-CVE-2019-13050_0_of_5.patch * gnupg-CVE-2019-13050_1_of_5.patch * gnupg-CVE-2019-13050_2_of_5.patch * gnupg-CVE-2019-13050_3_of_5.patch * gnupg-CVE-2019-13050_4_of_5.patch * gnupg-CVE-2019-13050_5_of_5.patch * gnupg-CVE-2019-14855.patch - Update gpg2.keyring ++++ grub2: - Fix build error in binutils 2.36 (bsc#1181741) * 0001-Fix-build-error-in-binutils-2.36.patch - Fix executable stack in grub-emu (bsc#1181696) * 0001-emu-fix-executable-stack-marking.patch ++++ kernel-default: - blacklist.conf: Two sparse fixes 6ae58d871319 x86/asm: Annotate movdir64b()'s dst argument with __iomem 5c99720b2838 x86/asm: Add a missing __iomem annotation in enqcmds() - commit 6dcb1a5 - blacklist.conf: 20bf2b378729 x86/build: Disable CET instrumentation in the kernel - commit ade903f - Add alt-commit for non-blacklisted cherry-picks - Refresh patches.suse/1447-drm-bridge-analogix_dp-Split-bind-into-probe-and-rea.patch. - Refresh patches.suse/1776-drm-i915-Provide-the-perf-pmu.module.patch. - Refresh patches.suse/1777-drm-i915-Copy-default-modparams-to-mock-i915_device.patch. - Refresh patches.suse/1778-drm-i915-display-Check-for-an-LPSP-encoder-before-de.patch. - Refresh patches.suse/1779-drm-i915-Update-bw_buddy-pagemask-table.patch. - Refresh patches.suse/1782-drm-i915-tgl-Make-sure-TC-cold-is-blocked-before-ena.patch. - Refresh patches.suse/1826-drm-i915-Fix-cmd-parser-desc-matching-with-masks.patch. - Refresh patches.suse/1835-drm-i915-display-Ensure-that-ret-is-always-initializ.patch. - Refresh patches.suse/1851-drm-i915-fix-regression-leading-to-display-audio-pro.patch. - Refresh patches.suse/1852-drm-virtio-Revert-drm-virtio-Call-the-right-shmem-he.patch. - Refresh patches.suse/1857-drm-virtio-fix-unblank.patch. - Refresh patches.suse/1864-drm-virtio-drop-virtio_gpu_output-enabled.patch. - Refresh patches.suse/1881-drm-i915-Be-wary-of-data-races-when-reading-the-acti.patch. - Refresh patches.suse/1921-drm-i915-Stub-out-i915_gpu_coredump_put.patch. - Refresh patches.suse/2072-drm-i915-dp-Disable-Port-sync-mode-correctly-on-tear.patch. - Refresh patches.suse/2077-drm-i915-gt-Skip-trying-to-unbind-in-restore_ggtt_ma.patch. - Refresh patches.suse/drm-i915-Protect-i915_request_await_start-from-early.patch. - Refresh patches.suse/drm-i915-Protect-request-peeking-with-RCU.patch. - commit 491e3a3 - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - commit 2c3b276 - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - commit a9f0cef - RDMA/efa: Use the correct current and new states in modify QP (git-fixes). - commit f2d6e28 - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes). - commit 4f39a57 - net: rmnet: fix lower interface leak (git-fixes). - commit d007718 - net: rmnet: print error message when command fails (git-fixes). - commit 9543352 - net: qualcomm: rmnet: Allow configuration updates to existing devices (git-fixes). - commit 8b01fa7 - blacklist.conf: update the blacklist - commit a0ee69e - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489). - commit 8753fb5 - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - commit 7047a5a - ibmvnic: serialize access to work queue on remove (bsc#1065729). - commit 9671154 - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes). - commit c6ee8b1 - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - commit 229a330 - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248). - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248). - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248). - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248). - RDMA/efa: Expose minimum SQ size (bsc#1176248). - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248). - RDMA/efa: Report host information to the device (bsc#1176248). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248). - RDMA/efa: Count admin commands errors (bsc#1176248). - RDMA/efa: Count mmap failures (bsc#1176248). - RDMA/efa: Report create CQ error counter (bsc#1176248). - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248). - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248). - RDMA/efa: Properly document the interrupt mask register (bsc#1176248). - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248). - commit f3e9801 - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558). - commit 2a9e635 - arm: Update config files. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - commit 7ceb879 - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - commit 7e4ecda - supported.conf: mark Wireguard + dependencies as supported (jsc#SLE-12250) - commit 1e0196a - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547). - commit 62bcd4c - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - commit b74d860 - drivers/perf: hisi: Fix wrong value for all counters enable (SLE-14995 SLE-16234). - commit 0293acf - drivers/perf: hisi: Fix typo in events attribute array (SLE-14995 SLE-16234). - commit d024f74 - drivers/perf: hisi: Simplify hisi_read_sccl_and_ccl_id and its comment (SLE-14995 SLE-16234). - Refresh patches.suse/drivers-perf-hisi-Permit-modular-builds-of-HiSilicon.patch. - Refresh patches.suse/firmware-arm_sdei-Document-the-motivation-behind-the.patch. - commit 33b4114 - drivers/perf: hisi: update the sccl_id/ccl_id for certain HiSilicon platform (SLE-14995 SLE-16234). - commit 3cf8137 - drm/vc4: hdmi: Take into account the clock doubling flag in atomic_check (git-fixes). - commit 0eefa7d - series.conf: cleanup - update upstream references and resort: patches.suse/nvme-hwmon-rework-to-avoid-devm-allocation.patch patches.suse/perf-x86-intel-uncore-Store-the-logical-die-id-inste.patch patches.suse/perf-x86-intel-uncore-With-8-nodes-get-pci-bus-die-i.patch - commit f696cf9 - series.conf: cleanup - move unsortable patch out of sorted section patches.suse/mm-pmem-avoid-inserting-hugepage-pte-entry-with-fsdax-if-hugepage-support-is-disabled.patch - commit b1cf681 - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes). - ALSA: hda: Add another CometLake-H PCI ID (git-fixes). - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - commit d3cd0e8 - tpm: Remove tpm_dev_wq_lock (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - usb: musb: Fix runtime PM race in musb_queue_resume_work (git-fixes). - usb: dwc2: Make "trimming xfer length" a debug message (git-fixes). - usb: dwc2: Abort transaction after errors with unknown reason (git-fixes). - usb: dwc2: Do not update data length if it is 0 on inbound transfers (git-fixes). - usb: gadget: u_audio: Free requests only after callback (git-fixes). - commit 024918e - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes). - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes). - media: pwc: Use correct device for DMA (bsc#1181133). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - media: camss: missing error code in msm_video_register() (git-fixes). - media: mt9v111: Remove unneeded device-managed puts (git-fixes). - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes). - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes). - ata: ahci_brcm: Add back regulators management (git-fixes). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - ata: sata_nv: Fix retrieving of active qcs (git-fixes). - commit f91a4d1 - ASoC: simple-card-utils: Fix device module clock (git-fixes). - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes). - ASoC: cpcap: fix microphone timeslot mask (git-fixes). - ALSA: pcm: Don't call sync_stop if it hasn't been stopped (git-fixes). - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes). - ALSA: pcm: Call sync_stop at disconnection (git-fixes). - ALSA: usb-audio: Don't avoid stopping the stream at disconnection (git-fixes). - ALSA: usb-audio: More strict state change in EP (git-fixes). - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes). - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPICA: Fix exception code class checks (git-fixes). - commit 858c1eb - Move upstreamed uvcvideo fix into sorted esction - commit e05eaec - xen-blkback: fix error handling in xen_blkbk_map() (XSA-365 CVE-2021-26930 bsc#1181843). - commit e27d769 - xen-scsiback: don't "handle" error by BUG() (XSA-362 CVE-2021-26931 bsc#1181753). - commit 0c27363 - xen-netback: don't "handle" error by BUG() (XSA-362 CVE-2021-26931 bsc#1181753). - commit b515e6e - xen-blkback: don't "handle" error by BUG() (XSA-362 CVE-2021-26931 bsc#1181753). - commit 092d419 - xen/arm: don't ignore return errors from set_phys_to_machine (XSA-361 CVE-2021-26932 bsc#1181747). - commit 3c70c9d - Xen/gntdev: correct error checking in gntdev_map_grant_pages() (XSA-361 CVE-2021-26932 bsc#1181747). - commit ee9fcdf - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (XSA-361 CVE-2021-26932 bsc#1181747). - commit e4d325f - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (XSA-361 CVE-2021-26932 bsc#1181747). - commit c07de95 - Xen/x86: don't bail early from clear_foreign_p2m_mapping() (XSA-361 CVE-2021-26932 bsc#1181747). - commit 488df4e - xen/netback: fix spurious event detection for common event case (bsc#1182175). - commit 1ecc6fe ++++ kernel-default-base: - Add squashfs for kiwi installiso support (bsc#1182341) - Add fuse (boo#1182507) ++++ gcc11: - Pack %{GCCDIST}-gcc%{binsuffix}. - Add a new dependency for libgccjit. ++++ systemd: - systemd requires aaa_base >= 13.2 This dependency is required because 'systemctl {is-enabled,enable,disable} " ends up calling systemd-sysv-install which in its turn calls "chkconfig - -no-systemctl". aaa_base package has a weird versioning but the '--no-systemctl' option has been introduced starting from SLE12-SP2-GA, which shipped version "13.2+git20140911.61c1681". Spotted in bsc#1180083. ++++ patterns-microos: - added cockpit-dashboard to cockpit pattern ++++ rpm: - Add rpm-4.14.1-initialize-verifyflags.diff [bsc#1180279] ++++ systemd-default-settings: - Import 0.7 2a61f77 Convert our configuration file dropins into 'early' ones ++++ sysvinit: - Update to sysvinit 2.99: * Mostly typo and just better documentation and easier to read code comments ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#458 - Do not use shim on aarch64 for SLE Micro (based on SP2) - 16.45 ++++ yast2-trans: - Update to version 84.87.20210219.c6a06209b7: * New POT for text domain 'security'. ------------------------------------------------------------------ ------------------ 2021-2-21 - Feb 21 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ath10k: Fix lockdep assertion warning in ath10k_sta_statistics (git-fixes). - ath10k: Fix suspicious RCU usage warning in ath10k_wmi_tlv_parse_peer_stats_info() (git-fixes). - mt76: mt7915: fix endianness warning in mt7915_mcu_set_radar_th (git-fixes). - Bluetooth: hci_qca: Fix memleak in qca_controller_memdump (git-fixes). - commit a23b170 - soc: aspeed: snoop: Add clock control logic (git-fixes). - memory: ti-aemif: Drop child node when jumping out loop (git-fixes). - reset: hisilicon: correct vendor prefix (git-fixes). - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes). - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case (git-fixes). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - ath10k: Fix error handling in case of CE pipe init failure (git-fixes). - commit 8d04463 ++++ mozilla-nss: - update to NSS 3.61 * required for Firefox 86 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. ------------------------------------------------------------------ ------------------ 2021-2-20 - Feb 20 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - commit 8931641 - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - commit 1bd8cc0 - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes). - commit 8ecb099 - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes). - commit a6a4d18 - net: rmnet: fix bridge mode bugs (git-fixes). - commit 6828c73 - net: rmnet: use upper/lower device infrastructure (git-fixes). - commit 604e5d6 - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes). - commit 358ab29 - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes). - commit 4387992 - net: rmnet: fix suspicious RCU usage (git-fixes). - commit 5258625 - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes). - commit 8bdc771 - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes). - commit e563469 ++++ libvirt: - Remove old initscript patching of libvirt-guests.sh Modified suse-libvirt-guests-service.patch boo#1182494 ------------------------------------------------------------------ ------------------ 2021-2-19 - Feb 19 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490). - commit d0034b8 - KVM: nVMX: don't clear mtf_pending when nested events are blocked (bsc#1182489). - commit c9e5f4e - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591). - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591). - ibmvnic: serialize access to work queue on remove (bsc#1182485 ltc#191591). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591). - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591). - ibmvnic: Set to CLOSED state even on error (bsc#1182485 ltc#191591). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591). - commit 8ab7740 ++++ rdma-core: - Update to rdma-core v33.1 - No release notes available - Drop support for libnes - Drop support for libnes by removing patch: - Revert-libnes-Remove-libnes-from-rdma-core.patch - Refresh patches against latest sources: - Revert-libcxgb3-Remove-libcxgb3-from-rdma-core.patch - cxgb3-nes-fix-declaration-of-free_context.patch has been replaced by cxgb3-fix-declaration-of-free_context.patch - Add patches for cxgb3 support against newest API - cxgb3-fix-support-for-new-uquery-API.patch - Enable LTO support - Trigger udevadm in rdma-ndd %post (bsc#1182391) ++++ openldap2: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch ++++ python3-core: Update to 3.6.13, final release of 3.6 branch: * Security - bpo#42967 (bsc#1182379, CVE-2021-23336): Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. - bpo#42938 (bsc#1181126, CVE-2021-3177): Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. - bpo#42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. - bpo#42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files. - bpo#40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely. * Core and Builtins - bpo#35560: Fix an assertion error in format() in debug build for floating point formatting with “n” format, zero padding and small width. Release build is not impacted. Patch by Karthikeyan Singaravelan. * Library - bpo#42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases). * Tests - bpo#42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na. - bpo#41944: Tests for CJK codecs no longer call eval() on content received via HTTP. - Patches removed, because they were included in the upstream tarball: - CVE-2020-27619-no-eval-http-content.patch - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch ++++ systemd: - Add 0001-conf-parser-introduce-early-drop-ins.patch Introduce early configuration drop-in file. This type of drop-ins are reserved for vendor own purposes only and should never been used by users. It might be removed in the future without any notice. ++++ python3: Update to 3.6.13, final release of 3.6 branch: * Security - bpo#42967 (bsc#1182379, CVE-2021-23336): Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. - bpo#42938 (bsc#1181126, CVE-2021-3177): Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. - bpo#42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. - bpo#42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files. - bpo#40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely. * Core and Builtins - bpo#35560: Fix an assertion error in format() in debug build for floating point formatting with “n” format, zero padding and small width. Release build is not impacted. Patch by Karthikeyan Singaravelan. * Library - bpo#42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases). * Tests - bpo#42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na. - bpo#41944: Tests for CJK codecs no longer call eval() on content received via HTTP. - Patches removed, because they were included in the upstream tarball: - CVE-2020-27619-no-eval-http-content.patch - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch ++++ python-M2Crypto: - Add 293_sslv23_padding.patch to avoid using RSA_SSLV23_PADDING (gl#m2crypto/m2crypto#293, gh#openssl/openssl#14216). ++++ python-py: - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) ++++ qemu: - Fix issue of virtio-9p-ccw having been mistakenly dropped from qemu (bsc#1182496) hw-s390x-fix-build-for-virtio-9p-ccw.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#457 - fix kernel & initrd location for x86_64 (bsc#1182239) - 16.44 - fix library dependency check - 16.43 - drop linuxefi/initrdefi on x86_64 - enable shim on aarch64 ------------------------------------------------------------------ ------------------ 2021-2-18 - Feb 18 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.30.0: + Increase timeout of NetworkManager-wait-online.service to 60 seconds. + Add "ipv4.dhcp-client-id=ipv6-duid" option for RFC4361. + The dhcpcd plugin now requires a minimum version of dhcpcd-9.3.3 with the --noconfigure option. Using an older version will cause dhcpcd to exit with a status code of 1. + Support building against musl libc. + Support new ethtool offload features. + Add support for WPA3 Enterprise Suite-B 192 bit mode. + Add support for handling Veth devices. + New hostname settings for controlling configuring the hostname from reverse DNS lookup and from DHCP. + OVS: support configuring external-ids. + libnm: nm_setting_bond_add_option() no longer validates the option that is set. Instead, use nm_connection_verify() to validate the profile. + libnm: add support for reading/writing keyfile format. This required to relicense previously GPL-2.0+ code as LGPL-2.1+ with the agreement of the copyright holders. + initrd: - Support for rd.net.timeout.carrier option. - Support new ip method "link6" for IPv6 link-local only. + build: new configure option to set path to "polkit-agent-helper-1". + Many bugfixes and improvements. + Updated translations. - Change License to GPL-2.0-or-later and LGPL-2.1-or-later, following upstream. - Replace %systemd_requires with %systemd_ordering. ++++ e2fsprogs: - Remove autoreconf (and resulting dependencies) from the spec file. The upstream configure script should be fine. ++++ grub2: - Restore compatibilty sym-links * grub2.spec - Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044) * grub2.rpmlintrc ++++ keepalived: - Make sure we pull in the libraries we need for dlopen, by following the symlinks from the .so symlinks with the requires_file macro. ++++ kernel-default: - kABI: repair, after "nVMX: Emulate MTF when performinginstruction emulation" kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine. - commit d47d125 - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446). - commit 8620c20 - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446). - commit da2337f - patches.suse/ext4-Avoid-freeing-inodes-on-dirty-list.patch: Move to sorted section, update tags - commit d9f0c0d - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - commit a4f4504 - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - commit 1201ea7 - ext4: don't remount read-only with errors=continue on reboot (bsc#1182464). - commit d554ce9 - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - commit 2354cfd - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - commit 2c4183a - quota: Sanity-check quota file headers on load (bsc#1182461). - commit 5a95e11 - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - commit 6f11bc3 - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459). - commit 97d2ec0 - ubifs: wbuf: Don't leak kernel memory to flash (bsc#1182458). - commit bce8f1a - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457). - commit 80e0969 - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456). - commit bf8f1af - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). patches.suse/ubifs-xattr-Fix-some-potential-memory-leaks-while-it.patch: Refresh and add now relevant bits. - commit 0b538c3 - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454). - commit fdbb549 - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - commit 5f81ca3 - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - commit 798e94c - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - commit 5a6cff9 - ext4: prevent creating duplicate encrypted filenames (bsc#1182446). - commit ebbed3b - block: fix inflight statistics of part0 (bsc#1182445). - commit 3645427 - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444). - commit 25d39da - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443). - commit a0c44a1 - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442). - commit bc0709b - block: respect queue limit of max discard segment (bsc#1182441). - commit 78f8ad6 - block: virtio_blk: fix handling single range discard request (bsc#1182439). - commit a829826 - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430). - commit 251c330 - drm/i915/tgl+: Make sure TypeC FIA is powered up when initializing it (git-fixes). - Revert "drm/amd/display: Update NV1x SR latency values" (git-fixes). - drm/amd/display: Release DSC before acquiring (git-fixes). - drm/amd/display: Add more Clock Sources to DCN2.1 (git-fixes). - drm/amd/display: Fix DPCD translation for LTTPR AUX_RD_INTERVAL (git-fixes). - drm/i915/gt: Define guc firmware blob for older Cometlakes (git-fixes). - commit 50eabd2 - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes). - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes). - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes). - commit 0a02ed8 - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes). - firmware_loader: align .builtin_fw to 8 (git-fixes). - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes). - commit 3ec7f46 - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380). - commit d82f9c0 - tracing: Check length before giving out the filter buffer (git-fixes). - commit d3dfea0 - tracing: Do not count ftrace events in top level enable output (git-fixes). - commit 9eb30ee - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes). - commit 19d30cc - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406). - commit 0a00f86 - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - commit 5527d63 - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - commit ac6ab62 - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - commit f19dffe ++++ kmod: - Fix grub's requoted kernel parameters (bsc#1181111) * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch ++++ libnettle: - GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha ++++ perl-ExtUtils-MakeMaker: - updated to 7.60 see /usr/share/doc/packages/perl-ExtUtils-MakeMaker/Changes 7.60 Wed 17 Feb 10:45:47 GMT 2021 No changes since v7.59_01 7.59_01 Tue 2 Feb 09:47:29 GMT 2021 Bug fixes: - Don't allow hyphens in parsed versions Test fixes: - Use correct hint file name in hints.t ++++ python-Jinja2: - Fixed IndentationError in CVE-2020-28493.patch (bsc#1182244) ++++ qemu: - Tweaked some spec file details to be again compatible with quilt setup using the spec file as input - Remove BuildRequires that were added in anticipation of building ovmf within this package. We have not taken that route ++++ strace: - Add strace-readelf-debug-dump-info-wide-output-changes-in-2.36.patch in order to workaround gh#171 issue related to the latest binutils release (https://sourceware.org/bugzilla/show_bug.cgi?id=27309). ++++ installation-images-LeapMicro: - unify all EFI-using grub configurations into a single config file (bsc#1182239) - Use one grub.cfg for all ARM architectures - merge gh#openSUSE/installation-images#455 - allow wildcards in modinfo firmware names (bsc#1180336) - 16.42 - merge gh#openSUSE/installation-images#454 - spec: no longer have ports project for Leap since 15.3 - 16.41 - merge gh#openSUSE/installation-images#452 - remove some obsolete parts from installation-images (bsc#1182291) - rewrite check_libs script - fix zenworks image build - 16.40 ++++ vim: - source correct suse.vimrc file (boo#1182324) ------------------------------------------------------------------ ------------------ 2021-2-17 - Feb 17 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.39.90: + Fix build with X11 disabled. + Various fixes for the new device API used for key monitoring and grabbing. + Fixed several memory leaks. ++++ crypto-policies: - Update to version 20210213.5c710c0: [bsc#1180938] * setup_directories(): perform safer creation of directories * save_config(): avoid re-opening output file for each iteration * save_config(): break after first match to avoid unnecessary stat() calls * CryptoPolicy.parse(): actually stop parsing line on syntax error * ProfileConfig.parse_string(): correctly extended subpolicies * Exclude RC4 from LEGACY * Introduce rc4_md5_in_krb5 to narrow AD_SUPPORT * code style: fix 'not in' membership testing * pylintrc: tighten up a bit * formatting: avoid long lines * formatting: use f-strings instead of format() * formatting: reformat all python code with autopep8 * nss: postponing the version check again, to 3.61 * Revert "Unfortunately we have to keep ignoring the openssh check for sk-" ++++ dracut: - Update to version 052+suse.93.g7bfaa6d9: * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167) - Update to version 052+suse.91.gb30dce3c: * chore: update suse/dracut.spec - Update to version 052+suse.88.gc78b4ac8: Highlights: https://github.com/dracutdevs/dracut/releases/tag/052 * fix(i18n): get rid of `eval` calls * fix(i18n): create the keyboard symlinks again * docs: update NEWS.md and AUTHORS * chore: add `CONTRIBUTORS` target to Makefile * fix: shellcheck across multiple modules * docs: fix dracut.cmdline.7 * fix: update dbus module directory in spec file * fix: add sdaskpw and sdsyctl to spec file * fix: cosmetic comment fixes * feat(systemd-ask-password): introducing systemd-ask-password module * Revert "nbd: use systemd-run to start nbd-client" * dmsquash-live-root: squashfs in bare device * feat(systemd-sysctl): introducing systemd-sysctl module * fix: adding missing efi paths * fix: correct the squash quirk * feat(systemd-modules-load): introducing systemd-modules-load module * fix(shutdown): add timeout to umount calls (bsc#1178219) * fix: revise all module checks * fix: add missing line continuation * fix: BuildRequiring git-core is enough in dracut.spec * fix(kernel-modules): add reset controllers for arm (bsc#1180336) * 35network-legacy: discard pointless RTNETLINK message * fix(plymouth): install binaries with dependencies * fix: correct the line continuation * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set * fix(network-manager): allow override network manager version * feat(dracut.sh): allow overriding the systemctl command for sysroot * fix: use find_binary * fix(dracut.sh): don't override path with foreign sysroot * fix: quote globbing in module-setup.sh for inst_multiple * fix(dracut-install): allow globbing for multiple sources * Fix bad ls parsing * fix: move ldconfig after library workaround * feat(kernel-modules): add driver memory * feat(systemd-repart): introducing systemd-repart module * feat(dbus-daemon): introducing the dbus-daemon module * feat(dbus-broker): introducing the dbus-broker module * feat(dbus): introducing a meta module for dbus * fix(network-legacy): silent check for leaseinfo * 95nfs: fix rpc.statd installation * fix: do not set cmdline for uefi images unless asked * feat(network-legacy): send dhcp in parallel on all devices * fix(mdraid): remove offroot * fix(mdraid): add grow continue service * fix(spec): add new systemd-coredump module to spec * fix(watchdog): replace return with echo * feat(systemd-coredump): introducing systemd-coredump module * prepare usrmerge (boo#1029961) * test: incr. disk size for TEST 35 ISCSI-MULTI * fix(skipcpio): edit skipcpio.c: strstr -> memmem * fix(1007): adding shared keyring mode to type unit * feat(systemd-sysusers): introducing systemd-sysuser module * feat(systemd-sysusers): introducing systemd-sysuser module * fix(1001): use efivars fs over the deprecated sysfs entries * fix(kernel-network-modules): also install modules from mdio subdirectory * fix(06dbus): do not hardcode path to dbus utils * fix(06dbus): do not hardcode path to systemd unit * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set * fix(99squash): use kernel config instead of modprobe to check modules * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir * fix(90kernel-modules): install generic crypto modules with hostonly unset * feat: add addional global variables * fix: add a missing efi support * chore(removal): eliminate bootchart module * feat: add addional global variables * feat(cli): add --no-uefi option * chore(github): add CODEOWNERS file * chore(cleanup): remove logrotate file * fix(35network-manager): avoid restarting NetworkManager * chore: Add configuration for vim * chore: Add editorconfig * chore: Editors * test(conventional): add Conventional Commits PR github action * docs(development): add HACKING.md ++++ transactional-update: - Version 3.1.4 - SELinux: Fix syncing of SELinux attributes when using overlays - SELinux: Tag the overlay directory itself (again) ++++ glib2: - Update to version 2.67.4: + Add a `g_string_replace()` function. + Add `G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER` flag to simplify the common case for writing a D-Bus authentication observer, allowing most uses of `GDBusAuthObserver` to be dropped. + Add a new `g_spawn_with_pipes_and_fds()` variant which supports renumbering FDs. + Add new g_memdup2() API to replace g_memdup(), which is vulnerable to a silent integer truncation and heap overflow problem if not used carefully. + Fix various regressions caused by rushed security fixes in 2.66.6. + Fix a silent integer truncation when calling g_byte_array_new_take() for byte arrays bigger than G_MAXUINT. + Fix `g_utf8_strdown()` to fix some issues in Turkish. + Updated translations. ++++ kernel-default: - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381). - commit ffa8b86 - net/tls: Except bond interface from some TLS checks (bsc#1181719). - net/tls: Device offload to use lowest netdevice in chain (bsc#1181719). - net/bonding: Declare TLS RX device offload support (bsc#1181719). - net/bonding: Implement TLS TX device offload (bsc#1181719). - net/bonding: Take update_features call out of XFRM funciton (bsc#1181719). - net/bonding: Implement ndo_sk_get_lower_dev (bsc#1181719). - net/bonding: Take IP hash logic into a helper (bsc#1181719). - net: netdevice: Add operation ndo_sk_get_lower_dev (bsc#1181719). - commit 3880919 - drm/i915/guc: Update to use firmware v49.0.1 (CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 bsc#1181720 bsc#1181735 bsc#1181736 bsc#1181738). - commit d2373bb - KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374). - commit c629183 - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes). - Update config files. - commit dd6e75e - drm/i915/guc: Update to use firmware v49.0.1 (CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 bsc#1181720 bsc#1181735 bsc#1181736 bsc#1181738). - drm/i915: Update TGL and RKL HuC firmware versions (CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 bsc#1181720 bsc#1181735 bsc#1181736 bsc#1181738). - commit 44f462f - vfio-pci/zdev: Add zPCI capabilities to VFIO_DEVICE_GET_INFO (jsc#SLE-13841). - s390/default: Set CONFIG_VFIO_PCI_ZDEV=y. - vfio: Introduce capability definitions for VFIO_DEVICE_GET_INFO (jsc#SLE-13841). - s390/pci: track whether util_str is valid in the zpci_dev (jsc#SLE-13841). - s390/pci: stash version in the zpci_dev (jsc#SLE-13841). - commit 0136f7b - Update config files: Set reset-raspberrypi as builtin (bsc#1180336) This driver is needed in order to boot through USB. Ideally the kernel module should be selected by dracut, but it's not. So make it builtin until the relevant dracut fixes are available. - commit b773757 - fix patch metadata - fix Patch-mainline: patches.suse/0003-caif-no-need-to-check-return-value-of-debugfs_create.patch - commit f7a521f - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472) - commit acb3f2a - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472) - commit 039ccc9 - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472) - commit 0e99073 - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472) - commit 03d6bea - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489) - commit b8a95b9 - drm/meson: Unbind all connectors on module removal (bsc#1152472) - commit b5e929b - matroxfb: avoid -Warray-bounds warning (bsc#1152472) - commit f5716ba - rpm/config.sh: Enable armv7hl build in an extra project (jsc#SLE-17212) The armv7hl is built on OBS openSUSE:Step:15-SP3 project - commit 8215a31 ++++ libgcrypt: - libgcrypt 1.9.2: * Fix building with --disable-asm on x86 * Check public key for ECDSA verify operation * Make sure gcry_get_config (NULL) returns a nul-terminated string * Fix a memory leak in the ECDH code * Fix a reading beyond end of input buffer in SHA2-avx2 - remove obsolete texinfo packaging macros ++++ pcsc-lite: - version 1.9.1 * Do not (possibly) lock a reader if allocating hCard fails * Fix a hang in SCardTransmit() * Do not report an error if the wrong interface is used by the driver * Update reader state when a card is removed during an exchange * readerfactory: Make sure a freed Reader Context is not accessed * PHSetProtocol(): supports T=0&1 cards on T=0 reader * hotplug-libusb: . support CCIDCLASSDRIVER . add interface name to reader name . remove obsolete libhal scheme * Some other minor improvements ++++ systemd: - Drop use of %systemd_postun in %postun This macro is supposed to operate on units but it was used without passing any parameters. This call was probably used for issuing a daemon-reload but the following calls to %systemd_postun_with_restart imply that already. So let's simply drop it. ++++ libvirt: - qemu: Add virtio related options to vsock 8a4b8996-conf-move-virDomainCheckVirtioOptions.patch, c05f0066-conf-drop-empty-virDomainNetDefPostParse.patch, 19d4e467-conf-improve-virDomainVirtioOptionsCheckABIStability.patch, bd112c9e-qemu-virtio-options-vsock.patch bsc#1182365 ++++ libzypp: - Patch: Identify well-known category names (bsc#1179847) This allows to use the RH and SUSE patch categrory names synonymously: (recommendedi = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. (bsc#1181874) - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - BuildRequires: libsolv-devel >= 0.7.17. - version 17.25.7 (22) ++++ linux-glibc-devel: - Update to kernel headers 5.11 ++++ python-M2Crypto: - OpenSSL allows the verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE * This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate. - Add python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch (Thanks for Debian, https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff8) - Add source signature file ++++ qemu: - Fix uninitialized variable in ipxe driver code (boo#1181922) ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch - Add a few improvements to the git-based package workflow scripts ++++ strace: - Update to strace 5.11 * Improvements * Implemented poke injection (--inject=SET:poke_enter= and - -inject=SET:poke_exit= options). * Implemented decoding of epoll_pwait2 syscall introduced in Linux 5.11. * Implemented decoding of GPIO_* ioctl commands. * Implemented decoding of FS_IOC_FS[GS]ETXATTR, FS_IOC_[GS]ETFLAGS, and FS_IOC32_[GS]ETFLAGS ioctl commands. * Implemented decoding of SIOCADDMULTI, SIOCDELMULTI, SIOCGIFENCAP, SIOCOUTQNSD, SIOCSIFENCAP, and SIOCSIFHWBROADCAST ioctl commands. * Implemented decoding of UBI_IOCRPEB and UBI_IOCSPEB ioctl commands. * Implemented decoding of V4L2_BUF_TYPE_META_CAPTURE, V4L2_BUF_TYPE_META_OUTPUT, and VIDIOC_QUERY_EXT_CTRL ioctl commands. * Updated lists of BPF_*, BTRFS_*, CLOSE_RANGE_*, ETH_*, IORING_*, KVM_*, PR_*, PTRACE_*, RTA_*, RTAX_*, RTM_*, RTNH_*, SCTP_*, SO_*, SYS_*, UFFD_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 5.11. * Bug fixes * Fixed decoding of SIOCGIFINDEX, SIOCBRADDIF, and SIOCBRDELIF ioctl commands. ++++ systemd-default-settings: - Import 0.6 d3fab7c Introduce SLE-Micro branding ------------------------------------------------------------------ ------------------ 2021-2-16 - Feb 16 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Rebase avahi-daemon-check-dns-suse.patch, and drop privileges when invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720). - Add sudo to requires: used to drop privileges. ++++ e2fsprogs: - Update to 1.46.1: * Fix setting extended attributes in libext2fs and debugfs * Fix e2fsck to accept large_dir directories greater than 4G * Fix fast commit support on big endian architectures * Fix mke2fs -d to correctly import a small file stored using inline_data feature and which has ACL or extended attribute * Various compilation fixes * Speedup bitmap loading for large filesystems using multiple threads * Speedup mke2fs for bigalloc filesystems * E2fsck fixes when rehashing directories * Fix e2fsck crashes on maliciously corrupted filesystems * Fix e2fsck handling of duplicated case-folded file names * Implement hashed directory support in libext2fs * Support for fast commit feature * Support for combination of casefolding and encryption * Support for stable inodes feature * Add support for per-inode DAX flag * Fix tune2fs to unlock MMP on failure * Fix e2fsck buffer overflow when scanning directory blocks * Fix resize2fs overflowing block group descriptors with 1k block size - delete e2fsprogs-1.45.2-gettext.patch - it was merged upstream - Add autoconf-archive to build requirements - Fix installation of info files for older distros ++++ gptfdisk: - fix regression from version 1.0.6: misleading warning when reading MBR disks, upstream commit f063fe08e424c99f133df18bf9dce49c851bcb0a - Add fix-spurious-warnings.patch ++++ gsettings-desktop-schemas: - Update to version 40.beta: + Use pgUp/Down shortcuts for horizontal workspace switching. + Add super-based workspace navigation shortcuts. + Remove “gnome-fallback” as a valid session name. + Fix summary of `two-finger-scroll-enabled` key. + Updated translations. ++++ kernel-default: - config.conf: Enable armv7hl build (jsc#SLE-17212) The build is still not triggered as it's missing SUSE:* projects - commit b8c9b59 - Update config files: Enable UDC useful for arm64 (jsc#SLE-14042) - supported.conf: Set arm64 UDCs as optional - commit 4427f1e - Refresh patches.suse/powerpc-64-signal-Fix-regression-in-__kernel_sigtram.patch powerpc/64/signal: Fix regression in fixing regression in __kernel_sigtramp_rt64() semantics Fixes: [ 1.424052] systemd[142]: /usr/lib/systemd/system-generators/dracut-rootfs-generator terminated by signal SEGV. ... /.build/build-vm: line 521: 208 Segmentation fault $0 "$@" [ 2.595622] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b - commit 031f2c1 - Update config files. Enable USB_GADGET(jsc#SLE-14042) After discussion what the feature request implied, it was decided that gadget mode is also needed on x86_64 - commit 4402673 - arm64/64kb: Enable 52-bit virtual and 52-bit physical addresses. These features have been rejected solely because of their dependency on 64k page size. - commit afe8527 - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - commit 2c2d766 - Make a 64kb kernel flavor for arm64 (jsc#SLE-15406) Add a kernel flavor with a 64kb PAGE_SIZE. Only the page size has been changed explicitly; all other config option changes are caused by Kconfig dependencies. - commit e9424d3 - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - commit 52ed672 - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes). - commit 6058ba7 - net: stmmac: Fix the TX IOC in xmit path (git-fixes). - commit 0d8ff7f - net: stmmac: Enable 16KB buffer size (git-fixes). - commit c5a734b - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - commit c88cefc - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - commit d10b760 - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes). - commit 53673df - net: stmmac: Do not accept invalid MTU values (git-fixes). - commit ac657b6 - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes). - commit 8826854 - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - commit 7a8758b - caif: no need to check return value of debugfs_create functions (git-fixes). - commit 756b62e - net: axienet: Fix error return code in axienet_probe() (git-fixes). - commit 6ec2abe - net: netsec: Correct dma sync for XDP_TX frames (git-fixes). - commit 8040572 - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353). - commit 76fde4b ++++ kernel-firmware: - Correct the RPi4 brcm config to recover the WiFi breakage (bsc#1182320): Revert-brcm-rpi4-boardflags3-bit.patch ++++ util-linux: - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ++++ openldap2: - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch ++++ qemu: - Include additional upstream patches designated as stable material and reviewed for applicability to include here blockjob-Fix-crash-with-IOthread-when-bl.patch monitor-Fix-assertion-failure-on-shutdow.patch qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch qemu-storage-daemon-Enable-object-add.patch ++++ supportutils: - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV) pr#88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR + ha.txt: Fix pacemaker.log location for SLE15 pr#90 + supportconfig: use readlink /proc//cwd to get cwd list instead of lsof pr#91 + supportconfig: sssd_info consistency pr#93 + Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#453 - Add kernel modules necessary for Raspberry Pi 4 (bsc#1180336) - 16.39 - merge gh#openSUSE/installation-images#449 - etc: update module.config to match 5.11 (bsc#1182301) - 16.38 ++++ u-boot-rpiarm64: Fix boot for BananaPi R2 (bsc#1180732). Speed up boot time for RPi2. Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches added: 0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch 0033-configs-RPi2-Disable-EFI-Grub-worka.patch - Add qemu-riscv64spl Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches added: 0031-efi_loader-Avoid-emitting-efi_var_b.patch - Drop pcm051rev3 for Phytec Wega board ++++ util-linux-systemd: - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ------------------------------------------------------------------ ------------------ 2021-2-15 - Feb 15 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.1.3 - Fix overlay syncing on SELinux systems - Fix resuming transactions where the parent does not exist any more ++++ kernel-default: - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).") - commit 606c9d1 - ahci: Add support for Dell S140 and later (jsc#SLE-14457). - commit 7fa1bda - xfs: ratelimit xfs_discard_page messages (bsc#1182283). - commit 672719e - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278). - commit 55cdbf1 - Drop HID logitech patch that caused a regression (bsc#1182259) Delete patches.suse/HID-logitech-dj-add-the-G602-receiver.patch blacklist.conf: add the dropped entry - commit fc205a0 - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276). - commit 68a744e - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275). - commit adf2653 - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273). - commit 5d5cd17 - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272). - commit 5d91094 - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489). - commit 52e6a50 - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271). - commit 0a8fcac - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268). - commit f6143c2 - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267). - commit 81b879a - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266). - commit a860e79 - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265). - commit 961749a - mm: thp: fix MADV_REMOVE deadlock on shmem THP (CVE-2020-29368, bsc#1179660.). - commit 9d15b36 - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() (CVE-2020-29368, bsc#1179660.). - commit 842b18f - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - commit c29e77d - blacklist.conf: 20bf2b378729 x86/build: Disable CET instrumentation in the kernel - commit ae0a855 - Update config files. CONFIG_IRQ_TIME_ACCOUNTING=n on ppc64 Fixes: ce08519dfa669 - commit 3aeb7fd - blacklist.conf: Append 'drm/mediatek: Remove duplicated include' - commit ecb87cb - drm/dp_mst: Don't report ports connected if nothing is attached to (bsc#1152489) - commit 00ff66f - drm/i915: Fix overlay frontbuffer tracking (bsc#1152489) - commit 4516e0f - blacklist.conf: Append 'drm/i915/gem: Support parsing of oversize batches' - commit e3b72f7 - blacklist.conf: Append 'drm/amd/display: Add missing "Copy GSL groups when committing a new context"' - commit 5abd636 - blacklist.conf: Append 'drm/i915: Filter wake_flags passed to default_wake_function' - commit 0a7430b - blacklist.conf: Append 'drm/i915/gem: Reduce context termination list iteration guard to RCU' - commit 6bbec31 - drm/i915/gt: Only transfer the virtual context to the new engine if (bsc#1152489) Backporting notes: * context changes - commit 3e2a61c - blacklist.conf: Append 'drm/i915/selftests: Avoid passing a random 0 into ilog2' - commit f3cb566 - blacklist.conf: Append 'drm/i915: Fix wrong return value in intel_atomic_check()' - commit 2ef532e - blacklist.conf: Append 'drm/i915/gt: Protect defer_request() from new waiters' - commit 2230231 - blacklist.conf: Append 'drm/mediatek: Fix can't get component for external display plane.' - commit edafa6b - x86/pci: Create PCI/MSI irqdomain after x86_init.pci.arch_init() (bsc#1181572). - commit 7161d5a ++++ patterns-microos: - remove systemd-logger from pattern ++++ sysuser-tools: - Don't abort on unbound first argument ++++ u-boot-rpiarm64: - Fix binary extension for sunxi based boards ++++ yast2-trans: - Update to version 84.87.20210212.15272017a9: * New POT for text domain 'ncurses'. * New POT for text domain 'base'. * New POT for text domain 'update'. * New POT for text domain 'installation'. * New POT for text domain 'network'. ------------------------------------------------------------------ ------------------ 2021-2-14 - Feb 14 2021 ------------------- ------------------------------------------------------------------ ++++ docker: [NOTE: This update was only ever released in SLES and Leap.] - It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop the patch entirely. bsc#1180401 bsc#1182168 - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch ++++ golang-github-docker-libnetwork: [NOTE: This update was only ever released in SLES and Leap.] - It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop the patch entirely. bsc#1180401 bsc#1182168 - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch ++++ kernel-default: - fix patch metadata - fix upstream reference: patches.suse/net-hns3-add-a-check-for-queue_id-in-hclge_reset_vf_.patch - commit 33a1a9d - series.conf: cleanup - move unsortable patch out of sorted section patches.suse/powerpc-pseries-extract-host-bridge-from-pci_bus-pri.patch - commit 05c22a3 - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (git-fixes). - drm/sun4i: Fix H6 HDMI PHY configuration (git-fixes). - drm/sun4i: dw-hdmi: always set clock rate (git-fixes). - drm/sun4i: tcon: set sync polarity for tcon1 channel (git-fixes). - drm/dp_mst: Don't report ports connected if nothing is attached to them (git-fixes). - drm/vc4: hvs: Fix buffer overflow with the dlist handling (git-fixes). - drm/i915: Fix overlay frontbuffer tracking (git-fixes). - drm/nouveau/nvif: fix method count when pushing an array (git-fixes). - commit f9287ec - regulator: Fix lockdep warning resolving supplies (git-fixes). - commit 83723b8 - i2c: stm32f7: fix configuration of the digital filter (git-fixes). - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes). - mac80211: 160MHz with extended NSS BW in CSA (git-fixes). - iwlwifi: mvm: guard against device removal in reprobe (git-fixes). - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes). - iwlwifi: pcie: fix context info memory leak (git-fixes). - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes). - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes). - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes). - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes). - commit c869ffc ++++ libpcap: - Update to 1.10.0 * Require, and assume, some level of C99 support in the C compiler * Add support for capturing on DPDK devices * rpcap: support rpcap-over-TLS * Fix some memory leaks, including in pcap_compile() * Linux: handle systems without AF_INET or AF_UNIX socket support * Catch invalid IPv4 addresses in filters * Show special Linux BPF offsets symbolically in bpf_image() and bpf_dump() * Linux: get rid of Wireless Extensions for turning monitor mode on * Linux: proper memory sync for PACKET_MMAP * Linux: drop support for libnl 1 and 2. * Linux: Require PF_PACKET support, and kernel 2.6.27 or later * Add DLT_LINUX_SLL2 * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live Linux captures * optimizer: add a hack to try to catch certain optimizer loops * Probe CONFIGURATION descriptor of connected USB devices * Linux: return error on interface going away, but not if it just went down * Linux: set socket protocol only after packet ring configured, reducing bogus packet drop reports * Linux: get ifdrop stats from sysfs. * Fix various security issues reported by Charles Smith at Tangible Security * Fix various security issues reported by Include Security * rpcapd: on UN*X, don't tell the client why authentication failed * Linux: when adjusting BPF programs, do not subtract the SLL[2]_HDR_LEN if the location is negative (special metadata offset) * Linux: with a timeout of zero, wait indefinitely * Linux: clean up support for some non-GNU libc C libraries * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP * Fix handling of some ioctls that fail with "permission denied" even when the ioctl isn't supported at all * Added support for ICMPv6 types 1-4 as tokens in filters * Report the DLT description in error messages * Linux: Add support for DSA data link types * Linux USB: use the snapshot length to set the buffer size, and set the len field to reflect the length in the URB * rpcapd: allow rpcapd to rebind more rapidly * Add Haiku pcap implementation * rpcap: redo protocol version negotiation to avoid problems with old servers (it still works with servers using the old negotiation, as well as servers not supporting negotiation) * Remove (unused) SITA support here. * Correctly handle pcapng captures with more than one IDB with a snspshot length greater than the supported maximum - Remove libpcap-no-old-socket.patch - Rebase libpcap-1.0.0-s390.patch ++++ tar: - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges ------------------------------------------------------------------ ------------------ 2021-2-13 - Feb 13 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (bsc#1182217). - Refresh patches.suse/edac-mce_amd-use-struct-cpuinfo_x86-cpu_die_id-for-amd-nodeid.patch. - commit bdedc9e - net: mscc: ocelot: fix address ageing time (again) (git-fixes). - commit 2561722 - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes). - commit 14e0d91 - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - commit d3915bd - net: sun: fix missing release regions in cas_init_one() (git-fixes). - commit 5243443 - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes). - commit 8f77ca6 - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - commit 6d56ae2 - EDAC/mce_amd: Add new error descriptions for existing types (bsc#1182217). - commit 8e9c253 - x86/mce, EDAC/mce_amd: Print PPIN in machine check records (bsc#1182217). - commit 6faa949 - EDAC/mce_amd: Print !SMCA processor warning only once (bsc#1182217). - commit 3bacba7 - EDAC/amd64: Do not warn when removing instances (bsc#1182217). - commit d9742d0 ------------------------------------------------------------------ ------------------ 2021-2-12 - Feb 12 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.1.2 - libtukit: Report when application was terminated due to a signal, and return the signal number as a return value. This will cause the transaction to be aborted when called via `execute`. - libtukit: Set PATH variable for internal commands to fixed value to find the helper applications, as in some environments such as PolicyKit PATH wouldn't be set. - Fix compiler warnings ++++ gtk3: - Update to version 3.24.25: + Settings: Make cursor aspect ratio setting work. + Broadway: - Fix touchscreen event handling. - Support Android / Chrome on-screen keyboard. + Wayland: - Avoid crashes with tablet input. - Add api to support clients with subsurfaces better. + Inspector: Make the inspector available in non-debug builds. + Theme: - Make scrollbars larger. - Disable shadows on maximized, fullscreen and tiled windows. + Printing: Support Avahi-discovered printers better. + Input: - Show preedit for compose sequences. - Support long compose sequences. - Support compose sequences producing multiple characters. + Updated translations. ++++ kernel-default: - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - commit 9deaa93 - powerpc/kexec_file: fix FDT size estimation for kdump kernel (bsc#1181928 ltc#190572). - commit de42489 - btrfs: Enable autodefrag (bsc#1181785) Refresh patches.suse/btrfs-8888-add-allow_unsupported-module-parameter.patch. - commit c3b1454 - ASoC: codecs: max98373-sdw: align regmap use with other codecs (git-fixes). - Refresh patches.suse/ASoC-max98373-don-t-access-volatile-registers-in-bia.patch. - commit 2986405 - ASoC: codecs: rt*.c: remove useless pointer cast (git-fixes). - ASoC: topology: Add support for WO and RO TLV byte kcontrols (git-fixes). - ASoC: codecs: rt*-sdw: use SDW_SLAVE_ENTRY_EXT (git-fixes). - ASoC: hdac_hda: allow runtime pm at end of probe (git-fixes). - commit 51b0ab6 - cxgb4: fix the panic caused by non smac rewrite (git-fixes). - commit 0f6aca4 - nvme-hwmon: rework to avoid devm allocation (bsc#1177326). - commit bc99792 - Update config files: make armv7hl/lpae a fragmented config (jsc#SLE-17212) Just for ease of maintenance - commit 8e88e72 - gpio: ep93xx: Fix single irqchip with multi gpiochips (git-fixes). - gpio: ep93xx: fix BUG_ON port F usage (git-fixes). - commit 4d3d0a7 - series.conf: cleanup - update upstream reference and resort: patches.suse/ibmvnic-Clear-failover_pending-if-unable-to-schedule.patch - commit f78f850 ++++ udisks2: - update to 2.9.2: * udiskslinuxblock: Survive a missing /etc/crypttab * lvm2: Fix leaking BDLVMVDOPooldata * tests: Test modules that are actually enabled during build * build: Exclude VDO module from distcheck build * udisksfstabentry: Add udisks_fstab_entry_has_opt() * udiskslinuxblock: Reflect fstab "noauto" mount option in HintAuto * udiskslinuxblock: Update hints after fstab change * tests: Add tests for Block hints * udiskslinuxfilesystemhelpers: Make TakeOwnership() race free * tests: Extend filesystem test_take_ownership tests with symlinks * mount options: Allow 'nosymfollow' mount option for unprivileged mounts * udisksstate: Silence the block device busy messages on cleanup lock * udev: Distinguish mmcblk-class device types * udev: Propagate mmcblk disk attributes to mmcblk_boot devices * udiskslinuxdrive: Tweak the 'removable'/'ejectable' hints for mmcblk-class devices * udiskslinuxblock: Tweak the hints for mmcblk-class devices * udisksdaemonutil: Refactor udisks_daemon_util_trigger_uevent() out of UDisksLinuxBlockObject * udiskslinuxmanager: Trigger uevent after loop device setup * tests: Remove scsi_debug serial number checks * tests: Skip zram tests if zram module is already loaded * treewide: Fix typos * AUTHORS: Add tbzatek as the maintainer * tests: Do not use nilfs2 as an example of non-resizable FS * Memory leak fixes * doc: Update config file path - drop udisks2-Fix-memory-leaks.patch, udisks2-lvm2-Fix-leaking-BDLVMVDOPooldata.patch (upstream) ++++ salt: - virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when efi=True - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Added: * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * open-suse-3002.2-xen-grub-316.patch * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch * virt-uefi-fix-backport-312.patch ++++ systemd-rpm-macros: - Bump to version 6 - Make upstream %systemd_{pre,post,preun,postun} aliases to their SUSE counterparts Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ++++ yast2: - Fixed bug introduced while adding auto wrapping (bsc#1179893) - 4.3.55 ------------------------------------------------------------------ ------------------ 2021-2-11 - Feb 11 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - merge libapparmor.changes into apparmor.changes ++++ glib2: - Update to version 2.67.3: + Add new `g_memdup2()` API to replace `g_memdup()`, which is vulnerable to a silent integer truncation and heap overflow problem if not used carefully. + Add new `g_dbus_object_path_escape()` and `g_dbus_object_path_unescape()` APIs to provide one way of escaping arbitrary bytestrings for use in D-Bus object paths. + Use `bash-completion.pc` (if available) to provide the path to install completion files into. + Fix support for public/private trigraphs in `glib-mkenums`. + Add `glib_debug` configure option to allow disabling debug infrastructure in builds with debug symbols enabled. + Fix a regression where `PATH` would always be searched when using `g_spawn()`, even when it wasn’t supposed to. + Override `gio-querymodules` in Meson when used as a submodule. + Updated translations. - Rebase glib2-dbus-socket-path.patch. - Update to version 2.67.2: + Add `gio launch` command to execute programs. + Fix unused parameter warnings in code generated by `gdbus-codegen`. + Officially deprecate `to-pixdata` option for `glib-compile-resources`, in favour of simply embedding more modern image formats in linked-in `GResource` files. + Support querying and running UWP applications on Windows. + Support `gio trash --restore` and `gio trash --list` commands. + No longer read environment variables for GIO module locations when running as setuid. + More progress on fixing compiler warnings. + `GKeyFile` performance improvements. + Improve UDP socket behaviour on Windows. + Add `-Dtests` meson configure option for disabling tests entirely. - Changes from version 1.67.1: + Deprecate `g_time_zone_new()` in favour of `g_time_zone_new_identifier()`, which makes error checking easier. + Remove `volatile` from various public APIs, including `G_DEFINE_*`. You should adjust your code to not use `volatile` for atomic variables, `GOnce` variables, or mostly anything. + Support passing file handles to `gdbus` command line tool. + Add `g_assert_cmpstrv()` test convenience function. + Changes to the behaviour of the `G_URI_FLAGS_SCHEME_NORMALIZE` scheme normalization flag in `GUri`. + Add new `--run-prefix` and `--skip-prefix` options to GTest, to allow running or skipping test suites by prefix. + Fix thread-safety of `GBinding`. + Updated translations. - Rebase glib2-bgo569829-gettext-gkeyfile.patch, glib2-fate300461-gettext-gkeyfile-suse.patch, glib2-dbus-socket-path.patch and glib2-gdbus-codegen-version.patch. - Update to version 2.66.7: + Fix various regressions caused by rushed security fixes in 2.66.6. + Fix a silent integer truncation when calling `g_byte_array_new_take()` for byte arrays bigger than `G_MAXUINT`. + Disallow using currently-undefined D-Bus connection or server flags to prevent forward-compatibility problems with new security-sensitive flags likely to be released in GLib 2.68. + Bugs fixed: glgo#GNOME/GLib!1933, glgo#GNOME/GLib!1943, glgo#GNOME/GLib!1944, glgo#GNOME/GLib!1945. - disable irrelevant warnings - use macros in spec file - simplify trigger code ++++ kernel-default: - arm64: use a common .arch preamble for inline assembly (bsc#1182114). - commit 56aeca4 - 1764c3edc66880778604f5053fe2dda7b3ddd2c1 also fixes binutils 2.36 (bsc#1182114) - commit a031455 - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - commit 2178630 - cxgb4/chtls: Fix tid stuck due to wrong update of qid (git-fixes). - chtls: Fix chtls resources release sequence (git-fixes). - chtls: Added a check to avoid NULL pointer dereference (git-fixes). - chtls: Replace skb_dequeue with skb_peek (git-fixes). - chtls: Avoid unnecessary freeing of oreq pointer (git-fixes). - chtls: Fix panic when route to peer not configured (git-fixes). - chtls: Remove invalid set_tcb call (git-fixes). - chtls: Fix hardware tid leak (git-fixes). - i40e: avoid premature Rx buffer reuse (git-fixes). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes). - chelsio/chtls: fix panic during unload reload chtls (git-fixes). - commit 6313497 - Update config files: Set ledtrig-default-on as builtin (bsc#1182128) - commit 2f7b8ce - supported.conf: Preliminary sort of contents (jsc#SLE-17212) Just sorted, no other changes - commit 5b39bec - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes). - net/mlx5e: Update max_opened_tc also when channels are closed (git-fixes). - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes). - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes). - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes). - igc: fix link speed advertising (git-fixes). - cxgb4/chtls: Fix tid stuck due to wrong update of qid (git-fixes). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes). - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes). - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes). - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (git-fixes). - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address (git-fixes). - chtls: Fix chtls resources release sequence (git-fixes). - chtls: Added a check to avoid NULL pointer dereference (git-fixes). - chtls: Replace skb_dequeue with skb_peek (git-fixes). - chtls: Fix panic when route to peer not configured (git-fixes). - chtls: Remove invalid set_tcb call (git-fixes). - chtls: Fix hardware tid leak (git-fixes). - net: hns3: fix the number of queues actually used by ARQ (git-fixes). - qed: select CONFIG_CRC32 (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: disable force link UP during port init procedure (git-fixes). - iavf: fix double-release of rtnl_lock (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - virtio_net: Fix error code in probe() (git-fixes). - ixgbe: avoid premature Rx buffer reuse (git-fixes). - i40e: avoid premature Rx buffer reuse (git-fixes). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes). - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes). - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - chelsio/chtls: fix panic during unload reload chtls (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (git-fixes). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Add handling of port type in rule deletion (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - net/mlx5: Fix deletion of duplicate rules (git-fixes). - chelsio/chtls: fix always leaking ctrl_skb (git-fixes). - chelsio/chtls: fix memory leaks caused by a race (git-fixes). - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes). - chelsio/chtls: fix deadlock issue (git-fixes). - cxgb4: set up filter action after rewrites (git-fixes). - chelsio/chtls: fix tls record info to user (git-fixes). - chelsio/chtls: correct function return and return type (git-fixes). - chelsio/chtls: correct netdevice for vlan interface (git-fixes). - chelsio/chtls: fix socket lock (git-fixes). - commit f8ae7ea - blacklist.conf: 9ad22e165994 x86/debug: Fix DR6 handling - commit b5c23b5 - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - commit b061a0d - series.conf: cleanup - update upstream references and move to sorted section: patches.suse/x86-xen-avoid-warning-in-Xen-pv-guest-with-CONFIG_AM.patch. patches.suse/xen-blkfront-allow-discard-nodes-to-be-optional.patch. - commit 9ed652c - supported.conf: fix typo "!optoinal" should be "!optional" - commit 154f90d - dmaengine: idxd: check device state before issue command (git-fixes). - dmaengine: move channel device_node deletion to driver (git-fixes). - dmaengine: idxd: fix misc interrupt completion (git-fixes). - dmaengine: idxd: Fix list corruption in description completion (git-fixes). - commit 21a74f3 - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes). - commit 8ae7076 ++++ kernel-default-base: - Add modules which got lost when migrating away from supported.conf (bsc#1182110): * am53c974 had a typo * cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress - Also add vport-* modules for Open vSwitch ++++ libapparmor: - merge libapparmor.changes into apparmor.changes ++++ pango: - Update to version 1.48.2: + Fix memory leaks reported by asan + Avoid overflow in pango_attr_list_update + Add a valgrind suppression file + Make tests more robust + Fix pango_font_describe for Emoji fonts ++++ libvirt: - qemu: Fix swtpm device with aarch64 7cf60006-qemu-swtpm-aarch64.patch, afb823fc-qemu-validate-swtpm.patch bsc#1181893 ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#133 - use shim on aarch64 (jsc#SLE-15823, jsc#SLE-15020) - 0.933 ++++ sysuser-tools: - Remove sysusers/nscd workaround ++++ u-boot-rpiarm64: - Add Pinephone ------------------------------------------------------------------ ------------------ 2021-2-10 - Feb 10 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Drop configure --libexecdir variable as it does not appear to be used by the source archive. ++++ docker: - Fix incorrect cast in SUSE secrets patches causing warnings on SLES. * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++ gnutls: - Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565] * Don't unset system priority settings in gnutls-cli-debug.sh * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387 - Add gnutls-gnutls-cli-debug.patch - Fix: Test certificates in tests/testpkcs11-certs have expired * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135 - Add gnutls-test-fixes.patch ++++ kernel-default: - fix patches metadata - fix Patch-mainline: patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch patches.suse/0003-x86-ioapic-Handle-Extended-Destination-ID-field-in-R.patch patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch patches.suse/0005-x86-kvm-Add-KVM_FEATURE_MSI_EXT_DEST_ID.patch - commit e28768c - x86/hyperv: Initialize clockevents after LAPIC is initialized (git-fixes). - commit 5954028 - drm/i915: Fix the MST PBN divider calculation (git-fixes). - drm/dp/mst: Export drm_dp_get_vc_payload_bw() (git-fixes). - drm/i915/display: Prevent double YUV range correction on HDR planes (git-fixes). - drm/i915: Power up combo PHY lanes for for HDMI as well (git-fixes). - drm/i915: Extract intel_ddi_power_up_lanes() (git-fixes). - commit 6a0d54e - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: usblp: don't call usb_set_interface if there's a single alt (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes). - drm/amd/display: Revert "Fix EDID parsing after resume from suspend" (git-fixes). - mac80211: fix station rate table updates on assoc (git-fixes). - iwlwifi: mvm: don't send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes). - commit 2244f3a ++++ multipath-tools: - Update to version 0.8.5+22+suse.e1e3c48: * multipath-tools tests: fix stringop-overflow build errors with gcc 11 (bsc#1181877) * README moved to README.md (has been converted to markdown upstream) ++++ libX11: - U_0001-_XIOError-dpy-will-never-return-so-remore-dead.patch U_0002-remove-empty-line.patch U_0003-poll_for_response-Call-poll_for_event-again-if-xcb_p.patch U_0004-poll_for_event-Allow-using-xcb_poll_for_queued_event.patch U_0005-Prepare-for-_XIOError-possibly-returning.patch U_0006-Fix-poll_for_response-race-condition.patch * fixes a race condition in libX11 that causes various applications to crash randomly (boo#1181963) - refreshed U_0001-Fix-an-integer-overflow-in-init_om.patch ++++ util-linux: - libmount: don't use "symfollow" for helpers on user mounts (boo#1181750, util-linux-libmount-dont-use-symfollow.patch) ++++ rdma-core: - Update to rdma-core v31.3 - No release notes available - Fix patch to systemd-modules-load script (bsc#1178539) - Drop srp_daemon-Fix-systemd-dependency.patch as it was merged upstream ++++ protobuf: - Fix Requires for python3 to python3-six. ++++ rpm: - Do not require the signature header to be in a contiguous region when signing [bnc#1181805] * new patch: signbadregion.diff ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#451 - Replace Raleway fonts by Poppins (jsc#SLE-14772) - 16.37 ++++ util-linux-systemd: - libmount: don't use "symfollow" for helpers on user mounts (boo#1181750, util-linux-libmount-dont-use-symfollow.patch) ++++ yast2: - Use Auto Wrapping of long lines for Yast2::Popup and Yast::Report (bsc#1179893) - 4.3.54 - Do not use the 'installation-helper' binary to create snapshots during installation or offline upgrade (bsc#1180142). - Add a new exception to properly handle exceptions when reading/writing snapshots numbers (related to bsc#1180142). - 4.3.53 ------------------------------------------------------------------ ------------------ 2021-2-9 - Feb 9 2021 ------------------- ------------------------------------------------------------------ ++++ augeas: - Add new directives and options supported in chrony since 3.3 up to 4.0. * augeas-new_options_for_chrony.patch * [bsc#1178470] * sourced from https://github.com/hercules-team/augeas/pull/698 ++++ ca-certificates-mozilla: - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ++++ crypto-policies: - Use tar_scm service, not obs_scm: With crypto-policies entering Ring0 (distro bootstrap) we want to be sure to keep the buildtime deps as low as possible. - Add python3-base BuildRequires: previously, OBS' tar service pulled this in for us. ++++ transactional-update: - Version 3.1.1 - Fix hang in tukit on aarch64 [bsc#1181844] - Prevent deletion of snapshots when resuming a snapshot where no transaction is open - Make tukit work in non-dbus environments [boo#1181934] ++++ filesystem: - Remove duplicate line due to merge error ++++ gptfdisk: - Update to 1.0.6 * Fixed bug that could cause segfault if GPT header claimed partition entries are oversized. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0256 * Fixed bug that could cause a crash if a badly-formatted MBR disk was read. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0308 * Renamed the partition type "Freedesktop $BOOT" to "XBOOTLDR partition". * Added several more Freedesktop partition table type codes (0x8312 through 0x831C). * Fixed type code definition in diskio-unix.cc that prevented 32-bit builds from correctly handling disks over 4 TiB in size. * Minor tweaks to get the software to compile on FreeBSD; that seems to have fallen into disrepair. ++++ kernel-default: - supported.conf: Mark habanalabs as supported (jsc#SLE-15232) - commit c19a913 - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137). - commit d65941e - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818). - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818). - commit 9e58921 - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes). - commit c1f82b5 - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes). - commit 2e18a60 - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes). - commit 1455e82 - net: ethernet: ti: ale: ensure vlan/mdb deleted when no members (git-fixes). - commit 6a115f1 - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes). - Refresh patches.suse/0009-net-ethernet-ti-ale-fix-seeing-unreg-mcast-packets-w.patch. - commit 0cae8d9 - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes). - commit da85a01 - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - commit 6a2d8f8 - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes). - Refresh patches.suse/net-mlx5e-Fix-CPU-mapping-after-function-reload-to-a.patch. - commit ae37f4a - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes). - commit a8003a3 - net/mlx5e: Rename hw_modify to preactivate (git-fixes). - commit d8b9674 - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes). - commit 0764cbf - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes). - commit ccdc470 - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes). - commit 855923f - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes). - commit 1115b43 - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes). - commit 7c5ca65 - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - commit 418b81d - series.conf: cleanup - update upstream reference: patches.suse/ibmvnic-Clear-failover_pending-if-unable-to-schedule.patch - commit 85f2019 - fix patch metadata - fix upstream reference: patches.suse/io_uring-Fix-current-fs-handling-in-io_sq_wq_submit_.patch - commit 90ec2ae - Rename duplicate patches to their SLE15-SP2 equivalents. This is to prepare for the next SLE15-SP2 -> SLE15-SP3 merge. - commit a7157b9 - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958). - commit 5afe23b - net/mlx5e: Release skb in case of failure in tc update skb (jsc#SLE-15172). - net/mlx5: Fix leak upon failure of rule creation (jsc#SLE-15172). - commit 67867c6 - supported.conf: Add armv7hl entries (jsc#SLE-17212) - commit 87b18a9 - selftests/bpf: Fix unused attribute usage in subprogs_unused test (bsc#1177028). - libbpf: Fix potential multiplication overflow (bsc#1177028). - libbpf: Fix another __u64 cast in printf (bsc#1177028). - libbpf: Fix compilation warnings for 64-bit printf args (bsc#1177028). - libbpf: Fix type compatibility check copy-paste error (bsc#1177028). - libbpf: Fix libbpf build on compilers missing __builtin_mul_overflow (bsc#1177028). - libbpf: Implement enum value-based CO-RE relocations (bsc#1177028). - commit 76c0289 ++++ kernel-firmware: - Update to version 20210208 (commit b79d2396bc63): * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304 * linux-firmware: add firmware for MT7921 * rtw88: RTL8821C: Update firmware to v24.8 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * i915: Add DMC v2.01 for ADL-S * i915: Add HuC v7.7.1 for DG1 * i915: Add GuC v49.0.1 for DG1 * qcom: Add venus firmware files for VPU-1.0 * qcom: Add SM8250 Compute DSP firmware * qcom: Add SM8250 Audio DSP firmware * qcom: add firmware files for Adreno a650 ++++ util-linux: - Override GTKDOCIZE with /bin/true so we can run autoreconf without needing gtk-doc as a dependency. ++++ libcap: - update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0 ++++ json-glib: - Update to version 1.6.2: + Fix build reproducibility. + Fix parsing of UTF-16 surrogate pairs. + Ignore UTF-8 BOM. ++++ libvirt: - build: Fix generation of virtproxyd socket files e3d60f76-fix-socket-file-gen.patch boo#1181838 ++++ python-Jinja2: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). Added CVE-2020-28493.patch ++++ python-pytz: - update to 2021.1: * update to IANA 2021a timezone release ++++ util-linux-systemd: - Override GTKDOCIZE with /bin/true so we can run autoreconf without needing gtk-doc as a dependency. ------------------------------------------------------------------ ------------------ 2021-2-8 - Feb 8 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - avoid file listed twice error ++++ crypto-policies: - Add a BuildIgnore for crypto-policies - Use gzip instead of xz in obscpio and sources ++++ dnsmasq: - update to 2.84: * Change HAVE_NETTLEHASH compile-time to HAVE_CRYPTOHASH * Tidy initialisation in hash_questions.c * Optimise sort_rrset for the case where the RR type * Move fd into frec_src ++++ elfutils: - Update to version 0.183: debuginfod: New thread-busy metric and more detailed error metrics. New --fdcache-mintmp and tracking of filesystem freespace. New increased webapi concurrency while grooming. debuginfod-client: DEBUGINFOD_SONAME macro added to debuginfod.h which can be used to dlopen the libdebuginfod.so library. New function debuginfod_set_verbose_fd and DEBUGINFOD_VERBOSE environment variable. config: profile.sh and profile.csh won't export DEBUGINFOD_URLS unless configured --enable-debuginfod-urls[=URLS] elflint, readelf: Recognize SHF_GNU_RETAIN. Handle SHT_X86_64_UNWIND as valid relocation target. - Remove config-do-not-define-DEBUGINFOD_URLS-environment-var.patch patch. ++++ gnutls: - gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131 - Add gnutls-ignore-duplicate-certificates.patch ++++ kernel-default: - powerpc/64/signal: Fix regression in __kernel_sigtramp_rt64() semantics (jsc#SLE-9246). - powerpc/64s: prevent recursive replay_soft_interrupts causing superfluous interrupt (jsc#SLE-9246). - commit 2c2e4e4 - Refresh patches.suse/powerpc-sstep-Fix-array-out-of-bound-warning.patch. Update metadata - commit 8349f78 - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - commit 50bd42d - powerpc: Fix alignment bug within the init sections (bsc#1065729). - commit 7810647 - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395). - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395). - powerpc/powernv/memtrace: Don't leak kernel memory to user space (bsc#1156395). - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395). - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395). - commit 735e425 - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - commit 0b8e9f9 - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - commit 5b8c72b - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - commit fb1a56e - ACPI: thermal: Do not call acpi_thermal_check() directly (git-fixes). - Refresh patches.suse/acpi_thermal_passive_blacklist.patch. - commit 1cfdad3 - genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set (git-fixes). - drm/amd/display: Fixed corruptions on HPDRX link loss restore (git-fixes). - drm/amd/display: Use hardware sequencer functions for PG control (git-fixes). - drm/amd/display: Allow PSTATE chnage when no displays are enabled (git-fixes). - mac80211: fix incorrect strlen of .write in debugfs (git-fixes). - drm/amd/display: Update dram_clock_change_latency for DCN2.1 (git-fixes). - drm/panfrost: Support cache-coherent integrations (git-fixes). - commit c563f5a - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes). - mac80211: fix fast-rx encryption check (git-fixes). - commit 504e3c0 - blacklist.conf: kABI extreely hard to work around - commit e1f9604 - platform/x86: pmt: Fix a potential Oops on error in probe (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). - commit e21ef02 - platform/x86: Intel PMT Crashlog capability driver (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). - Update config files: Build PMT Crashlog capability driver. - supported.conf: Add the PMT Crashlog capability driver. - commit 0f2da12 - platform/x86: Intel PMT Telemetry capability driver (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). - Update config files: Build PMT Telemetry capability driver. - supported.conf: Add the PMT Telemetry capability driver. - commit e0ffba9 - platform/x86: Intel PMT class driver (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). - Update config files: Build PMT class driver. - supported.conf: Add the PMT class driver. - commit 22095e8 - objtool: Don't fail on missing symbol table (bsc#1169514). - commit 1518505 - mfd: Intel Platform Monitoring Technology support (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). - Update config files: Build PMT driver on x86_64. - supported.conf: Add the PMT driver. - commit be0482a - PCI: Add defines for Designated Vendor-Specific Extended Capability (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). - commit 8eb1abf - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - commit 98010f2 - libbpf: Don't attempt to load unused subprog as an entry-point BPF program (bsc#1177028). - libbpf: Add multi-prog section support for struct_ops (bsc#1177028). - libbpf: Implement generalized .BTF.ext func/line info adjustment (bsc#1177028). - libbpf: Make RELO_CALL work for multi-prog sections and sub-program calls (bsc#1177028). - libbpf: Support CO-RE relocations for multi-prog sections (bsc#1177028). - libbpf: Parse multi-function sections into multiple BPF programs (bsc#1177028). - libbpf: Ensure ELF symbols table is found before further ELF processing (bsc#1177028). - libbpf: Normalize and improve logging across few functions (bsc#1177028). - libbpf: Skip well-known ELF sections when iterating ELF (bsc#1177028). - libbpf: Factor out common ELF operations and improve logging (bsc#1177028). - libbpf: Implement type-based CO-RE relocations support (bsc#1177028). - libbpf: Centralize poisoning and poison reallocarray() (bsc#1177028). - tools/bpftool: Remove libbpf_internal.h usage in bpftool (bsc#1177028). Refresh patches.suse/bpftool-Fix-compilation-failure-for-net.o-with-older.patch - libbpf: Remove any use of reallocarray() in libbpf (bsc#1177028). - libbpf: Improve relocation ambiguity detection (bsc#1177028). - libbpf: Clean up and improve CO-RE reloc logging (bsc#1177028). - libbpf: Improve error logging for mismatched BTF kind cases (bsc#1177028). - libbpf: Detect minimal BTF support and skip BTF loading, if missing (bsc#1177028). - libbpf: Factor out common logic of testing and closing FD (bsc#1177028). - libbpf: Make kernel feature probing lazy (bsc#1177028). - libbpf: Disable -Wswitch-enum compiler warning (bsc#1177028). - libbpf: Convert comma to semicolon (bsc#1177028). - commit dc05c31 - series.conf: cleanup - update upstream references of unsortable patches and sort them properly: patches.suse/perf-x86-intel-uncore-Store-the-logical-die-id-inste.patch patches.suse/perf-x86-intel-uncore-With-8-nodes-get-pci-bus-die-i.patch - commit b4f0fcb - fix patch metadata and move it to correct section - fix upstream reference of a non-mainline patch and move to correct section: patches.suse/net-sctp-filter-remap-copy_from_user-failure-error.patch - commit fda606d ++++ libapparmor: - avoid file listed twice error ++++ libsoup2: - Disable tls_interaction-test until resolved upstream * See https://gitlab.gnome.org/GNOME/libsoup/issues/120 - Add libsoup-skip-tls_interaction-test.patch - Fix tests: fix SSL test with glib-networking >= 2.65.90 * See https://gitlab.gnome.org/GNOME/libsoup/issues/201 - Add libsoup-fix-SSL-test.patch - Remove patches: * libsoup-disable-ssl-tests.patch * libsoup-disable-hsts-tests.patch ++++ pam: - Add a definition for pamdir to pam.spec So that a proper contents of macros.pam can be constructed. [pam.spec] ++++ qemu: - Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci from being an x86 only Recommends, to a Recommends for all arch's except s390x (boo#1181350) - Fix qemu-hw-usb-smartcard to not be a Recommends for s390x - Minor spec file tweaks for compatibility with upcoming spec file formatter - Make note that this patch takes care of an OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch ++++ toolbox: - Update to version 2.1+git20210208.a720b25: * Alleviate the need for zypper in the user toolbox script * Consolidate logging and help debugging of the user toolbox's script * Export machine-id and IPC inside the toolbox (IPC, user only) * Fix (more) formatting... ++++ yast2-trans: - Update to version 84.87.20210205.68980f3ed7: * New POT for text domain 'qt-pkg'. * New POT for text domain 'qt'. * New POT for text domain 'ncurses-pkg'. * New POT for text domain 'wol'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'relocation-server'. * New POT for text domain 'reipl'. * New POT for text domain 'registration'. * New POT for text domain 'rdp'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'multipath'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'iplb'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'cluster'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'add-on'. * Add empty po files for cc and cc-control * product-check.sh: Add support for 000product and inherited products * DOMAIN_MAP: Add system-role-common-criteria * Automatic update of wol. * Automatic update of vpn. * Automatic update of users. * Automatic update of update. * Automatic update of tune. * Automatic update of s390. * Automatic update of sysconfig. * Automatic update of support. * Automatic update of sudo. * Automatic update of storage. * Automatic update of squid. * Automatic update of sound. * Automatic update of snapper. * Automatic update of slp-server. * Automatic update of services-manager. * Automatic update of security. * Automatic update of scanner. * Automatic update of samba-server. * Automatic update of samba-client. * Automatic update of rmt. * Automatic update of relocation-server. * Automatic update of reipl. * Automatic update of registration. * Automatic update of rdp. * Automatic update of proxy. * Automatic update of printer. * Automatic update of pam. * Automatic update of packager. * Automatic update of online-update. * Automatic update of ntp-client. * Automatic update of nis_server. * Automatic update of nis. * Automatic update of nfs_server. * Automatic update of nfs. * Automatic update of network. * Automatic update of multipath. * Automatic update of migration. * Automatic update of mail. * Automatic update of ldap-client. * Automatic update of ldap. * Automatic update of kdump. * Automatic update of journalctl. * Automatic update of isns. * Automatic update of iscsi-lio-server. * Automatic update of iscsi-client. * Automatic update of iplb. * Automatic update of instserver. * Automatic update of installation. * Automatic update of http-server. * Automatic update of geo-cluster. * Automatic update of ftp-server. * Automatic update of firewall. * Automatic update of fcoe-client. * Automatic update of drbd. * Automatic update of dns-server. * Automatic update of dhcp-server. * Automatic update of crowbar. * Automatic update of country. * Automatic update of control. * Automatic update of cluster. * Automatic update of bootloader. * Automatic update of base. * Automatic update of autoinst. * Automatic update of auth-client. * Automatic update of audit-laf. * Automatic update of apparmor. * Automatic update of add-on. * New POT for text domain 'ncurses'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-2-7 - Feb 7 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: xhci-mtk: break loop when find the endpoint to drop (git-fixes). - commit bd7c89a - usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints (git-fixes). - commit 1a31126 - usb: xhci-mtk: fix unreleased bandwidth data (git-fixes). - commit 6da0a12 - usb: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes). - usb: dwc3: fix clock issue during resume in OTG mode (git-fixes). - xhci: fix bounce buffer usage for non-sg list case (git-fixes). - usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() (git-fixes). - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - commit bcaeec1 ++++ python-cryptography: - update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331): * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 - drops CVE-2020-36242-buffer-overflow.patch on older dists ------------------------------------------------------------------ ------------------ 2021-2-6 - Feb 6 2021 ------------------- ------------------------------------------------------------------ ++++ docker: [NOTE: This update was only ever released in SLES and Leap.] - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Rebase patches: * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. bsc#1180401 ++++ golang-github-docker-libnetwork: [NOTE: This update was only ever released in SLES and Leap.] - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. bsc#1180401 ++++ haproxy: - Update to version 2.3.5+git0.5902ad99b: * [RELEASE] Released version 2.3.5 * MINOR: config: Deprecate and ignore tune.chksize global option * BUG/MINOR: sock: Unclosed fd in case of connection allocation failure * BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED * BUG/MEDIUM: mux-h2: handle remaining read0 cases * BUILD: Makefile: move REGTESTST_TYPE default setting * MINOR: cli/show_fd: report local and report ports when known * BUILD: ssl: fix build breakage with last commit * BUG/MINOR: ssl: do not try to use early data if not configured * BUG/MINOR: xxhash: make sure armv6 uses memcpy() * BUG/MINOR: mux_h2: fix incorrect stat titles * BUG/MEDIUM: ssl: check a connection's status before computing a handshake * BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store * BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list * DOC: management: fix "show resolvers" alphabetical ordering * MINOR: h1: Raise the chunk size limit up to (2^52 - 1) * MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls * MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls * MINOR: ssl/show_fd: report some FDs as suspicious when possible * MINOR: cli/show_fd: report some easily detectable suspicious states * MINOR: cli: give the show_fd helpers the ability to report a suspicious entry * MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known * MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known * MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known * MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them * MINOR: ssl: provide a "show fd" helper to report important SSL information * MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps. * MINOR: cli: make "show fd" also report the xprt and xprt_ctx * CLEANUP: cli: make "show fd" use a const connection to access other fields * CLEANUP: tools: make resolve_sym_name() take a const pointer * MINOR: contrib: Make the wireshark peers dissector compile for more distribs. * BUG/MINOR: backend: check available list allocation for reuse * BUG/MEDIUM: backend: never reuse a connection for tcp mode * REORG: backend: simplify conn_backend_get * BUG/MEDIUM: session: only retrieve ready idle conn from session * BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() * BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name * BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown * DOC: Improve documentation of the various hdr() fetches * BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX * BUG/MEDIUM: mux-h2: fix read0 handling on partial frames * BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context * BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() * BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper * BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. * MINOR: build: discard echoing in help target * BUG/MINOR: peers: Possible appctx pointer dereference. * BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition * BUILD: peers: fix build warning about unused variable * BUG/MINOR: dns: SRV records ignores duplicated AR records (v2) * MINOR: peers: Add traces for peer control messages. * BUG/MINOR: threads: Fixes the number of possible cpus report for Mac. * MINOR: server: Forbid server definitions in frontend sections * MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities * BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable ++++ kernel-default: - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - commit 45b7fef - net: qca_spi: fix receive buffer size check (git-fixes). - commit 5cd7e42 - net: stmmac: fix disabling flexible PPS output (git-fixes). - commit 20dce33 - net: stmmac: fix length of PTP clock's name string (git-fixes). - commit 9f89a73 - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes). - commit e91964f - net: phy: extract pause mode (git-fixes). - commit c81698a - net: phy: extract link partner advertisement reading (git-fixes). - commit 18dc97f - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes). - commit d5eb04d - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes). - commit 26dfc56 - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - commit 0385a3f - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - commit f75aac5 - blacklist.conf: update blacklist - commit ca67b2c ++++ libxcrypt: - add compatibility provides for Step 15 as well (bsc#1181571) ------------------------------------------------------------------ ------------------ 2021-2-5 - Feb 5 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Enable syscallfilter unconditionally [boo#1181826]. ++++ crypto-policies: - Do not build the manpages to avoid build cycles - Add crypto-policies-no-build-manpages.patch ++++ glib2: - Update to version 2.66.6: + Fix various instances within GLib where `g_memdup()` was vulnerable to a silent integer truncation and heap overflow problem (glgo#GNOME/GLib#2319). ++++ kernel-default: - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989). - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989). - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989). - commit 6e81128 - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989). - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989). - commit 67d84dd - gpiolib: fix gpio_do_set_config() (bsc#1180682). - Refresh patches.suse/gpiolib-Extract-gpio_set_config_with_argument-for-fu.patch. - Refresh patches.suse/gpiolib-Introduce-gpio_set_debounce_timeout-for-inte.patch. - Refresh patches.suse/gpiolib-use-proper-API-to-pack-pin-configuration-par.patch. - commit 11e6d6f - gpiolib: acpi: Fix fall-through warnings for Clang (bsc#1180682). - gpiolib: split error path in gpiod_request_commit() (bsc#1180682). - gpiolib: Unify expectations about ->request() returned value (bsc#1180682). - gpiolib: Extract gpiod_not_found() helper (bsc#1180682). - gpio: just plain warning when nonexisting gpio requested (bsc#1180682). - gpiolib: acpi: Use BIT() macro to increase readability (bsc#1180682). - gpiolib: acpi: Convert pin_index to be u16 (bsc#1180682). - gpiolib: acpi: Extract acpi_request_own_gpiod() helper (bsc#1180682). - gpiolib: acpi: Make acpi_gpio_to_gpiod_flags() usable for GpioInt() (bsc#1180682). - gpiolib: acpi: Set initial value for output pin based on bias and polarity (bsc#1180682). - gpiolib: acpi: Move acpi_gpio_to_gpiod_flags() upper in the code (bsc#1180682). - gpiolib: acpi: Move non-critical code outside of critical section (bsc#1180682). - gpiolib: acpi: Take into account debounce settings (bsc#1180682). - gpiolib: acpi: Use named item for enum gpiod_flags variable (bsc#1180682). - gpiolib: acpi: Respect bias settings for GpioInt() resource (bsc#1180682). - gpiolib: Introduce gpio_set_debounce_timeout() for internal use (bsc#1180682). - gpiolib: Extract gpio_set_config_with_argument_optional() helper (bsc#1180682). - gpiolib: Extract gpio_set_config_with_argument() for future use (bsc#1180682). - gpiolib: use proper API to pack pin configuration parameters (bsc#1180682). - gpiolib: add missed break statement (bsc#1180682). - gpiolib: have a single place of calling set_config() (bsc#1180682). - gpiolib: use 'unsigned int' instead of 'unsigned' in gpio_set_config() (bsc#1180682). - commit da451fd - bus: fsl-mc: add autorescan sysfs (jsc#SLE-12251). - bus: fsl-mc: add bus rescan attribute (jsc#SLE-12251). - bus: fsl-mc: add fsl-mc userspace support (jsc#SLE-12251). - bus: fsl-mc: export mc_cmd_hdr_read_cmdid() to the fsl-mc bus (jsc#SLE-12251). - bus: fsl-mc: move fsl_mc_command struct in a uapi header (jsc#SLE-12251). - bus: fsl-mc: return -EPROBE_DEFER when a device is not yet discovered (jsc#SLE-12251). - bus: fsl-mc: add missing __iomem attribute (jsc#SLE-12251). - commit 21968ee - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes). - cxgb4: fix all-mask IP address comparison (git-fixes). - cxgb4: fix set but unused variable when DCB is disabled (git-fixes). - commit 8f53029 - Refresh patches.suse/coresight-etm4x-Skip-setting-LPOVERRIDE-bit-for-qcom.patch. - commit 6434185 - Refresh patches.suse/spi-fsl-dspi-fix-wrong-pointer-in-suspend-resume.patch. - commit 78ee3ab - bpf: Fix a verifier failure with xor (bsc#1177028). - selftests/bpf: Enable tc verbose mode for test_sk_assign (bsc#1177028). - commit 0e68af0 - bpf, cgroup: Fix problematic bounds check (bsc#1155518). - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518). - commit 3ab5222 - net, sctp, filter: remap copy_from_user failure error (bsc#1181637). - commit 32551e1 ++++ fuse3: - Update to release 3.10.2 * Allow "nonempty" as a mount option, for backwards compatibility with fusermount 2. The option has no effect since mounting over non-empty directories is allowed by default. * FUSE filesystems can now be mounted underneath EXFAT mountpoints. ++++ gcc11: - New package, inherits from gcc10 * gcc-add-defaultsspec.diff, add the ability to provide a specs file that is read by default * tls-no-direct.diff, avoid direct %fs references on x86 to not slow down Xen * gcc43-no-unwind-tables.diff, do not produce unwind tables for CRT files * gcc41-ppc32-retaddr.patch, fix expansion of __builtin_return_addr for ppc, just a testcase * gcc44-textdomain.patch, make translation files version specific and adjust textdomain to find them * gcc44-rename-info-files.patch, fix cross-references in info files when renaming them to be version specific * gcc48-libstdc++-api-reference.patch, fix link in the installed libstdc++ html documentation * gcc48-remove-mpfr-2.4.0-requirement.patch, make GCC work with earlier mpfr versions on old products * gcc5-no-return-gcc43-workaround.patch, make build work with host gcc 4.3 * gcc7-remove-Wexpansion-to-defined-from-Wextra.patch, removes new warning from -Wextra * gcc7-avoid-fixinc-error.diff * gcc9-reproducible-builds-buildid-for-checksum.patch * gcc9-reproducible-builds.patch * gcc10-amdgcn-llvm-as.patch * gcc10-foffload-default.patch - libgccjit subpackage is added. - HWASAN is built for aarch64 target. ++++ systemd: - systemd-sysv-convert: handle the case when services are migrated from SysV scripts to systemd units and are renamed at the same time (bsc#1181788) The list of such services is hard coded and contains only the 'ntp->ntpd' translation. ++++ qemu: - Include upstream patches designated as stable material and reviewed for applicability to include here block-Separate-blk_is_writable-and-blk_s.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch net-Fix-handling-of-id-in-netdev_add-and.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch tcg-Use-memset-for-large-vector-byte-rep.patch ui-vnc-Add-missing-lock-for-send_color_m.patch virtio-move-use-disabled-flag-property-t.patch ++++ supermin: - add patch supermin-kernel_version_compressed.patch find kernel module path even for compressed kernels like on aarch64 and s390x (bsc#1182112, bsc#1138258) ------------------------------------------------------------------ ------------------ 2021-2-4 - Feb 4 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Rebuild from git leveraging local-npm-registry (needs cockpit-redhatfont.diff) ++++ curl: - Update to 7.75.0 * Changes: - curl: add --create-file-mode [mode] - curl: add new variables to --write-out - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries - gopher: implement secure gopher protocol - http: add Hyper as new optional HTTP backend - http: introduce AWS HTTP v4 Signature support * Bugfixes: - cmake: Add an option to disable libidn2 - cmake: enable gophers correctly in curl-config - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG - digest_sspi: Show InitializeSecurityContext errors in verbose mode - getinfo: build with disabled HTTP support - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy - http_proxy: Fix CONNECT chunked encoding race condition - httpauth: make multi-request auth work with custom port - lib: pass in 'struct Curl_easy *' to most functions - lib: remove Curl_ prefix from many static functions - lib: save a bit of space with some structure packing - libssh: avoid plain free() of libssh-memory - mime: make sure setting MIMEPOST to NULL resets properly - multi_runsingle: bail out early on data->conn == NULL - ngtcp2: Fix http3 upload stall - ngtcp2: Fix stack buffer overflow - openssl: lowercase the hostname before using it for SNI - socks: use the download buffer instead - speedcheck: exclude paused transfers - tooĺ_writeout: fix the -w time output units - url: if IDNA conversion fails, fallback to Transitional - Refresh libcurl-ocloexec.patch ++++ kernel-default: - i40e: Revert "i40e: don't report link up for a VF who hasn't enabled queues" (jsc#SLE-8025). - igc: Fix returning wrong statistics (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: core: Fix memory leak on module removal (git-fixes). - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5: Fix request_irqs error flow (git-fixes). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - iavf: Fix updating statistics (git-fixes). - iavf: fix error return code in iavf_init_get_resources() (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - vxlan: fix memleak of fdb (git-fixes). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes). - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes). - net: hns3: fix a TX timeout issue (git-fixes). - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes). - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes). - net: hns3: fix use-after-free when doing self test (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - cxgb4vf: update kernel-doc line comments (git-fixes). - cxgb4: update kernel-doc line comments (git-fixes). - cxgb4: move DCB version extern to header file (git-fixes). - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes). - cxgb4: fix SGE queue dump destination buffer context (git-fixes). - cxgb4: use correct type for all-mask IP address comparison (git-fixes). - cxgb4: fix endian conversions for L4 ports in filters (git-fixes). - cxgb4: parse TC-U32 key values and masks natively (git-fixes). - cxgb4: use unaligned conversion for fetching timestamp (git-fixes). - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes). - cxgb4: move handling L2T ARP failures to caller (git-fixes). - net: qed: fix "maybe uninitialized" warning (git-fixes). - net: qede: fix use-after-free on recovery and AER handling (git-fixes). - net: qede: fix PTP initialization on recovery (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix async event callbacks unregistering (git-fixes). - iavf: fix speed reporting over virtchnl (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (git-fixes). - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes). - net/mlx5: Annotate mutex destroy for root ns (git-fixes). - net/mlx5: Don't maintain a case of del_sw_func being null (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes). - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes). - net/mlx5e: Don't trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes). - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: hns3: fix set and get link ksettings issue (git-fixes). - net: hns3: fix RSS config lost after VF reset (git-fixes). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes). - net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes). - net: hns3: clear port base VLAN when unload PF (git-fixes). - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes). - net: hns3: fix "tc qdisc del" failed issue (git-fixes). - cxgb4: fix checks for max queues to allocate (git-fixes). - commit a805d8f - Update config files. Switch on DWC3 on x86_64 (jsc#SLE-14042) - commit 1a0a5a5 - Another fix of the missing merge commit hunk in idxd dma driver (bsc#1181795) - commit 4b7e5ed - Fix the missing change via the upstream merge commit for idxd dma driver (bsc#1181795) - commit e5ace2b - dmaengine: idxd: add missing invalid flags field to completion (bsc#1181795). - dmaengine: idxd: fix hw descriptor fields for delta record (bsc#1181795). - commit fb2caf6 - blacklist.conf: Blacklist two 32-bit only fixes 50fe7ebb6475 bpf, x86_32: Fix clobbering of dst for BPF_JSET 5ca1ca01fae1 bpf, x86_32: Fix logic error in BPF_LDX zero-extension - commit 55cadfc - nvme-multipath: Early exit if no path is available (bsc#1180964). - commit 1c96465 - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). - commit bf72ec9 - ahci: Add Intel Emmitsburg PCH RAID PCI IDs (jsc#SLE-14457). - commit a78ee51 - iwlwifi: pcie: remove obsolete pre-release support code (git-fixes). - iwlwifi: pcie: add some missing entries for AX210 (git-fixes). - iwlwifi: support an additional Qu subsystem id (git-fixes). - iwlwifi: add new card for MA family (git-fixes). - iwlwifi: iwl-trans: move all txcmd init to trans alloc (git-fixes). - commit 133d60e - iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit (git-fixes). - iwlwifi: pcie: add rules to match Qu with Hr2 (git-fixes). - iwlwifi: Add a new card for MA family (git-fixes). - iwlwifi: follow the new inclusive terminology (git-fixes). - iwlwifi: pcie: fix xtal latency for 9560 devices (git-fixes). - iwlwifi: pcie: fix 0x271B and 0x271C trans cfg struct (git-fixes). - iwlwifi: add new cards for MA family (git-fixes). - iwlwifi: add new cards for AX201 family (git-fixes). - commit 050b58f - gpio: gpiolib: remove shadowed variable (git-fixes). - drm/i915/gt: Always try to reserve GGTT address 0x0 (git-fixes). - iwlwifi: pcie: set LTR on more devices (git-fixes). - commit d7ad942 - mac80211: pause TX while changing interface type (git-fixes). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes). - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes). - commit 023b5c2 - perf: Make struct ring_buffer less ambiguous (bsc#1177028). Refresh patches.suse/0001-perf-core-Fix-race-in-the-perf_mmap_close-function.patch. - commit 5dfb979 - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - Refresh patches.suse/powerpc-book3s64-pkeys-Fix-pkey_access_permitted-for.patch. - commit 7508356 ++++ kmod: - Fix tests to not test disabled features. Disable zstd again. * kmod-populate-modules-Use-more-bash-more-quotes.patch * kmod-testsuite-compress-modules-if-feature-is-enabled.patch * kmod-also-test-xz-compression.patch ++++ util-linux: - Merge package with SLE15 SP3 and openSUSE Leap 15.3: Obsoletes upstreamed patches: - libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671, util-linux-libblkid-cdrom-autoclose-1.patch, util-linux-libblkid-cdrom-autoclose-2.patch, util-linux-libblkid-cdrom-autoclose-3.patch). - lscpu: avoid segfault on PowerPC systems with valid hardware configurations (v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825, lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) - Fix for SG#57988, bsc#1174942 (v2.36): libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts to CIFS with mount –a. - blockdev: Do not fail --report on kpartx-style partitions on multipath (v2.36, bsc#1168235, util-linux-blockdev-report-dm.patch). - nologin: Add support for -c to prevent error from su -c (v2.35, bsc#1151708, util-linux-nologin-su-c.patch). - Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: Avoid triggering autofs in lookup_umount_fs_by_statfs (v2.36 boo#1168389) - mount: fall back to device node name if /dev/mapper link not found (v2.34, bsc#1149911) * Add patch: util-linux-canonicalize-coverity-scan.patch - De-duplicate fstrim -A properly (v2.34, bsc#1127701, util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, util-linux-fstrim-A-4.patch). - Do not trim read-only volumes (v2.34, boo#1106214, util-linux-fstrim-A-2.patch, util-linux-fstrim-A-4.patch). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (v2.34, bsc#1122417, util-linux-libmount-pseudofs.patch). - agetty: Return previous response of agetty for special characters (v2.34, bsc#1085196, bsc#1125886, util-linux-agetty-smart-reload-13.patch, util-linux-agetty-smart-reload-14.patch). - Fix problems in reading of login.defs values (v2.34, bsc#1121197, util-linux-login_defs-priority1.patch, util-linux-login_defs-priority2.patch, util-linux-login_defs-SYS_UID.patch). - Build with libudev support to support non-root users (boo#1169006). - Move findmnt and lsblk to util-linux-systemd, as they use libudev (bsc#1169006#c10). ++++ patterns-microos: - include SUSEConnect in the default pattern (bsc#1181714) ++++ qemu: - binutils v2.36 has changed the handling of the assembler's - mx86-used-note, resulting in a build failure. To compensate, we now explicitly specify -mx86-used-note=no in the seabios Makefile (boo#1181775) build-be-explicit-about-mx86-used-note-n.patch ++++ supportutils: - No longer truncates boot log (bsc#1181610) ++++ util-linux-systemd: - Merge package with SLE15 SP3 and openSUSE Leap 15.3: Obsoletes upstreamed patches: - libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671, util-linux-libblkid-cdrom-autoclose-1.patch, util-linux-libblkid-cdrom-autoclose-2.patch, util-linux-libblkid-cdrom-autoclose-3.patch). - lscpu: avoid segfault on PowerPC systems with valid hardware configurations (v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825, lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) - Fix for SG#57988, bsc#1174942 (v2.36): libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts to CIFS with mount –a. - blockdev: Do not fail --report on kpartx-style partitions on multipath (v2.36, bsc#1168235, util-linux-blockdev-report-dm.patch). - nologin: Add support for -c to prevent error from su -c (v2.35, bsc#1151708, util-linux-nologin-su-c.patch). - Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: Avoid triggering autofs in lookup_umount_fs_by_statfs (v2.36 boo#1168389) - mount: fall back to device node name if /dev/mapper link not found (v2.34, bsc#1149911) * Add patch: util-linux-canonicalize-coverity-scan.patch - De-duplicate fstrim -A properly (v2.34, bsc#1127701, util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, util-linux-fstrim-A-4.patch). - Do not trim read-only volumes (v2.34, boo#1106214, util-linux-fstrim-A-2.patch, util-linux-fstrim-A-4.patch). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (v2.34, bsc#1122417, util-linux-libmount-pseudofs.patch). - agetty: Return previous response of agetty for special characters (v2.34, bsc#1085196, bsc#1125886, util-linux-agetty-smart-reload-13.patch, util-linux-agetty-smart-reload-14.patch). - Fix problems in reading of login.defs values (v2.34, bsc#1121197, util-linux-login_defs-priority1.patch, util-linux-login_defs-priority2.patch, util-linux-login_defs-SYS_UID.patch). - Build with libudev support to support non-root users (boo#1169006). - Move findmnt and lsblk to util-linux-systemd, as they use libudev (bsc#1169006#c10). ++++ wpa_supplicant: - Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777) ++++ yast2: - Added supported migration "openSUSE Leap 15.3" -> SLES (in 15.3 the product has been renamed from "openSUSE" to "Leap") (bsc#1181773) - 4.3.52 ------------------------------------------------------------------ ------------------ 2021-2-3 - Feb 3 2021 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.66.5: + Fix some issues with handling over-long (invalid) input when parsing for `GDate`. + Don’t load GIO modules or parse other GIO environment variables when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap process). GIO has always been documented as not being safe to use in privileged processes, but people persist in using it unsafely, so these changes should harden things against potential attacks at least a little. Unfortunately they break a couple of projects which were relying on reading `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for setgid/setcap (but not setuid) processes. This loophole will be closed in GLib 2.70 (see issue #2316), which should give modules 6 months to change their behaviour. + Fix `g_spawn()` searching `PATH` when it wasn’t meant to. + Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820, glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831, glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864, glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913, glgo#GNOME/GLib!1922. - Rebase/refresh patches: + glib2-dbus-socket-path.patch + glib2-fate300461-gettext-gkeyfile-suse.patch + glib2-gdbus-codegen-version.patch + glib2-suppress-schema-deprecated-path-warning.patch + glib2-bgo569829-gettext-gkeyfile.patch ++++ kernel-default: - rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796) The product string was changed from openSUSE to Leap. - commit 3cb7943 - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080). - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080). - commit 8cb9fab - net/mlx5: Fix function calculation for page trees (git-fixes). - commit 22c3016 - net: fec: put child node on error path (git-fixes). - commit cbac658 - ARM: imx: fix imx8m dependencies (git-fixes). - soc: imx: select ARM_GIC_V3 for i.MX8M (git-fixes). - commit adb9b1b - Add no-fix tag to drm cherry-picks Add a no-fix tag to drm patches that are cherry-picks and are not already blacklisted. - Refresh patches.suse/0001-drm-i915-Preload-LUTs-if-the-hw-isn-t-currently-usin.patch. - Refresh patches.suse/0001-drm-i915-Update-drm-i915-bug-filing-URL.patch. - Refresh patches.suse/0001-drm-i915-execlists-Always-force-a-context-reload-whe.patch. - Refresh patches.suse/0001-drm-i915-icl-Fix-hotplug-interrupt-disabling-after-s.patch. - Refresh patches.suse/0003-drm-i915-Correctly-set-SFC-capability-for-video-engi.patch. - Refresh patches.suse/0029-drm-i915-gem-Avoid-implicit-vmap-for-highmem-on-x86-.patch. - Refresh patches.suse/drm-i915-Perform-GGTT-restore-much-earlier-during-re.patch. - Refresh patches.suse/drm-i915-Whitelist-COMMON_SLICE_CHICKEN2.patch. - Refresh patches.suse/drm-i915-pmu-Frequency-is-reported-as-accumulated-cy.patch. - Refresh patches.suse/drm-i915-to-make-vgpu-ppgtt-notificaiton-as-atomic-o.patch. - Refresh patches.suse/drm-i915-update-rawclk-also-on-resume.patch. - Refresh patches.suse/drm-i915-userptr-Never-allow-userptr-into-the-mappab.patch. - commit 46ba73b - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995). - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995). - commit 49749c4 - r8169: work around RTL8125 UDP hw bug (git-fixes). - commit db42a5b - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes). - commit ab82b36 - Update kabi files. - update from February 2021 maintenance update submission (commit 1e925eb08318) - commit 97b2a1f - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - commit 09376cb ++++ systemd: - Import commit 134cf1c8bc3e361a2641161aa11ac2b5b990480b (merge of v246.10) 25f220eafb sysusers: flush nscd's caches whenever /etc/{passwd,group} are modified (bsc#1181121) 4a543f0257 journal: send journald logs to kmsg again 26df96473f busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/520e53b6d85087b05892ee637ae93f1b269e7e52...134cf1c8bc3e361a2641161aa11ac2b5b990480b ++++ logrotate: - Update to 3.18.0: * Allow UIDs and GIDs to be specified numerically * Add support for Zstandard compressed files * Make delaycompress not to fail with rotate 0 ++++ runc: - Update to runc v1.0.0~rc93. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc93 bsc#1182451 bsc#1184962 * Cgroupv2 support is no longer considered experimental. * Mountinfo parsing code has been reworked significantly. * Special ENOSYS handling for seccomp profiles to avoid making new syscalls unusable for glibc. * Various rootless containers improvements. * The "selinux" and "apparmor" buildtags have been removed, and now all runc builds will have SELinux and AppArmor support enabled. ++++ toolbox: - Update to version 2.1+git20210203.a669e3a: * Fix formatting * Enhance alternate UI docu * Ignore podman runlabel error if no RUN label exist * Enhance documentation * Check existence of volume directories (#15) ------------------------------------------------------------------ ------------------ 2021-2-2 - Feb 2 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - define %_pamdir for <= 15.x to fix the build on those releases ++++ containerd: - Update to handle the docker-runc removal, and drop the -kubic flavour. bsc#1181677 bsc#1181749 ++++ crypto-policies: - Convert to use a proper git source _service: + To update, one just needs to update the commit/revision in the _service file and run `osc service dr`. + The version of the package is defined by the commit date of the revision, followed by the abbreviated git hash (The same revision used before results thus in a downgrade to 20210118, but as this is a alltime new package, this is acceptable. - Update to git version 20210127 * Bump Python requirement to 3.6 * Output sigalgs required by nss >=3.59 * Do not require bind during build * Break build cycles with openssl and gnutls ++++ docker: - Update to Docker 20.10.3-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Rebase patches on top of 20.10.3-ce. - 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch - 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch + 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch - 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch + 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch - 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Drop docker-runc, docker-test and docker-libnetwork packages. We now just use the upstream runc package (it's stable enough and Docker no longer pins git versions). docker-libnetwork is so unstable that it doesn't have any versioning scheme and so it really doesn't make sense to maintain the project as a separate package. bsc#1181641 bsc#1181677 - Remove no-longer-needed patch for packaging now that we've dropped docker-runc and docker-libnetwork. - 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch ++++ dracut: - Update to version 051+suse.85.g04886430: * prepare usrmerge (boo#1029961) ++++ transactional-update: - Version 3.1.0 - t-u: Support installing RPMs from the user's directory again - Adapt selfupdate to new packaging - Implement signal handling - Remove empty text files ++++ hwdata: - Update to version 0.344: + Updated pci, usb and vendor ids. ++++ iputils: - Update to version 20210202 https://github.com/iputils/iputils/releases/tag/20210202 - Version scheme change: dropped leading 's', update that change ++++ kernel-default: - exfat: Avoid allocating upcase table using kcalloc() (git-fixes). - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). - commit eb2e605 - s390/dasd: Fix inconsistent kobject removal (jsc#SLE-13767 bsc#1178420 LTC#185092). - commit e13d81a - io_uring: Fix current->fs handling in io_sq_wq_submit_work() (bsc#1179434 CVE-2020-29373). - commit 3f561ee - blacklist.conf: no change to /sys/firmware/uv/query/max_cpus - commit 737a803 - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes). - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes). - commit d91ae22 - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - Refresh patches.suse/powerpc-pseries-hibernation-remove-redundant-cachein.patch - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - Refresh patches.suse/powerpc-pseries-mobility-notify-network-peers-after-.patch - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: don't error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - Refresh patches.suse/powerpc-pseries-update-device-tree-before-ejecting-h.patch - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory "re-add" implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - commit 88bd021 - Refresh patches.suse/edac-amd64-set-grain-per-dimm.patch. Readd the second hunk which wasn't needed during the original git-fixes backport. - commit 9c3639f - Update patches.suse/bpf-Fix-modifier-skipping-logic.patch (bsc#1177028). Restore the patch to match the upstream commit - commit a490625 ++++ libapparmor: - define %_pamdir for <= 15.x to fix the build on those releases ++++ libgcrypt: - Update to 1.9.1 * *Fix exploitable bug* in hash functions introduced with 1.9.0. [bsc#1181632, CVE-2021-3345] * Return an error if a negative MPI is used with sexp scan functions. * Check for operational FIPS in the random and KDF functions. * Fix compile error on ARMv7 with NEON disabled. * Fix self-test in KDF module. * Improve assembler checks for better LTO support. * Fix 32-bit cross build on x86. * Fix non-NEON ARM assembly implementation for SHA512. * Fix build problems with the cipher_bulk_ops_t typedef. * Fix Ed25519 private key handling for preceding ZEROs. * Fix overflow in modular inverse implementation. * Fix register access for AVX/AVX2 implementations of Blake2. * Add optimized cipher and hash functions for s390x/zSeries. * Use hardware bit counting functionx when available. * Update DSA functions to match FIPS 186-3. * New self-tests for CMACs and KDFs. * Add bulk cipher functions for OFB and GCM modes. - Update libgpg-error required version ++++ runc: - Update to handle the docker-runc removal. bsc#1181677 - Modernise go building for runc now that it has go.mod. ------------------------------------------------------------------ ------------------ 2021-2-1 - Feb 1 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Do not explicitly provide group(audit) in system-users-audit: this is automatically handled by rpm/providers. ++++ lvm2-device-mapper: - revert commit which caused a regression: lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - change lvm.conf item external_device_info_source from none to udev ++++ transactional-update: - Add libselinux build time dependency - Remove RPM version check - Fix libstdc++ filesystem ABI incompatibility by using newer gcc version on old distributions. [boo#1181582] ++++ filesystem: - add /etc/skel/.cache with perm 0700 (bsc#1181011) ++++ kernel-default: - mlxsw: spectrum_span: Do not overwrite policer configuration (bsc#1176774). - net/mlx5: CT: Fix incorrect removal of tuple_nat_node from nat rhashtable (jsc#SLE-15172). - net/mlx5e: Revert parameters on errors when changing trust state without reset (jsc#SLE-15172). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (jsc#SLE-15172). - net/mlx5e: Fix CT rule + encap slow path offload and deletion (jsc#SLE-15172). - net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled (jsc#SLE-15172). - net/mlx5: Maintain separate page trees for ECPF and PF functions (jsc#SLE-15172). - net/mlx5e: Fix IPSEC stats (jsc#SLE-15172). - net/mlx5e: free page before return (jsc#SLE-15172). - ice: Fix MSI-X vector fallback logic (bsc#1180945). - ice: Don't allow more channels than LAN MSI-X available (bsc#1180945). - ice: update dev_addr in ice_set_mac_address even if HW filter exists (jsc#SLE-12878). - ice: Implement flow for IPv6 next header (extension header) (jsc#SLE-12878). - ice: fix FDir IPv6 flexbyte (jsc#SLE-12878). - uapi: fix big endian definition of ipv6_rpl_sr_hdr (bsc#1176447). - commit a3c4fad - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025). - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926). - ice: Don't allow more channels than LAN MSI-X available (jsc#SLE-7926). - Revert "RDMA/mlx5: Fix devlink deadlock on net namespace deletion" (jsc#SLE-8464). - commit 76b9a3a - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - commit f3ce867 - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191). - commit 0e40024 - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191). - commit 077256e - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191). - commit 0deae09 - blacklist.conf: no need to fix code for CONFIG_KEXEC_JUMP - commit 3abe54d - blacklist.conf: e45122893a98 x86/fpu: Add kernel_fpu_begin_mask() to selectively initialize state - commit f36235a - Refresh patches.suse/bpf-Introduce-bpf_sk_-ancestor_-cgroup_id-helpers.patch. The diff for cg_skb_func_proto was wrongly applied to tc_cls_act_func_proto. - commit 6cbb315 - nbd: freeze the queue while we're adding connections (CVE-2021-3348 bsc#1181504). - commit 78453ee - efi/apple-properties: Reinstate support for boolean properties (git-fixes). - commit c20e373 - leds: trigger: fix potential deadlock with libata (git-fixes). - commit d410ad0 - Update patch References tags for futex fixes (bsc#1181349 CVE-2021-3347) - commit b3fac23 ++++ Mesa: - update to 20.3.4 * fourth bugfix release for the 20.3 branch ++++ libgcrypt: - Use the suffix variable correctly in get_hmac_path() - Rebase libgcrypt-fips_selftest_trigger_file.patch ++++ lvm2: - revert commit which caused a regression: lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - change lvm.conf item external_device_info_source from none to udev ++++ python-pyOpenSSL: - update to 20.0.1: - Fixed compatibility with OpenSSL 1.1.0. ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#448 - Switch to vim-small (boo#1181633) - 16.36 ++++ yast2-trans: - Update to version 84.87.20210130.332fb904b7: * New POT for text domain 'rear'. * New POT for text domain 'network'. * New POT for text domain 'autoinst'. * New POT for text domain 'pkg-bindings'. * New POT for text domain 'bootloader'. * New POT for text domain 'network'. * New POT for text domain 'network'. ------------------------------------------------------------------ ------------------ 2021-1-31 - Jan 31 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Build python bindings subpackages for all flavors * use the python-rpm-macros singlespec system: The macro %python_subpackages together with %python_subpackage_only creates the pythonXY-avahi bindings package for all python flavors on Tumbleweed (currently python36, python38) * Put the avahi-bookmarks command under updates-alternatives control to avoid package conflicts between flavors * outside of build_core, the build continues to use but not install everything in the primary python3 flavor. * For distros without multiple python3 flavors and/or older python-rpm-macros, the status quo is unchanged. ++++ kernel-default: - HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes). - HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes). - HID: wacom: Constify attribute_groups (git-fixes). - HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes). - commit c0ccdd7 ------------------------------------------------------------------ ------------------ 2021-1-30 - Jan 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/i915: Always flush the active worker before returning from the wait (git-fixes). - drm/i915/selftest: Fix potential memory leak (git-fixes). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (git-fixes). - drm/vc4: Correct POS1_SCL for hvs5 (git-fixes). - drm/vc4: Correct lbm size and calculation (git-fixes). - drm/nouveau/kms/gk104-gp1xx: Fix > 64x64 cursors (git-fixes). - drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes (git-fixes). - drm/nouveau/dispnv50: Restore pushing of all data (git-fixes). - commit ab75656 - ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes). - PM: hibernate: flush swap writer after marking (git-fixes). - ACPI: sysfs: Prefer "compatible" modalias (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes). - commit 274cf96 - iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494). - commit 2958b80 ------------------------------------------------------------------ ------------------ 2021-1-29 - Jan 29 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce. bsc#1181594 - Install the containerd-shim* binaries and stop creating docker-containerd-shim because that isn't used by Docker anymore. bsc#1183024 ++++ docker: - Update to Docker 20.10.2-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594 - Remove upstreamed patches: - bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch - Add patches to fix build: + cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch - Since upstream has changed their source repo (again) we have to rebase all of our patches. While doing this, I've collapsed all patches into one branch per-release and thus all the patches are now just one series: - packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch + 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch - secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch - secrets-0002-SUSE-implement-SUSE-container-secrets.patch + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch - private-registry-0001-Add-private-registry-mirror-support.patch + 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch - bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Re-apply secrets fix for bsc#1065609 which appears to have been lost after it was fixed. * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch * secrets-0002-SUSE-implement-SUSE-container-secrets.patch ++++ filesystem: - Set correct permissions when creating /proc and /sys - Ignore postfix user (pulled in from buildsystem) ++++ kernel-default: - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - commit a9e7337 - mm: memcontrol: fix missing wakeup polling thread (bsc#1181584). - commit c0272b7 - blacklist.conf: Add 4230e2deaa48 stop_machine, rcu: Mark functions as notrace - commit 9596511 - blacklist.conf: Add 15ec0fcff6da kernel/sys.c: replace do_brk with do_brk_flags in comment of prctl_set_mm_map() - commit 7773384 - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - commit 1d6137d - module: delay kobject uevent until after module init call (bsc#1178631). - Refresh patches.suse/supported-flag - commit 2796828 - Refresh patches.suse/powerpc-sstep-Fix-array-out-of-bound-warning.patch. Update to v2 - commit 6a4b1c5 - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110). - commit 78a5def - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110). - commit 6544fbc - Batch patch rename with scripts/renamepatches. Rename a bunch of patches (mostly drm-related) to match their SLE15-SP2 equivalents. This will make solving SLE15-SP2 -> SLE15-SP3 conflicts a bit easier. This is especially important to make sure drm fixes going into SLE15-SP2 conflict with patches already in SLE15-SP3. - commit 3c1500c - mac80211: pause TX while changing interface type (git-fixes). - commit c5c081d - HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes). - Refresh patches.suse/HID-quirks-Always-poll-three-more-Lenovo-PixArt-mice.patch. - commit bed41ce - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - mt7601u: fix kernel crash unplugging the device (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFC: fix possible resource leak (git-fixes). - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes). - media: rc: ensure that uevent can be read directly after rc device register (git-fixes). - HID: multitouch: do not filter mice nodes (git-fixes). - commit f7694e1 - selftests/bpf: Fix "dubious pointer arithmetic" test (bsc#1177028). - commit eb710d9 - series.conf: cleanup - update upstream references and move into sorted section: patches.suse/0001-futex-Ensure-the-correct-return-value-from-futex_loc.patch patches.suse/0002-futex-Replace-pointless-printk-in-fixup_owner.patch patches.suse/0003-futex-Provide-and-use-pi_state_update_owner.patch patches.suse/0004-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch patches.suse/0005-futex-Use-pi_state_update_owner-in-put_pi_state.patch patches.suse/0006-futex-Simplify-fixup_pi_state_owner.patch patches.suse/0007-futex-Handle-faults-correctly-for-PI-futexes.patch - commit 16c5d87 - Refresh patches.suse/bpf-Fix-map-permissions-check.patch. The diff was applied to map_delete_elem() mistakenly even though the patch indicates the target: map_lookup_and_delete_elem(). The patch is applied correctly in SLE15-SP2, so this change is only for SLE15-SP3. - commit 223cc56 ++++ kmod: - Supplement bash-completion subpackage against the main package and bash-completion. - Also require the main package plus bash-completion: the completion package is useless without either of the two. ++++ util-linux: - Do not require libeconf-devel on products without /usr/etc. ++++ gmp: - adjusted to be the same license as in factory (bsc#1180603) ++++ python3-core: - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. ++++ libvirt: - Revert "Add libvirtd dependency to virt-guest-shutdown.target" 32c5e432-revert-f035f53b.patch bsc#1177902 - spec: Enable the libvirt firewalld zone in SLE >= 15 SP3 jsc#SLE-17336 ++++ patterns-microos: - include the cockpit-podman plug-in ++++ python3: - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. ++++ python-psutil: - Do not install tests (and change the way they're run since they were run from %{buildroot}) ++++ qemu: - Additional tweaks to ensure libvirt runs ok when qemu-hw-display-virtio-gpu package is not installed - Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga@.service" error while updating the qemu-guest-agent. (bsc#1178565) ++++ rpm: - Increase the maximum size of the signature header so that rpms containing file signatures can be queried [bsc#1181568] * new patch: sigheadersize.diff ++++ sysuser-tools: - Use systemd-sysusers only if /proc is mounted, don't require it ++++ util-linux-systemd: - Do not require libeconf-devel on products without /usr/etc. ------------------------------------------------------------------ ------------------ 2021-1-28 - Jan 28 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Create new "audit" group for read access to logs (bsc#1178154) * add change-default-log_group.patch * update audit-secondary.spec ++++ transactional-update: - Rework packaging based on Fedora packaging to separate all the components to remove the intrinsic requirement for Zypper ++++ e2fsprogs: - Fix usage of info macros on openSUSE, we use file triggers today - Use file requires for post section ++++ librsvg: - Update to version 2.50.3: + Compute correct bounds for objects with stroke-width=0. + Fix test suite on Rust 1.49. ++++ glibc: - gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) ++++ kernel-default: - ASoC: SOF: SND_INTEL_DSP_CONFIG dependency (git-fixes). - ASoC: SOF: Intel: soundwire: fix select/depend unmet dependencies (git-fixes). - ASoC: Intel: sof_sdw: set proper flags for Dell TGL-H SKU 0A5E (git-fixes). - ASoC: Intel: Skylake: Zero snd_ctl_elem_value (git-fixes). - ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete (git-fixes). - ASoC: mediatek: mt8183-da7219: ignore TDM DAI link by default (git-fixes). - ASoC: mediatek: mt8183-mt6358: ignore TDM DAI link by default (git-fixes). - ASoC: topology: Properly unregister DAI on removal (git-fixes). - ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values() (git-fixes). - ASoC: AMD Renoir - refine DMI entries for some Lenovo products (git-fixes). - ASoC: wm_adsp: Fix control name parsing for multi-fw (git-fixes). - ALSA: hda: intel-dsp-config: add PCI id for TGL-H (git-fixes). - commit 959baa2 - Move upstreamed sound patches into sorted section - commit 84af2ff - ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes). - ASoC: ak4458: correct reset polarity (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes). - commit e5943b7 - Refresh patches.suse/usb-roles-provide-the-switch-drivers-handle-to-the-switch-in-the-api.patch Fix the build on armv7hl config - commit c7f7007 - leds: Add managed API to get a LED from a device driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - leds: Add of_led_get() and led_put() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - thermal: db8500: Depromote debug print (jsc#SLE-16407). - net: netcp_ethss: Use the PHY time stamping interface (bsc#1176447). - thermal: db8500: Rewrite to be a pure OF sensor (jsc#SLE-16407). - thermal: db8500: Use dev helper variable (jsc#SLE-16407). - thermal: db8500: Finalize device tree conversion (jsc#SLE-16407). - commit be80774 - xfs: show the proper user quota options (bsc#1181538). - commit e34397a - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Remove unused empty compat_exit_robust_list() (bsc#1149032). - futex: Remove needless goto's (bsc#1149032). - commit 8a00d32 - clk: tegra: Add Tegra20/30 EMC clock implementation (jsc#SLE-15847). - Refresh patches.suse/clk-tegra-Export-functions-for-EMC-clock-scaling.patch. - Refresh patches.suse/clk-tegra-Implement-Tegra210-EMC-clock.patch. - Refresh patches.suse/clk-tegra-Rename-Tegra124-EMC-clock-source-file.patch. - commit f80473c - ARM: OMAP2+: omap_device: fix idling of devices during probe (bsc#1175713). - ARM: OMAP2+: Remove redundant assignment to variable ret (bsc#1175713). - OMAP2: fixup doc comments in omap_device (bsc#1175713). - ARM: OMAP2+: Add pdata for OMAP3 ISP IOMMU (bsc#1175713). - ARM: OMAP2+: Plug in device_enable/idle ops for IOMMUs (bsc#1175713). - iommu/omap: add pdata ops for omap_device_enable/idle (bsc#1175713). - commit 365ddca - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - refresh patches.suse/suse-hv-kabi.patch - commit 3bdfdcf - Delete patches.suse/1245-drm-remove-drm-specific-kmap_atomic-code.patch This broke the build on armv7hl. - commit 7f90f67 - ASoC: meson: aiu: add audio output dt-bindings (jsc#SLE-16518). - commit 39e8b6e - btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511). - commit 090f75a - fix patch metadata - fix Patch-mainline: patches.suse/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch - commit 2f3e2e1 - ACPI/IORT: Fix doc warnings in iort.c (jsc#SLE-16407). - ACPI, APEI, Fix error return value in apei_map_generic_address() (jsc#SLE-16407). - ACPI: DPTF: Support Alder Lake (jsc#SLE-16407). - ACPI: Fix whitespace inconsistencies (jsc#SLE-16407). - ACPI: scan: Fix acpi_dma_configure_id() kerneldoc name (jsc#SLE-16407). - ACPI: button: Drop no longer necessary Acer SW5-012 lid_init_state quirk (jsc#SLE-16407). - ACPI: utils: remove unreachable breaks (jsc#SLE-16407). - ACPI: DPTF: Add ACPI_DPTF Kconfig menu (jsc#SLE-16407). - Update config files. - Update supported.conf. - ACPI: DPTF: Fix participant driver names (jsc#SLE-16407). - ACPI: processor: remove comment regarding string _UID support (jsc#SLE-16407). - ACPI: reboot: Avoid racing after writing to ACPI RESET_REG (jsc#SLE-16407). - ACPICA: Add missing type casts in GPE register access code (jsc#SLE-16407). - PCI/ACPI: Add Ampere Altra SOC MCFG quirk (jsc#SLE-16407). - PCI/ACPI: Tone down missing MCFG message (jsc#SLE-16407). - ACPI / LPSS: Save Cherry Trail PWM ctx registers only once (at activation) (jsc#SLE-16407). - ACPI / LPSS: Resume Cherry Trail PWM controller in no-irq phase (jsc#SLE-16407). - ACPI: Export acpi_get_first_physical_node() to modules (jsc#SLE-16407). - PNP: ACPI: Fix missing-prototypes in acpi_pnp.c (jsc#SLE-16407). - ACPI: PCI: update kernel-doc line comments (jsc#SLE-16407). - ACPI: memhotplug: Remove 'state' from struct acpi_memory_device (jsc#SLE-16407). - ACPI: wakeup: Remove dead ACPICA debug code (jsc#SLE-16407). - ACPI: video: Remove leftover ACPICA debug code (jsc#SLE-16407). - ACPI: tiny-power-button: Remove dead ACPICA debug code (jsc#SLE-16407). - ACPI: processor: Remove dead ACPICA debug code (jsc#SLE-16407). - ACPI: proc: Remove dead ACPICA debug code (jsc#SLE-16407). - ACPI: PCI: Remove unused ACPICA debug code (jsc#SLE-16407). - ACPI: event: Remove leftover ACPICA debug code (jsc#SLE-16407). - ACPI: dock: Remove dead ACPICA debug code (jsc#SLE-16407). - ACPI: debugfs: Remove dead ACPICA debug code (jsc#SLE-16407). - ACPI: custom_method: Remove dead ACPICA debug code (jsc#SLE-16407). - ACPI: container: Remove leftover ACPICA debug functionality (jsc#SLE-16407). - ACPI: platform: Remove ACPI_MODULE_NAME() (jsc#SLE-16407). - ACPI: memhotplug: Remove leftover ACPICA debug functionality (jsc#SLE-16407). - ACPI: LPSS: Remove ACPI_MODULE_NAME() (jsc#SLE-16407). - ACPI: cmos_rtc: Remove leftover ACPI_MODULE_NAME() (jsc#SLE-16407). - node: Add access1 class to represent CPU to memory characteristics (jsc#SLE-16407). - ACPI: Let ACPI know we support Generic Initiator Affinity Structures (jsc#SLE-16407). - ACPI: Support Generic Initiator only domains (jsc#SLE-16407). - ACPI / NUMA: Add stub function for pxm_to_node() (jsc#SLE-16407). - ACPI: Remove side effect of partly creating a node in acpi_get_node() (jsc#SLE-16407). - ACPI: scan: Replace ACPI_DEBUG_PRINT() with pr_debug() (jsc#SLE-16407). - ACPI: battery: include linux/power_supply.h (jsc#SLE-16407). - ACPI: APD: Clean up header file include statements (jsc#SLE-16407). - ACPI: APD: Remove unnecessary APD_ADDR() macro stub (jsc#SLE-16407). - ACPI: APD: Remove ACPI_MODULE_NAME() (jsc#SLE-16407). - ACPI: APD: Remove flags from struct apd_device_desc (jsc#SLE-16407). - ACPI: APD: Add kerneldoc for properties in struct apd_device_desc (jsc#SLE-16407). - ACPI: DPTF: Add PCH FIVR participant driver (jsc#SLE-16407). - ACPI / PMIC: Move TPS68470 OpRegion driver to drivers/acpi/pmic/ (jsc#SLE-16407). - ACPI / PMIC: Split out Kconfig and Makefile specific for ACPI PMIC (jsc#SLE-16407). Update config files. - ACPI: NFIT: Use kobj_to_dev() instead (jsc#SLE-16407). - ACPI: OSL: Make ACPICA use logical addresses of GPE blocks (jsc#SLE-16407). - ACPI: OSL: Change the type of acpi_os_map_generic_address() return value (jsc#SLE-16407). - ACPICA: Add support for using logical addresses of GPE blocks (jsc#SLE-16407). - ACPICA: Introduce special struct type for GPE register addresses (jsc#SLE-16407). - ACPICA: Introduce acpi_hw_gpe_read() and acpi_hw_gpe_write() (jsc#SLE-16407). - ACPICA: Validate GPE blocks at init time (jsc#SLE-16407). - ACPICA: Update version to 20200925 Version 20200925 (jsc#SLE-16407). - ACPICA: Remove unnecessary semicolon (jsc#SLE-16407). - ACPICA: Debugger: Add a new command: "ALL " (jsc#SLE-16407). - ACPICA: iASL: Return exceptions for string-to-integer conversions (jsc#SLE-16407). - ACPICA: acpi_help: Update UUID list (jsc#SLE-16407). - ACPICA: Add predefined names found in the SMBus sepcification (jsc#SLE-16407). - ACPICA: Tree-wide: fix various typos and spelling mistakes (jsc#SLE-16407). - ACPICA: Drop the repeated word "an" in a comment (jsc#SLE-16407). - ACPICA: Add support for 64 bit risc-v compilation (jsc#SLE-16407). - ACPI: processor: Print more information when acpi_processor_evaluate_cst() fails (jsc#SLE-16407). - ACPI/IORT: Remove the unused inline functions (jsc#SLE-16407). - ACPI/IORT: Drop the unused @ops of iort_add_device_replay() (jsc#SLE-16407). - arm64: permit ACPI core to map kernel memory used for table overrides (jsc#SLE-16407). - arm64/acpi: disallow AML memory opregions to access kernel memory (jsc#SLE-16407). - arm64: acpi: fix UBSAN warning (jsc#SLE-16407). - commit 5dc32ae - Adjust armv7hl configs for SLE15-SP3 code base (jsc#SLE-17212) - commit 7df7f95 - Copy armv7hl config back from openSUSE-15.2 branch (jsc#SLE-17212) vanilla config is skipped as it's dropped on Leap 15.3 - commit a5a45dc - intel_th: pci: Add Alder Lake-P support (git-fixes). - drm/amd/display: disable dcn10 pipe split by default (git-fixes). - commit 92717d1 - xhci: tegra: Delay for disabling LFPS detector (git-fixes). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - ehci: fix EHCI host controller initialization sequence (git-fixes). - i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes). - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes). - drm/nouveau/mmu: fix vram heap sizing (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes). - HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes). - HID: logitech-dj: add the G602 receiver (git-fixes). - HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes). - commit 6194af6 - blacklist.conf: unwanted NFS patches - commit 6f9f1d0 - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - commit 5e9f700 ++++ kmod: - Update to v28 * Add Zstandard to the supported compression formats using libzstd (tests only - cannot be disabled in tests) * Ignore ill-formed kernel command line, e.g. with "ivrs_acpihid[00:14.5]=AMD0020:0" option in it * Fix some memory leaks * Fix 0-length builtin.alias.bin: it needs at least the index header - Backport upstream fix 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch ++++ graphene: - Pass conditional Darm_neon=false instead of Darm-neon=true to meson, fix build for armv7. - Stop passing Dbenchmarks=true, no longer recognized nor used. ++++ tpm2-0-tss: - update to 3.0.3: - changes in 3.0.3: * Fix Regression in Fapi_List * Fix memory leak in policy calculation - changes in 3.0.2: * FAPI: Fix setting of the system flag of NV objects * This will let NV object metadata be created system-wide always instead of * locally in the user. Existing metadata will remain in the user directory. * It can be moved to the corresponding systemstore manually if needed. * FAPI: Fix policy searching, when a policyRef was provided * FAPI: Accept EK-Certs without CRL dist point * FAPI: Fix return codes of Fapi_List * FAPI: Fix memleak in policy execution * FAPI: Fix coverity NULL-pointer check * FAPI: Set the written flag of NV objects in FAPI PolicyNV commands * FAPI: Fix deleting of policy files. * FAPI: Fix wrong file loading during object search. * Fapi: Fix memory leak * Fapi: Fix potential NULL-Dereference * Fapi: Remove superfluous NULL check * Fix a memory leak in async keystore load. ++++ shadow: - Do not require libeconf-devel on products without /usr/etc. ++++ patterns-microos: - added the cockpit-wicked plug-in ++++ python-psutil: - Add patch to skip tests related to rlimit and zombie processes that fail when building for python2 on i586: * skip_rlimit_tests_on_python2.patch ++++ ovmf: - Add ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch as the follow-up patch for SEV-ES to fix the flash writing (jsc#SLE-16075) - Update 50-xen-hvm-x86_64.json to add "nvram-template" and change the firmware file to ovmf-x86_64-ms-4m.bin (bsc#1180050, bsc#1181264) - Refresh ovmf-bsc1180079-amd-sev-es-mitigation.patch + Use "git format-patch --no-renames" to generate the patch to avoid confusing quilt with the renamed files ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#439 - Don't replace directory symlinks (boo#1029961) - 16.35 ++++ tpm2.0-tools: - add fix_warnings.patch: fixes a couple of build errors resulting from LTO linking and -Werror. - add fix_pie_linking.patch: fixes an error in the build system that causes the tss2 binary to be linked without passed LDFLAGS (like -pie), which causes the binary not to be position independent. - update to major version 5.0: - Non Backwards Compatible Changes * Default hash algorithm is now sha256. Prior versions claimed sha1, but were inconsistent in choice. Best practice is to specify the hash algorithm to avoid surprises. * tpm2_tools and tss2_tools are now a busybox style commandlet. Ie tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks to the old tool names and the tpm2 commandlet will interrogate argv[0] for the command to run. This will provide backwards compatibility if they are installed. If you wish to use the old names not installed system wide, set DESTDIR during install to a separate path and set the proper directory on PATH. * tpm2_eventlog's output changed to be YAML compliant. The output before was intended to be YAML compliant but was never properly checked and tested. * umask set to 0117 for all tools. * tpm2_getekcertificate now outputs the INTC EK certificates in PEM format by default. In order to output the URL safe variant of base64 encoded output of the INTC EK certificate use the added option --raw. - Dependency update * Update tpm2-tss dependency version to 3.0.1 * Update tpm2-abrmd dependency version to 2.3.3 - New tools and features * tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase. * tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen. * tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen. * tpm2_commit: Add new tool to support command TPM2_CC_Commit. * tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral. * tpm2_geteccparameters: Add new tool to support command TPM2_CC_ECC_Parameters. * tpm2_setcommandauditstatus: Added new tool to support command TPM2_CC_SetCommandCodeAuditStatus. * tpm2_getcommandauditstatus: Added new tool to support command TPM2_CC_GetCommandAuditDigest. * tpm2_getsessionauditdigest: Added new tool to support command TPM2_CC_GetSessionAuditDigest. * tpm2_certifyX509certutil: Added new tool for creating partial x509 certificates required to support the TPM2_CC_CertifyX509 command. * tpm2_policysigned: Added option --cphash-input to specify the command parameter hash (cpHashA), enforcing the TPM command to be authorized as well as its handle and parameter values. * tpm2_createprimary: Added option to specify the unique data from the stdin by adding provision for specifying the option value for unique file as -. * tpm2_startauthsession: Added new feature/option --audit-session to start an HMAC session to be used as an audit session. * tpm2_getrandom: - Added new feature/option -S, --session to specify a HMAC session to be used as an audit session. This adds support for auditing the command using an audit session. - Added new feature/option --rphash to specify file path to record the hash of the response parameters. This is commonly termed as rpHash. - Added new feature/option --cphash to specify a file path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: In absence of --rphash option, when this option is selected, The tool will not actually execute the command, it simply returns a cpHash. * tpm2_getcap: tpm2_getcap was missing raw on a property TPM2_PT_REVISION, and it should always be specified. * tpm2_sign: - Add option --commit-index to specify the commit index to use when performing an ECDAA signature. - Add support for ECDAA signature. * tpm2_getekcertificate: - Add option --raw to output EK certificate in URL safe variant base64 encoded format. By default it outputs a PEM formatted certificate. - The tool can now output INTC and non INTC EK certificates from NV indices specified by the TCG EK profile specification. * tpm2_activatecredential: - The secret data input can now be specified as stdin with -s option. - The public key used for encryption can be specified as -u to make it similar to rest of the tools specifying a public key. The old -e option is retained for backwards compatibility. - Add option to specify the key algorithm when the input public key is in PEM format using the new option -G, --key-algorithm. Can specify either RSA/ECC. When this option is used, input public key is expected to be in PEM format and the default TCG EK template is used for the key properties. * tpm2_checkqoute: - Add EC support. - Support loading tss signatures. - Support loading tpm2 pcrread PCR values by specifying the PCR selection using the new option -l, --pcr-list. - Added support for automatically detecting the signature format. With this -F, --format option is retained for backwards compatibility but it is deprecated. * tpm2_createak: add option to output qualified name with new option - q, --ak-qualified-name. * tpm2_policypcr: Add option for specifying cumulative hash of PCR's as an argument. * tpm2_readpublic: Add option to output qualified name using the new option - q, --qualified-name. * tpm2_print: - Support printing TPM2B_PUBLIC data structures. - Support printing TPMT_PUBLIC data structures. * tpm2_send: Add support for handling sending and receiving command and response buffer for multiple commands. * tpm2_verifysignature: Added support for verifying RSA-PSS signatures. * tpm2_eventlog: - Add handling of sha1 log format. - Add fixes for eventlog output to be proper YAML. - Add support for sha384, sha512, sm3_256 PCR hash algorithms. - Add support for computing PCR values based on the events. * tpm2_tools (all): - Set stdin/stdout to non-buffering. - Added changes for FreeBSD portability. - Bug fixes * Fix printing short options when no ascii character is used. * OpenSSL: Fix deprecated OpenSSL functions. ECC Functions with suffix GFp will become deprecated (DEPRECATED_1_2_0). * tpm2_eventlog: output EV_POST_CODE as string not firmware blob to be compliant with TCG PC Client FPF section 2.3.4.1 and 9.4.12.3.4.1 * Fix missing handle maps for ESY3 handle breaks. See #1994. * tpm2_rsaencrypt: fix OAEP RSA encryption failing to invalid hash selection. * tpm2_rsadecrypt: fix OAEP RSA decryption failing to invalid hash selection. * tpm2_sign: fix for signing failures with restricted signing keys when input data to sign is not a digest, rather the full message. The validation ticket creation process defaults to the owner hierarchy and so in order to choose other hierarchies the tpm2_hash tool should be used instead. * tpm2_print: fix segfault when -t option is omitted by appropriately warning of the required option. * tpm2_nvdefine: fix for default size when size is not specified by invoking TPM2_CC_GetCapability. * Fix for an issue where the return code for unsupported algorithms was tool_rc_general instead of tool_rc_unsupported in tpm2_create and tpm2_createprimary tools. * Fix for an issue where RSA_PSS signature verification caused failures. * tpm2_nvreadpublic, tpm2_kdfa, tpm2_checkquote, tpm2_quote: Fixes for issues with interoperability of the attestation tools between big and little endian platforms. * tss2_*: - Fix bash-completion for tss2_pcrextend and tss2_verifysignature - Add force option to tss2_list - Make force option consistent in all fapi tools - Do not decode non-TPM errors - Enhance integration tests to test changes of optional/mandatory parameters - Add --hex parameter to tss2_getrandom - Fix autocompletion issue - Switch tss2_* to with-"="-style - Add size parameter to tss2_createseal - References to the cryptographic profile (fapi-profile(5)) and config file - (fapi-config(5)) man pages from all relevant tss2_* man pages. - Fix policy branch selection menu item from 1 to 0. - Documentation * wiki pages have been removed and data has been migrated to tpm2-software.github.io portal's tutorial section. * Fix the problem with man and no-man help output for tools were not correctly displayed. * man: - tpm2_create: Correct max seal data size from 256 bytes to 128 bytes. - tpm2_nvread: Fix manpage example. - tpm2_nvwrite: Added missing information on how to specify the NV index as an argument. - tpm2_unseal: Add end-to-end example. - tpm2_nvincrement: Fix incorrect commands in example section. - tpm2_hmac: Fix the example section. ------------------------------------------------------------------ ------------------ 2021-1-27 - Jan 27 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit-podman: - new version 27.1 https://github.com/cockpit-project/cockpit-podman/releases - migrate to local rebuild ++++ dnsmasq: - Fix building with lua54 ++++ transactional-update: - Version 3.0.0 - This release changes the internal structure, but should be identical to the previous release feature wise. - Major parts of the previous Bash only application have been rewritten in C++ with the goal to provide an API around transactions; the transactional-update script is using that new interface internally already, however the API should be considered experimental for now - if you are interested to use it, please notify us in https://github.com/openSUSE/transactional-update/issues/52 - A new tool called "tukit" provides a C++ tool that can be wrapped by scripts to leverage the functionality. Please consider it experimental for now, the commands may still change. - Bugfixes: - Implement support for system offline update [boo#1180808] - Add statistics files to update environment [boo#1173282] ++++ gnutls: - Update to 3.7.0 * Depend on nettle 3.6 * Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains * Added a new API that provides a callback function to output the complete path to the trusted root during certificate chain verification * OIDs exposed as gnutls_datum_t no longer account for the terminating null bytes, while the data field is null terminated. The affected API functions are: gnutls_ocsp_req_get_extension, gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension * Added a new set of API to enable QUIC implementation * The crypto implementation override APIs deprecated in 3.6.9 are now no-op * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support * Support for padlock has been fixed to make it work with Zhaoxin CPU * The maximum PIN length for PKCS #11 has been increased from 31 bytes to 255 bytes - Remove patch fixed upstream: * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - Fix threading bug in libgnutls [bsc#1173434] * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044 ++++ grub2: - Complete Secure Boot support on aarch64 (jsc#SLE-15020) * 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch * 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch * 0003-Make-grub_error-more-verbose.patch * 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch * 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch * 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0009-squash-Add-support-for-linuxefi.patch ++++ gzip: - add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count of lines to skip [bsc#1180713] ++++ haproxy: - Add lua54.patch to fix building with lua 5.4 ++++ hwinfo: - merge gh#openSUSE/hwinfo#92 - improve getting video mode info (bsc#1181101) - try harder to break out of infinite I/O loops - 21.72 ++++ kernel-default: - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - commit 7760e28 - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335). - commit ada97e4 - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - commit 958c625 - xen/privcmd: allow fetching resource sizes (bsc#1065600). - commit 21fc6aa - scsi: ibmvfc: Fix missing cast of ibmvfc_event pointer to u64 handle (jsc#SLE-15442 bsc#1180814 ltc#187461). - Refresh patches.suse/scsi-ibmvfc-Send-commands-down-HW-Sub-CRQ-when-chann.patch. - Refresh patches.suse/scsi-ibmvfc-Set-and-track-hw-queue-in-ibmvfc_event-s.patch. - commit 1e02306 - Update ibmvfc patch metadata. - commit b112c00 - RDMA/ucma: Do not miss ctx destruction steps in some cases (bsc#1181147). - RDMA/cma: Don't overwrite sgid_attr after device is released (bsc#1181147). - RDMA/cma: Fix deadlock on &lock in rdma_cma_listen_on_all() error unwind (bsc#1181147). - RDMA/cma: Add missing error handling of listen_id (bsc#1181147). - RDMA: Add rdma_connect_locked() (bsc#1181147). - RDMA/ucma: Fix use after free in destroy id flow (bsc#1181147). - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (bsc#1181147). - RDMA/cma: Fix use after free race in roce multicast join (bsc#1181147). - RDMA/cma: Consolidate the destruction of a cma_multicast in one place (bsc#1181147). - RDMA/cma: Remove dead code for kernel rdmacm multicast (bsc#1181147). - RDMA/cma: Combine cma_ndev_work with cma_work (bsc#1181147). - RDMA/cma: Remove cma_comp() (bsc#1181147). - RDMA/cma: Fix locking for the RDMA_CM_LISTEN state (bsc#1181147). - RDMA/cma: Make the locking for automatic state transition more clear (bsc#1181147). - RDMA/cma: Fix locking for the RDMA_CM_CONNECT state (bsc#1181147). - RDMA/ucma: Fix resource leak on error path (bsc#1181147). - RDMA/ucma: Remove closing and the close_wq (bsc#1181147). - RDMA/ucma: Rework how new connections are passed through event delivery (bsc#1181147). - RDMA/ucma: Narrow file->mut in ucma_event_handler() (bsc#1181147). - RDMA/ucma: Change backlog into an atomic (bsc#1181147). - RDMA/ucma: Fix locking for ctx->events_reported (bsc#1181147). - RDMA/ucma: Fix the locking of ctx->file (bsc#1181147). - RDMA/ucma: Do not use file->mut to lock destroying (bsc#1181147). - RDMA/cma: Add missing locking to rdma_accept() (bsc#1181147). - RDMA/ucma: Remove mc_list and rely on xarray (bsc#1181147). - RDMA/ucma: Fix error cases around ucma_alloc_ctx() (bsc#1181147). - RDMA/ucma: Consolidate the two destroy flows (bsc#1181147). - RDMA/ucma: Remove unnecessary locking of file->ctx_list in close (bsc#1181147). - RDMA/ucma: Fix refcount 0 incr in ucma_get_ctx() (bsc#1181147). - RDMA/core: Move the rdma_show_ib_cm_event() macro (bsc#1181147). - commit feb2e32 - efi/libstub: Disable -mbranch-protection (jsc#SLE-16407). - efi/arm64: libstub: Deal gracefully with EFI_RNG_PROTOCOL failure (jsc#SLE-16407). - efivarfs: Replace invalid slashes with exclamation marks in dentries (jsc#SLE-16407). - efi: Delete deprecated parameter comments (jsc#SLE-16407). - efi/libstub: Fix missing-prototypes in string.c (jsc#SLE-16407). - efi: Add definition of EFI_MEMORY_CPU_CRYPTO and ability to report it (jsc#SLE-16407). - efi: mokvar: add missing include of asm/early_ioremap.h (jsc#SLE-16407). - efi: efivars: limit availability to X86 builds (jsc#SLE-16407). Update config files. - efi: remove some false dependencies on CONFIG_EFI_VARS (jsc#SLE-16407). - efi: efivars: un-export efivars_sysfs_init() (jsc#SLE-16407). - efi: pstore: move workqueue handling out of efivars (jsc#SLE-16407). - efi: pstore: disentangle from deprecated efivars module (jsc#SLE-16407). - efi: mokvar-table: fix some issues in new code (jsc#SLE-16407). - cper,edac,efi: Memory Error Record: bank group/address and chip id (jsc#SLE-16407). - edac,ghes,cper: Add Row Extension to Memory Error Record (jsc#SLE-16407). - efi/x86: Add a quirk to support command line arguments on Dell EFI firmware (jsc#SLE-16407). - efi/libstub: Add efi_warn and *_once logging helpers (jsc#SLE-16407). - efi: Support for MOK variable config table (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/printf: remove unneeded semicolon (jsc#SLE-16407). - efi/libstub: Export efi_low_alloc_above() to other units (jsc#SLE-16407). - efi: Rename arm-init to efi-init common for all arch (jsc#SLE-16407). - commit a426a3c - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - commit 9a4138b - series.conf: cleanup - rename patches to get rid of numeric prefix (for easier resolve of merge conflict) patches.suse/0001-drm-rockchip-Avoid-uninitialized-use-of-endpoint-id-.patch -> patches.suse/drm-rockchip-Avoid-uninitialized-use-of-endpoint-id-.patch patches.suse/0002-drm-gma500-fix-double-free-of-gma_connector.patch -> patches.suse/drm-gma500-fix-double-free-of-gma_connector.patch patches.suse/0003-drm-aspeed-Fix-Kconfig-warning-subsequent-build-erro.patch -> patches.suse/drm-aspeed-Fix-Kconfig-warning-subsequent-build-erro.patch patches.suse/0004-drm-dp_aux_dev-check-aux_dev-before-use-in-drm_dp_au.patch -> patches.suse/drm-dp_aux_dev-check-aux_dev-before-use-in-drm_dp_au.patch patches.suse/0005-drm-mcde-Fix-handling-of-platform_get_irq-error.patch -> patches.suse/drm-mcde-Fix-handling-of-platform_get_irq-error.patch patches.suse/0006-drm-tve200-Fix-handling-of-platform_get_irq-error.patch -> patches.suse/drm-tve200-Fix-handling-of-platform_get_irq-error.patch (no effect on expanded tree) - commit 772573f - drm/v3d: Add support for bcm2711 (jsc#SLE-16259). - Update config - supported.conf: Enable v3d - commit 29319ce - soc: bcm: bcm2835-pm: Add support for bcm2711 (jsc#SLE-16259). - commit 8aa7baa - series.conf: cleanup - move unsortable patch out of sorted section patches.suse/floppy-reintroduce-O_NDELAY-fix.patch - commit 39bee61 ++++ kernel-firmware: - Update to version 20210119 (git commit 05789708b79b): * brcm: Link RPi4's WiFi firmware with DMI machine name. * brcm: Add NVRAM for Vamrs 96boards Rock960 * brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes * cypress: Fix link direction * cypress: Link the new cypress firmware to the old brcm files * brcm: remove old brcm firmwares that have newer cypress variants * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253 * rtl_bt: Add firmware and config files for RTL8852A BT USB chip * rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644 - Fix install-split.sh to deal with the quoted spaces - Update aliases ++++ libcap: - update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates ++++ Mesa: - removed no longer needed buildfix-ppc64le.patch; build failed on ppc64 due to this patch (bsc#1181439) ++++ python3-core: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ++++ ceph: - Update to 16.1.0-46-g571704f730 + rebase on top of upstream v16.1.0 (Pacific release candidate) + drop obsolete downstream patches that were causing conflicts: * cephadm: use registry.suse.com by default * cephadm: add global flag --container-init * mgr/cephadm: append --container-init to basecommand * cephadm: remove container-init subparser from "deploy" ++++ wayland: - Update to release 1.19 * This release mostly contains bug fixes and minor protocol updates. ++++ patterns-microos: - don't require grub2-branding on s390x ++++ python3: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ++++ raspberrypi-firmware: - Use disable-v3d overlay, it isn't ready for users to use but soon good enough for a technology preview. (jsc#SLE-15928) ++++ raspberrypi-firmware-config: - Use disable-v3d overlay, it isn't ready for users to use but soon good enough for a technology preview. (jsc#SLE-15928) ++++ raspberrypi-firmware-dt: - Introduce disable-v3d-overlay.dts, in order to be able to selectively disable v3d while using vc4 as the display controller (jsc#SLE-15928). ++++ sudo: - Update to 1.9.5.p2 * When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. (bsc#1181090) * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. ++++ sysuser-tools: - Set --replace option for systemd-sysusers ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#447 - aarch64: add tegra20-apb-dma module (bsc#1181463) - 16.34 - merge gh#openSUSE/installation-images#446 - work around broken plymouth (bsc#1149070) - 16.33 - merge gh#openSUSE/installation-images#445 - do not run prein script for openssh-server in root image - 16.32 ++++ u-boot-rpiarm64: - Fix documentation location Update to v2021.01. Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches dropped: 0028-usb-xhci-xhci_bulk_tx-Don-t-BUG-whe.patch 0029-Revert-Fix-data-abort-caused-by-mis.patch 0030-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0031-pci-brcmstb-Cleanup-controller-stat.patch * Patches added: 0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0029-pci-brcmstb-Cleanup-controller-stat.patch 0030-fs-btrfs-Select-SHA256-in-Kconfig.patch ++++ yast2: - Do not propose hibernation when running over a virtualized setup (bsc#1180982). - 4.3.51 ------------------------------------------------------------------ ------------------ 2021-1-26 - Jan 26 2021 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Disable FlushAllOnReload option to not retain interface to zone assignments and direct rules when using --reload option. * 0002-Disable-FlushAllOnReload-option.patch ++++ open-iscsi: - Update to latest upstream (no new tag yet). To fix bsc#1181313. Changes since last update added to open-iscsi-SUSE-latest.diff.bz2: * Fix iscsiadm segfault when exiting * iscsid: Add NO_SYSTEMD to CFLAGS * Change mkdir permissions to 0770, adjust usmask * Fix typo in util.py * iscsid: Do not allow conflicting pid-file options * iscsiadm: Fix memory leak in iscsiadm * libopeniscsiusr: Fix memory leak in iscsi_sessions_get() * libopeniscsiusr: Fix memory leak in iscsi_nodes_get() * idbm: Fix memory leak and NULL pointer dereference in idbm_rec_update_param() * Add etc/systemd/iscsi-init.service to SYSTEMDFILES Makefile variable ++++ keepalived: - Update to 2.2.1 https://www.keepalived.org/release-notes/Release-2.2.1.html https://www.keepalived.org/release-notes/Release-2.2.0.html https://www.keepalived.org/release-notes/Release-2.1.5.html https://www.keepalived.org/release-notes/Release-2.1.4.html https://www.keepalived.org/release-notes/Release-2.1.3.html https://www.keepalived.org/release-notes/Release-2.1.2.html https://www.keepalived.org/release-notes/Release-2.1.1.html https://www.keepalived.org/release-notes/Release-2.1.0.html - enable systemd integration via libsystemd (new BR: libsystemd) - switch to systemd_ordering instead of systemd_requires - sync configure options with the configure script ++++ kernel-default: - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489). - commit 852fa4b - blacklist.conf: 035fff1f7aab x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled - commit 7d62c49 - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - commit cdea5d0 - x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489). - commit 0e0c8a8 - Fix hibernation verification after UEFI subsystem upgraded (jsc#SLE-16407) - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - Refresh patches.suse/0006-efi-allow-user-to-regenerate-secret-key.patch. - Delete patches.suse/0003-x86-KASLR-public-the-function-for-getting-random-lon.patch. - Update config files. - commit d972b09 - x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489). - commit 3044309 ++++ lshw: - Display UUID on Power VM LPAR (bsc#1181411 ltc#191040) * lshw-devtree-Add-UUID-property.patch ++++ qemu: - Fix two additional cases of qemu crashing due to qemu module packages not being loaded. qom-handle-case-of-chardev-spice-module-.patch spice-app-avoid-crash-when-core-spice-mo.patch ++++ rpm-config-SUSE: - Add missing fileattrs/modulesload.attr file to generate requires for modules-load.d entries [jsc#SLE-7692] ++++ samba: - Update to 4.13.4 * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * lib: Avoid declaring zero-length VLAs in various messaging functions; (bso#14605); * Do not create an empty DB when accessing a sam.ldb; (bso#14579); * vfs_fruit may close wrong backend fd; (bso#14596); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606); * vfs_fruit may close wrong backend fd; (bso#14596); * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * The cache directory for the user gencache should be created recursively; (bso#14601); * Be more flexible with repository names in CentOS 8 test environments; (bso#14594); ------------------------------------------------------------------ ------------------ 2021-1-25 - Jan 25 2021 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Update to 0.9.3 (jsc#SLE-17336): * docs(dbus): fix invalid method names * fix(forward): iptables: ipset used as zone source * fix(rich): non-printable characters removed from rich rules * docs(firewall-cmd): small description grammar fix * fix(rich): limit table to strip non-printables to C0 and C1 * fix(zone): add source with mac address ++++ kernel-default: - x86/sev: Fix nonistr violation (bsc#1178134). - commit 47bc3f9 - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes). - commit 6ef999c - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes). - drm/i915: clear the gpu reloc batch (git-fixes). - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes). - drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes). - commit cc8174e - drm/amdkfd: Fix leak in dmabuf import (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (git-fixes). - drm/mcde: Fix handling of platform_get_irq() error (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes). - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes). - drm/tegra: replace idr_init() by idr_init_base() (git-fixes). - drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes). - drm/i915/gvt: return error when failing to take the module reference (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/i915: Handle max_bpc==16 (git-fixes). - drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes). - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes). - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes). - commit bd76ab9 - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes). - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes). - drm/sun4i: frontend: Rework a bit the phase data (git-fixes). - drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes). - drm/amdgpu: don't map BO in reserved region (git-fixes). - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes). - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915/gt: Delay execlist processing for tgl (git-fixes). - commit d9edd32 - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes). - drm/amd/display: Avoid MST manager resource leak (git-fixes). - drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amd/display: Increase timeout for DP Disable (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/msm/a6xx: fix a potential overflow issue (git-fixes). - drm/panfrost: add amlogic reset quirk callback (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - commit 3790415 - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - commit f36768e - drm/i915: Filter wake_flags passed to default_wake_function (git-fixes). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes). - drm/amd/display: update nv1x stutter latencies (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes). - drm/omap: fix incorrect lock state (git-fixes). - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes). - drm/amd/display: Retry AUX write when fail occurs (git-fixes). - drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes). - drm/msm/a6xx: fix gmu start on newer firmware (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm/dpu: Fix scale params in plane validation (git-fixes). - drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes). - drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes). - commit 64cc324 - drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes). - drm/amdkfd: fix restore worker race condition (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - commit 406e9f7 - drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes). - drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes). - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/amd/display: Stop if retimer is not available (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes). - commit db34b82 - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes). - drm/scheduler: Avoid accessing freed bad job (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes). - drm/amd/display: Do not double-buffer DTO adjustments (git-fixes). - commit c18126a - drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes). - drm/syncobj: Fix use-after-free (git-fixes). - drm/atomic: put state on error path (git-fixes). - commit 4cd1094 - drm/i915/hdcp: Update CP property in update_pipe (git-fixes). - drm/amdgpu: fix DRM_INFO flood if display core is not supported (bug 210921) (git-fixes). - commit 0dca4e9 - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - cachefiles: Drop superfluous readpages aops NULL check (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - commit 963543c - x86/sev-es: Handle string port IO to kernel memory properly (bsc#1178134). - commit 3ec7fbe - i2c: mlxbf: select CONFIG_I2C_SLAVE (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - i2c: mlxbf: I2C_MLXBF should depend on MELLANOX_PLATFORM (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - commit abb583b - net: core: devlink: use right genl user_ptr when handling port param get/set (bsc#1176447). - i40e: fix potential NULL pointer dereferencing (jsc#SLE-13701). - net: fix use-after-free when UDP GRO with shared fraglist (bsc#1176447). - net/mlx5e: In skb build skip setting mark in switchdev mode (jsc#SLE-15172). - nexthop: Bounce NHA_GATEWAY in FDB nexthop groups (bsc#1176447). - net: bareudp: add missing error handling for bareudp_link_config() (jsc#SLE-15172). - bareudp: Fix use of incorrect min_headroom size (jsc#SLE-15172). - bareudp: set NETIF_F_LLTX flag (jsc#SLE-15172). - bnxt_en: Check TQM rings for maximum supported value (jsc#SLE-15075). - bnxt_en: Fix AER recovery (jsc#SLE-15075). - Revert "e1000e: disable s0ix entry and exit flows for ME systems" (jsc#SLE-13532). - e1000e: Only run S0ix flows if shutdown succeeded (jsc#SLE-13532). - ionic: change set_rx_mode from_ndo to can_sleep (jsc#SLE-16649). - ionic: flatten calls to ionic_lif_rx_mode (jsc#SLE-16649). - ice: avoid premature Rx buffer reuse (jsc#SLE-7926). - net: mlx5e: fix fs_tcp.c build when IPV6 is not enabled (jsc#SLE-15172). - net/mlx5e: Fix IPsec packet drop by mlx5e_tc_update_skb (jsc#SLE-15172). - commit 54582be - net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464). - net: hns3: fix a phy loopback fail issue (bsc#1154353). - net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353). - bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274). - e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100). - ionic: account for vlan tag len in rx buffer len (bsc#1167773). - ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926). - net: fix proc_fs init handling in af_packet and tls (bsc#1154353). - ice: avoid premature Rx buffer reuse (jsc#SLE-7926). - net: hns3: remove a misused pragma packed (bsc#1154353). - commit 465e7d7 - zlib: move EXPORT_SYMBOL() and MODULE_LICENSE() out of dfltcc_syms.c (jsc#SLE-13766). - commit d62a9cc - zlib: export S390 symbols for zlib modules (jsc#SLE-13766). - KVM: s390: remove diag318 reset code (jsc#SLE-13746). - s390/pci: fix hot-plug of PCI function missing bus (bsc#1181076 LTC#190860). - commit 54be82c - lib/test_hmm.c: fix an error code in dmirror_allocate_chunk() (jsc#SLE-16387). - commit df77afb - Refresh patches.suse/0041-mm-memremap_pages-support-multiple-ranges-per-invoca.patch. - add missing hunk for lib/test_hmm.c - commit f341232 - iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (git-fixes). - commit 0bf82c2 - blacklist.conf: Add 08685be7761d powerpc/64s: fix scv entry fallback flush vs interrupt No scv support. - commit 7e491e5 - selftests: net: fib_tests: remove duplicate log test (git-fixes). - net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes). - udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - commit 87c48df - blacklist.conf: 78762b0e79bc x86/asm/32: Add ENDs to some functions and relabel with SYM_CODE_* - commit 1f20d8c - series.conf: cleanup - move kabi workaround into patches.kabi: patches.suse/ALSA-pcm-fix-hw_rule-deps-kABI.patch - commit 3eee3e1 - series.conf: refresh - update upstream references and resort: patches.suse/scsi-scsi_transport_srp-Don-t-block-target-in-failfa.patch patches.suse/selftests-powerpc-Only-test-lwm-stmw-on-big-endian.patch - commit 5218f70 - series.conf: cleanup - move an unsortable patch out of sorted section patches.suse/powerpc-Fix-build-error-in-paravirt.h.patch - commit 0f64295 - drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472) - commit 8541d40 - drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472) - commit 60b9525 - drm/dp_aux_dev: check aux_dev before use in (bsc#1152472) - commit 21532d2 - drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472) - commit 3d14ba8 - drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: * context changes - commit 2ce14eb - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472) - commit 103a121 - iio: ad5504: Fix setting power-down state (git-fixes). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - usb: gadget: aspeed: fix stop dma register setting (git-fixes). - commit 4d850d2 - blacklist.conf: Append 'drm/vc4: gem: Add a managed action to cleanup the job queue' - commit ce3d22f - blacklist.conf: Append 'drm/vc4: bo: Add a managed action to cleanup the cache' - commit 2cf161b - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518). - bpf: Don't leak memory in bpf getsockopt when optlen == 0 (bsc#1155518). - commit 609f544 ++++ util-linux: - s/--enable-vendordir/--with-vendordir/ - remove pam_securetty line again. As long as there is no agreement from pam side having it would fail openQA (boo#1033626) ++++ libgcrypt: - Add the global config file /etc/gcrypt/random.conf * This file can be used to globally change parameters of the random generator with the options: only-urandom and disable-jent. ++++ libgpg-error: - update to 1.41: * Fixes another glitch in the "ignore" meta command. * Fixes two typos in the German translation. * New function gpgrt_access. * Make "ignore" meta command work correctly in the option parser. * Interface changes relative to the 1.39 release: gpgrt_access NEW. ++++ snapper: - fixed testsuite for equal-date (gh#openSUSE/snapper#526) ++++ python-psutil: - update to 5.8.0: * Enhancements: - 1863: disk_partitions() exposes 2 extra fields: maxfile and maxpath, which are the maximum file name and path name length. - 1872: [Windows] added support for PyPy 2.7. - 1879: provide pre-compiled wheels for Linux and macOS. - 1880: get rid of Travis and Cirrus CI services (they are no longer free). CI testing is now done by GitHub Actions on Linux, macOS and FreeBSD (yes). AppVeyor is still being used for Windows CI. * Bug fixes: - 1708: [Linux] get rid of sensors_temperatures() duplicates. (patch by Tim Schlueter). - 1839: [Windows] always raise AccessDenied when failing to query 64 processes from 32 bit ones (NtWoW64 APIs). - 1866: [Windows] process exe(), cmdline(), environ() may raise "invalid access to memory location" on Python 3.9. - 1874: [Solaris] wrong swap output given when encrypted column is present. - 1875: [Windows] process username() may raise ERROR_NONE_MAPPED if the SID has no corresponding account name. In this case AccessDenied is now raised. - 1877: [Windows] OpenProcess may fail with ERROR_SUCCESS. Turn it into AccessDenied or NoSuchProcess depending on whether the PID is alive. - 1886: [macOS] EIO error may be raised on cmdline() and environment(). Now it gets translated into AccessDenied. - 1891: [macOS] get rid of deprecated getpagesize(). - Rebase patch and skip three other tests that fail on obs * skip-obs.patch ++++ raspberrypi-firmware-dt: - Update to 02dbfea28f (2021-01-22): * Add reserved memory template to hold firmware configuration - Drop upstream-blconfig-rmem.patch as it's now available upstream. ++++ rpm-config-SUSE: - Backport find-*.ksyms fixes from Factory [jsc#SLE-7692]: * move modinfo and modprobe commands * generate kernel module requires for module-load.d files * use "if kernel" for modules-load.d requires * fix version handling in kernel-uname-r requires * fix awk gensub warning - changed files: find-provides.ksyms, find-requires.ksyms ++++ timezone: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ++++ toolbox: - Update to version 2.0+git20210125.50611db: * Document configuration files, add /usr/etc/toolboxrc * Update README to include commands * Update the README * Be even more compatible with Silverblue Toolbox * Introduce commands, for compatibility with Silverblue's toolbox * Mount /run/media and and /tmp inside a user toolbox * Export more env variables inside (user) toolboxes ++++ util-linux-systemd: - s/--enable-vendordir/--with-vendordir/ - remove pam_securetty line again. As long as there is no agreement from pam side having it would fail openQA (boo#1033626) ++++ virt-manager: - bsc#1180897 - SLES15 SP2: VM does not boot after virt-install installing from ISO image. virtinst-keep-iso-for-xenpv.patch - bsc#1181350 - [Build 20210122] openQA test fails in virt_install on aarch64 virtman-show-no-firmware-for-xenpv.patch ++++ yast2-trans: - Update to version 84.87.20210123.74263e8a12: * New POT for text domain 'nis_server'. * New POT for text domain 'network'. * New POT for text domain 'instserver'. * New POT for text domain 'proxy'. * New POT for text domain 'wol'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'relocation-server'. * New POT for text domain 'reipl'. * New POT for text domain 'registration'. * New POT for text domain 'rdp'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'multipath'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'iplb'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'cluster'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'add-on'. * Automatic update of wol. * Automatic update of vpn. * Automatic update of users. * Automatic update of update. * Automatic update of tune. * Automatic update of s390. * Automatic update of sysconfig. * Automatic update of support. * Automatic update of sudo. * Automatic update of storage. * Automatic update of squid. * Automatic update of sound. * Automatic update of snapper. * Automatic update of slp-server. * Automatic update of services-manager. * Automatic update of security. * Automatic update of scanner. * Automatic update of samba-server. * Automatic update of samba-client. * Automatic update of rmt. * Automatic update of relocation-server. * Automatic update of reipl. * Automatic update of registration. * Automatic update of rdp. * Automatic update of proxy. * Automatic update of printer. * Automatic update of pam. * Automatic update of packager. * Automatic update of online-update. * Automatic update of ntp-client. * Automatic update of nis_server. * Automatic update of nis. * Automatic update of nfs_server. * Automatic update of nfs. * Automatic update of network. * Automatic update of multipath. * Automatic update of migration. * Automatic update of mail. * Automatic update of ldap-client. * Automatic update of ldap. * Automatic update of kdump. * Automatic update of journalctl. * Automatic update of isns. * Automatic update of iscsi-lio-server. * Automatic update of iscsi-client. * Automatic update of iplb. * Automatic update of instserver. * Automatic update of installation. * Automatic update of http-server. * Automatic update of hana-update. * Automatic update of hanafirewall. * Automatic update of geo-cluster. * Automatic update of ftp-server. * Automatic update of firewall. * Automatic update of fcoe-client. * Automatic update of drbd. * Automatic update of dns-server. * Automatic update of dhcp-server. * Automatic update of crowbar. * Automatic update of country. * Automatic update of control. * Automatic update of cluster. * Automatic update of cc-control. * Automatic update of cc. * Automatic update of bootloader. * Automatic update of base. * Automatic update of autoinst. * Automatic update of auth-client. * Automatic update of audit-laf. * Automatic update of apparmor. * Automatic update of add-on. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-1-24 - Jan 24 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/panel: otm8009a: allow using non-continuous dsi clock (git-fixes). - usb: ohci: Make distrust_firmware param default to false (git-fixes). - commit 7c39cad - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - commit 54a675e ++++ libdrm: - reenabled build of manual pages (switch from xsltproc to rst2man) - update to 2.4.104: * headers: drm: Sync with drm-next * Remove outdated comments about stdint.h * Remove definitions duplicated from drm_mode.h * xf86drmMode.h use ANSI C99 arrays * Document drmModeConnection * man: convert to reSTructuredText * testsuite fixes ++++ mozilla-nss: - update to NSS 3.60.1 Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. - removed obsolete ppc-old-abi-v3.patch ++++ libgudev: - update to 234: * Clarify that _get_sysfs_attr() functions are cached * Add functions to get uncached sysfs attributes ++++ pcsc-ccid: - Version 1.4.34 * Add support for ACS ACR1252IMP Reader ACS CryptoMate EVO Aktiv Rutoken SCR 3001 Reader Avtor KP-375BLE Avtor SC Reader KP382 BIT4ID mLector AIR DI V3 BIT4ID miniLector AIR NFC v3 Bit4id Digital-DNA Key (ProductID 0x2354) Canokeys Canokey DESKO GmbH IDenty chrom DESKO GmbH PENTA Scanner FT Biopass CCID FT Biopass FIDO2 FT Biopass KB CCID FT Biopass KB FIDO CCID Feitian BLE CCID Dongle Feitian R805 Feitian vR504 Contactless Reader GoTrust Idem Key Identiv uTrust 3720 Contactless Reader Sunrex HP USB Business Slim Smartcard CCID Keyboard sysmocom - s.f.m.c. GmbH sysmoOCTSIM * Fail if the requested protocol is not supported by reader * Disable USB suspend for the AlcorMicro AU9520 reader * Return "no smart card" if we get notified during a transmit * Minor improvements reported by Maksim Ivanov * Some other minor improvements ++++ python-PyYAML: - update to 5.4.1 (bsc#1174514, CVE-2020-14343): * Fix stub compat with older pyyaml versions that may unwittingly load it * Build modernization, remove distutils, fix metadata, build wheels, CI to GHA * Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader * Fix memory leak in implicit resolver setup * Fix py2 copy support for timezone objects * Fix compatibility with Jython ------------------------------------------------------------------ ------------------ 2021-1-23 - Jan 23 2021 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - back port lvmlockd adopt orphan locks feature into sles15sp2 (bsc#1181319) + bug-1181319_01-Revert-lvmlockd-use-commonly-used-define-NOTIFYDBUS_.patch + bug-1181319_02-lvmlockctl-ensure-result-value-is-always-defined.patch + bug-1181319_03-lvmlockctl-use-inline-initilizers.patch + bug-1181319_04-lvmlockd-replace-lock-adopt-info-source.patch + bug-1181319_05-cov-check-sscanf-result.patch ++++ kernel-default: - ALSA: pcm: fix hw_rule deps kABI (bsc#1181014). - commit 3c80769 - ALSA: pcm: One more dependency for hw constraints (bsc#1181014). - commit d71290f - mmc: core: don't initialize block size from ext_csd if not present (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes). - platform/x86: i2c-multi-instantiate: Don't create platform device for INT3515 ACPI nodes (git-fixes). - commit 9c2a03f - timers: Use only bucket expiry for base->next_expiry value (bsc#1181318). - timers: Preserve higher bits of expiration on index calculation (bsc#1181318). - commit f60f618 ++++ lvm2: - back port lvmlockd adopt orphan locks feature into sles15sp2 (bsc#1181319) + bug-1181319_01-Revert-lvmlockd-use-commonly-used-define-NOTIFYDBUS_.patch + bug-1181319_02-lvmlockctl-ensure-result-value-is-always-defined.patch + bug-1181319_03-lvmlockctl-use-inline-initilizers.patch + bug-1181319_04-lvmlockd-replace-lock-adopt-info-source.patch + bug-1181319_05-cov-check-sscanf-result.patch ++++ openssh: - Add openssh-fix-ssh-copy-id.patch, which fixes breakage introduced in 8.4p1 (bsc#1181311). ------------------------------------------------------------------ ------------------ 2021-1-22 - Jan 22 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add apache-extra-profile-include-if-exists.diff: make include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) ++++ cockpit: - new version 236 https://cockpit-project.org/blog/cockpit-236.html - new version 235 https://cockpit-project.org/blog/cockpit-235.html https://cockpit-project.org/blog/cockpit-234.html https://cockpit-project.org/blog/cockpit-233.html ++++ cockpit-podman: - new version 26 https://github.com/cockpit-project/cockpit-podman/releases/tag/26 ++++ kernel-default: - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - commit d3e26e8 - KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545). - commit 719d24b - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111). - commit ddc328b - s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914). - commit 9b7644e - net/smc: use memcpy instead of snprintf to avoid out of bounds read (jsc#SLE-15862 bsc#1180744 LTC#186340). - smc: fix out of bound access in smc_nl_get_sys_info() (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: fix access to parent of an ib device (jsc#SLE-15862 bsc#1180744 LTC#186340). - commit f7642f8 - net/smc: Add support for obtaining SMCR device list (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Add support for obtaining SMCD device list (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Add SMC-D Linkgroup diagnostic support (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Introduce SMCR get link command (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Introduce SMCR get linkgroup command (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Add support for obtaining system information (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Introduce generic netlink interface for diagnostic purposes (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Refactor smc ism v2 capability handling (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Add diagnostic information to link structure (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Add diagnostic information to smc ib-device (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Add link counters for IB device ports (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Add connection counters for links (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: Use active link of the connection (jsc#SLE-15862 bsc#1180744 LTC#186340). - net/smc: use helper smc_conn_abort() in listen processing (jsc#SLE-15862 bsc#1180744 LTC#186340). - commit 064ec88 - drm/vc4: Unify PCM card's driver_name (git-fixes). - commit 2a6cd0a - dpaa2-eth: fix the size of the mapped SGT buffer (jsc#SLE-14018). - soc: fsl: handle RCPM errata A-008646 on SoC LS1021A (jsc#SLE-14018). - soc: fsl: qbman: qman: Remove unused variable 'dequeue_wq' (jsc#SLE-14018). - soc: fsl: qe: qe_common: Fix misnamed function attribute 'addr' (jsc#SLE-14018). - soc: fsl: dpio: qbman-portal: Fix a bunch of kernel-doc misdemeanours (jsc#SLE-14018). - bus: fsl-mc: simplify DPRC version check (jsc#SLE-14018). - bus: fsl-mc: added missing fields to dprc_rsp_get_obj_region structure (jsc#SLE-14018). - bus: fsl-mc: make sure MC firmware is up and running (jsc#SLE-14018). - bus: fsl-mc: add back accidentally dropped error check (jsc#SLE-14018). - crypto: caam: Replace in_irq() usage (jsc#SLE-14018). - soc/fsl/qbman: Add an argument to signal if NAPI processing is required (jsc#SLE-14018). - crypto: caam/qi - simplify error path for context allocation (jsc#SLE-14018). - dpaa2-eth: Fix compile error due to missing devlink support (jsc#SLE-14018). - dpaa2-eth: select XGMAC_MDIO for MDIO bus support (jsc#SLE-14018). - soc: fsl: qe: Remove unnessesary check in ucc_set_tdm_rxtx_clk (jsc#SLE-14018). - soc: fsl: qman: convert to use be32_add_cpu() (jsc#SLE-14018). - soc: fsl: dpio: remove set but not used 'addr_cena' (jsc#SLE-14018). - dpaa2-eth: add support for devlink parser error drop traps (jsc#SLE-14018). - dpaa2-eth: add basic devlink support (jsc#SLE-14018). - devlink: add .trap_group_action_set() callback (jsc#SLE-14018). - devlink: add parser error drop packet traps (jsc#SLE-14018). - dpaa2-eth: install a single steering rule when SHARED_FS is enabled (jsc#SLE-14018). - dpaa2-eth: no need to check link state right after ndo_open (jsc#SLE-14018). - dpaa2-eth: drop double zeroing (jsc#SLE-14018). - ptp_qoriq: support FIPER3 (jsc#SLE-14018). - dpaa2-eth: utilize skb->cb for hardware timestamping (jsc#SLE-14018). - dpaa2-eth: invoke dpaa2_eth_enable_tx_tstamp() once in code (jsc#SLE-14018). - dpaa2-eth: define a global ptp_qoriq structure pointer (jsc#SLE-14018). - dpaa2-eth: add APIs of 1588 single step timestamping (jsc#SLE-14018). - dpaa2-eth: Convert to DEFINE_SHOW_ATTRIBUTE (jsc#SLE-14018). - dpaa2-eth: add a dpaa2_eth_ prefix to all functions in dpaa2-eth-dcb.c (jsc#SLE-14018). - dpaa2-eth: add a dpaa2_eth_ prefix to all functions in dpaa2-eth.c (jsc#SLE-14018). - dpaa2-eth: add a dpaa2_eth_ prefix to all functions in dpaa2-ethtool.c (jsc#SLE-14018). - bus/fsl-mc: Add a new version for dprc_get_obj_region command (jsc#SLE-14018). - bus/fsl-mc: Extend ICID size from 16bit to 32bit (jsc#SLE-14018). - bus/fsl-mc: Export IRQ pool handling functions to be used by VFIO (jsc#SLE-14018). - bus/fsl-mc: Add a container setup function (jsc#SLE-14018). - bus/fsl-mc: Export a cleanup function for DPRC (jsc#SLE-14018). - bus/fsl-mc: Export dprc_scan/dprc_remove functions to be used by multiple entities (jsc#SLE-14018). - bus/fsl-mc: Add dprc-reset-container support (jsc#SLE-14018). - bus/fsl-mc: Cache the DPRC API version (jsc#SLE-14018). - bus/fsl-mc: Set the QMAN/BMAN region flags (jsc#SLE-14018). - bus/fsl-mc: add support for 'driver_override' in the mc-bus (jsc#SLE-14018). - bus/fsl-mc: Add a new parameter to dprc_scan_objects function (jsc#SLE-14018). - bus/fsl-mc: Do no longer export the total number of irqs outside dprc_scan_objects (jsc#SLE-14018). - bus: fsl-mc: MC control registers are not always available (jsc#SLE-14018). - bus: fsl-mc: don't assume an iommu is always present (jsc#SLE-14018). - gpio: mpc8xxx: simplify ls1028a/ls1088a support (jsc#SLE-14018). - ptp_qoriq: output PPS signal on FIPER2 in default (jsc#SLE-14018). - commit 30de820 - hwmon-amd_energy-09-fix-allocation-of-hwmon_channel_info.patch is now part of jsc#SLE-14262. - commit c0fcf0d - hwmon: (amd_energy) Add AMD family 19h model 01h x86 match (jsc#SLE-14262). - commit 0d38ed6 - ALSA: hda: Balance runtime/system PM if direct-complete is disabled (git-fixes). - ASoC: SOF: Intel: fix page fault at probe if i915 init fails (git-fixes). - ASoC: SOF: Intel: hda: Avoid checking jack on system suspend (git-fixes). - ASoC: SOF: Intel: hda: Modify existing helper to disable WAKEEN (git-fixes). - ASoC: SOF: Intel: hda: Resume codec to do jack detection (git-fixes). - ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid (git-fixes). - commit 4063e56 - ALSA: hda: Add Cometlake-R PCI ID (git-fixes). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes). - commit 70d9202 - Move upstreamed sound patches into sorted section - commit f5195da ++++ libapparmor: - add apache-extra-profile-include-if-exists.diff: make include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) ++++ alsa: - Yet more fixes for the crash with dmix plugin (bsc#1181194): 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch ++++ rdma-core: - Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon is loaded at boot if enabled (bsc#1180196) ++++ libmbim: - Update to version 1.24.6: * libmbim-glib,device: + Fixed a GSource use after free. + Avoid g_file_test() on NULL path. + Don't warn if descriptors file cannot be read. * Several other minor improvements and fixes. ++++ pango: - Update to version 1.48.1: + Fix itemization of multi-paragraph layouts. + Fix a few memory leaks. + Fix glyph origins in vertical layout. ++++ zstd: - Add libzstd-devel-32bit (boo#1181272) ++++ openssh: - Improve robustness of sshd init detection when upgrading from a pre-systemd distribution. - Add openssh-reenable-dh-group14-sha1-default.patch, which adds diffie-hellman-group14-sha1 key exchange back to the default list (bsc#1180958). This is needed for backwards compatibility with older platforms. - Make sure sshd is enabled correctly when upgrading from a pre-systemd distribution (bsc#1180083). ++++ python-setuptools: - We cannot remove vendored packages when generating setuptools wheel (bsc#1177127). ++++ qemu: - Fix issue of qemu crashing (abort called) when virtio-gpu device is asked for and the qemu-hw-display-virtio-gpu package isn't installed. (bsc#1181103) module-for-virtio-gpu-pre-load-module-to.patch - Add additional inter-module package dependencies, to reflect the current module dependencies (see qemu source file: util/module.c) - As of v3.1.0 virt-manager, new VM's are created by default with audio/sound enabled, so it's time to reflect the need, at least in the spice case, by having spice-audio available when spice in general is used (boo#1180210 boo#1181132) - Further refine package Recommends/Suggests based on architecture - Remove no longer needed dependency on pwdutils (boo#1181235) ++++ raspberrypi-firmware: - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ++++ raspberrypi-firmware-config: - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ++++ raspberrypi-firmware-dt: - Introduce upstream-blconfig-rmem.patch for firmware to be able to define firmware's configuration reserved memory (jsc#SLE-16616) ++++ shim: - Update the SLE signature - Exclude some patches from x86_64 to avoid breaking the signature - Add shim-correct-license-in-headers.patch back for x86_64 to match the SLE signature - Add linker-version.pl to modify the EFI/PE header to match the SLE signature ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#443 - revert plymouth branding for SLE to tribar - support both plymouth-theme-tribar and plymouth-theme-bgrt - 16.31 ------------------------------------------------------------------ ------------------ 2021-1-21 - Jan 21 2021 ------------------- ------------------------------------------------------------------ ++++ crypto-policies: - Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option - Fix the man pages generation - Add crypto-policies-asciidoc.patch - Test only supported modules - Add crypto-policies-test_supported_modules_only.patch ++++ grub2: - Fix rpmlint 2.0 error for having arch specific path in noarch package aiming for compatibility with old package (bsc#1179044) * grub2.spec - Fix non POSIX sed argument which failed in sed from busybox (bsc#1181091) * grub2-check-default.sh ++++ kernel-default: - i2c: mlxbf: Fix the return check of devm_ioremap and ioremap (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - commit ebaf1be - i2c: mlxbf: Update author and maintainer email info (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - commit 248e78f - i2c: mlxbf: Update reference clock frequency (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - commit 077bf6e - i2c: mlxbf: Remove unecessary wrapper functions (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - commit a636d51 - i2c: mlxbf: Fix resrticted cast warning of sparse (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - commit 4f74542 - i2c: mlxbf: Add CONFIG_ACPI to guard ACPI function call (jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - commit 8341791 - i2c: mlxbf: I2C SMBus driver for Mellanox BlueField SoC (bsc#1119838 jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - Update config files. - supported.conf: add i2c-mlxbf - commit 25f4cd8 - blacklist.conf: Add entries for platform/x86/intel-vbtn that are reverted - commit 5482ef1 - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes). - commit d6ac163 - power: vexpress: add suppress_bind_attrs to true (git-fixes). - commit bb22b7b - platform/mellanox: mlxbf-pmc: Add Mellanox BlueField PMC driver (bsc#1119846 jsc#SLE-15271 jsc#SLE-16108 jsc#SLE-16098 jsc#SLE-13565). - Update config files. Enabel MLXBF_PCM as module - supported.conf: add mlxbf-pmc - commit af433f3 - drm/i915/gt: Restore clear-residual mitigations for Ivybridge, Baytrail (git-fixes). - drm/i915/gt: Limit VFE threads based on GT (git-fixes). - drm/i915/icl: Fix initing the DSI DSC power refcount during HW readout (git-fixes). - drm/i915/backlight: fix CPU mode backlight takeover on LPT (git-fixes). - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes). - drm/msm: Call msm_init_vram before binding the gpu (git-fixes). - drm/amdgpu: fix potential memory leak during navi12 deinitialization (git-fixes). - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes). - drm/amd/display: fix sysfs amdgpu_current_backlight_pwm NULL pointer issue (git-fixes). - drm/i915/perf: also include Gen11 in OATAILPTR workaround (git-fixes). - drm/amdkfd: Put ACPI table after using it (git-fixes). - drm/bridge: sii902x: Enable I/O and core VCC supplies if present (git-fixes). - drm/bridge: sii902x: Refactor init code into separate function (git-fixes). - commit 1ac5cc4 - blacklist.conf: Add amdgpu patches that are reverted - commit ac3cc99 - spi: imx: Fix freeing of DMA channels if spi_bitbang_start() fails (git-fixes). - Refresh patches.suse/spi-imx-fix-runtime-pm-support-for-config_pm.patch. - commit afbdd20 - blacklist.conf: Add rtl8192e patches that are reverted later - commit 86d1c5b - r8169: fix potential skb double free in an error path (git-fixes). - spi: spi-cadence-quadspi: Fix mapping of buffers for DMA reads (git-fixes). - commit 0cf3ab4 - btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237). - commit be4e71d - tty/sysrq: constify the the sysrq_key_op(s) (git-fixes). - commit 866ce2a - media: dvb-usb: Fix use-after-free access (bsc#1181104). - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104). - commit 3a92626 - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes). - mac80211: do not drop tx nulldata packets on encrypted links (git-fixes). - commit dfeeb94 - Increase PCI_NR_FUNCTIONS to 512 on s390x (jsc#SLE-17267, bsc#1180114, LTC#190383). - Refresh config/s390x/zfcpdump. - commit 56606d8 - lib/zlib: fix inflating zlib streams on s390 (bsc#1181070 LTC#190858). - commit 5b17a7f - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219). - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218). - commit 517d1e9 - arm64: Remove arm64_dma32_phys_limit and its uses (jsc#SLE-17068). - commit 8ce9631 - bpf: Fix signed_{sub,add32}_overflows type handling (bsc#1177028). - bpf: Support PTR_TO_MEM{,_OR_NULL} register spilling (bsc#1177028). - bpftool: Fix compilation failure for net.o with older glibc (bsc#1177028). - bpf: Save correct stopping point in file seq iteration (bsc#1177028). - selftests/bpf: Clarify build error if no vmlinux (bsc#1177028). - bpf: Simplify task_file_seq_get_next() (bsc#1177028). - bpf: Avoid iterating duplicated files for task_file iterator (bsc#1177028). - commit 7d12720 - iommu/vt-d: Fix misuse of ALIGN in qi_flush_piotlb() (bsc#1181210). - iommu/amd: Stop irq_remapping_select() matching when remapping is disabled (bsc#1181206). - iommu/vt-d: include conditionally on CONFIG_INTEL_IOMMU_SVM (bsc#1181211). - iommu/vt-d: Don't read VCCAP register unless it exists (bsc#1181208). - x86/tboot: Don't disable swiotlb when iommu is forced on (bsc#1181215). - iommu: Check return of __iommu_attach_device() (bsc#1181207). - iommu/vt-d: Fix kernel NULL pointer dereference in find_domain() (bsc#1181209). - vfio/type1: fix dirty bitmap calculation in vfio_dma_rw (bsc#1181214). - vfio: fix a missed vfio group put in vfio_pin_pages (bsc#1181213). - vfio: add a singleton check for vfio_group_pin_pages (bsc#1181212). - commit 8c44ec4 - Update patches.suse/selftests-ftrace-Select-an-existing-function-in-kpro.patch (bsc#1181203 ltc#190909). - commit e5512d0 - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472) - commit d0d0905 - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472) - commit 9ad528c - drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: * context changes - commit d15d9b1 - SUNRPC: xprt_load_transport() needs to support the netid "rdma6" (git-fixes). - commit d5fbee3 ++++ alsa: - Backport upstream fixes: yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in UCM (bsc#1181194): 0004-topology-use-inclusive-language-for-bclk.patch 0005-topology-use-inclusive-language-for-fsync.patch 0006-topology-use-inclusive-language-in-documentation.patch 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch 0038-topology-parse_tuple_set-remove-dead-condition-code.patch 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch ++++ libgcrypt: - Update to 1.9.0: New stable branch of Libgcrypt with full API and ABI compatibility to the 1.8 series. Release-info: https://dev.gnupg.org/T4294 * New and extended interfaces: - New curves Ed448, X448, and SM2. - New cipher mode EAX. - New cipher algo SM4. - New hash algo SM3. - New hash algo variants SHA512/224 and SHA512/256. - New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant. - New convenience function gcry_mpi_get_ui. - gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings. - New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. - New function gcry_ecc_get_algo_keylen. - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area. * Performance optimizations and bug fixes: See Release-info. * Other features: - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. - Add mitigation against ECC timing attack CVE-2019-13627. - Internal cleanup of the ECC implementation. - Support reading EC point in compressed format for some curves. - Rebase patches: * libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch * libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff * libgcrypt-1.6.1-use-fipscheck.patch * drbg_test.patch * libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch * libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch * libgcrypt-1.8.4-fips-keygen.patch * libgcrypt-1.8.4-getrandom.patch * libgcrypt-fix-tests-fipsmode.patch * libgcrypt-global_init-constructor.patch * libgcrypt-ecc-ecdsa-no-blinding.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch - Remove patches: * libgcrypt-unresolved-dladdr.patch * libgcrypt-CVE-2019-12904-GCM-Prefetch.patch * libgcrypt-CVE-2019-12904-GCM.patch * libgcrypt-CVE-2019-12904-AES.patch * libgcrypt-CMAC-AES-TDES-selftest.patch * libgcrypt-1.6.1-fips-cfgrandom.patch * libgcrypt-fips_rsa_no_enforced_mode.patch ++++ shadow: - Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite. ++++ perl-Cairo: - updated to 1.109 see /usr/share/doc/packages/perl-Cairo/ChangeLog.pre-git ++++ permissions: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#442 - Replace tribar plymouth theme for installation with bgrt (boo#1149070) - 16.30 ------------------------------------------------------------------ ------------------ 2021-1-20 - Jan 20 2021 ------------------- ------------------------------------------------------------------ ++++ combustion: - module-setup.sh: Install grep as well ++++ elfutils: - Enable LTO (boo#1138796) for elfutils.spec. ++++ kernel-default: - ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014). - commit 58d7b94 - dmabuf: fix use-after-free of dmabuf's file->f_inode (git-fixes). - i2c: imx: Don't generate STOP condition if arbitration has been lost (git-fixes). - i2c: imx: Check for I2SR_IAL after every byte (git-fixes). - iwlwifi: pcie: set LTR to avoid completion timeout (git-fixes). - ACPI: EC: PM: Drop ec_no_wakeup check from acpi_ec_dispatch_gpe() (git-fixes). - i2c: imx: Fix reset of I2SR_IAL flag (git-fixes). - gpio: amd-fch: correct logic of GPIO_LINE_DIRECTION (git-fixes). - commit 555f1bf - blacklist.conf: Add amdgpu commits that are reverted - commit 1fba96f - ASoC: AMD Renoir - add DMI entry for Lenovo ThinkPad X395 (git-fixes). - ASoC: amd: Replacing MSI with Legacy IRQ model (git-fixes). - ASoC: AMD Renoir - add DMI entry for Lenovo ThinkPad E14 Gen 2 (git-fixes). - ASoC: meson: axg-tdmin: fix axg skew offset (git-fixes). - ASoC: max98373: don't access volatile registers in bias level off (git-fixes). - ASoC: rt711: mutex between calibration and power state changes (git-fixes). - ASoC: Intel: haswell: Add missing pm_ops (git-fixes). - ASoC: rsnd: don't call clk_disable_unprepare() if can't use (git-fixes). - ASoC: SOF: Fix spelling mistake in Kconfig "ond" -> "and" (git-fixes). - ASoC: codecs: fix spelling mistake in Kconfig "comunicate" -> "communicate" (git-fixes). - commit 13c6b71 - spi: cadence: cache reference clock rate during probe (git-fixes). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes). - hwmon: (pwm-fan) Ensure that calculation doesn't discard big period values (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - commit 01db302 - Update configs: Enable i2c_mux_pinctrl (jsc#SLE-15318) - supported.conf: Support i2c-mux-pinctrl - commit 1488fe7 - selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738). - commit 3e9ea6f - selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851). - commit 52f3d6b - Update patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0007-xen-pvcallsback-use-lateeoi-irq-binding.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch (CVE-2020-27673 XSA-332 bsc#1177411). - Update patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch (CVE-2020-27675 XSA-331 bsc#1177410). - Added CVE numbers for above patches. - commit 3b60580 - selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851). - selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851). - selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851). - Refresh patches.suse/selftests-powerpc-Add-tlbie_test-in-.gitignore.patch. - selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851). - Refresh patches.suse/selftests-powerpc-entry-flush-test.patch. - selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851). - commit f53f10b - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579). - commit 21bd682 - powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702). - commit 251d2f4 - Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ("kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.") - commit a1728f2 - powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702). - powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702). - powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702). - powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702). - commit 17fe8f8 ++++ libblockdev: - update to 2.25: * exec: Fix polling for stdout and stderr * exec: Use non-blocking read and process the buffer manually * exec: Clarify the BDUtilsProgExtract callback documentation * tests: Add bufferbloat exec tests * tests: Add null-byte exec tests * lvm: Fix bd_lvm_vdopooldata_* symbols * exec: Fix setting locale for util calls * fs: Do not report error when errors were fixed by e2fsck * README: Use CI status image for 2.x-branch on 2.x * fs: Fix compile error in ext_repair caused by cherry pick from master * Mark all GIR file constants as guint64 * lvm: Set thin metadata limits to match limits LVM uses in lvcreate * lvm: Do not use thin_metadata_size to recommend thin metadata size * lvm: Use the UNUSED macro instead of __attribute__((unused)) * Fix max size limit for LVM thinpool metadata * loop: Retry LOOP_SET_STATUS64 on EAGAIN ++++ libxkbcommon: - Fix dependency of libxkbregistry-devel: the devel package must require the library libxkbregistry0. ++++ sysuser-tools: - Ignore nscd return code ++++ toolbox: - Add a group tag for SLE Micro - Mark toolboxrc as %config and add it is Source ++++ yast2: - Fixed Resolvables class to uniqely identify the libzypp objects to avoid random failures (related to bsc#1178688) - 4.3.50 ------------------------------------------------------------------ ------------------ 2021-1-19 - Jan 19 2021 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - Update to 2.83: * bsc#1177077: Fixed DNSpooq vulnerabilities * Use the values of --min-port and --max-port in outgoing TCP connections to upstream DNS servers. * Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 CVE-2020-25687. * Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684. * Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685 * Handle multiple identical near simultaneous DNS queries better. Previously, such queries would all be forwarded independently. This is, in theory, inefficent but in practise not a problem, _except_ that is means that an answer for any of the forwarded queries will be accepted and cached. An attacker can send a query multiple times, and for each repeat, another {port, ID} becomes capable of accepting the answer he is sending in the blind, to random IDs and ports. The chance of a succesful attack is therefore multiplied by the number of repeats of the query. The new behaviour detects repeated queries and merely stores the clients sending repeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686. ++++ kernel-default: - floppy: reintroduce O_NDELAY fix (boo#1181018). - commit ab10a7d - Refresh patches.suse/scsi-qedi-correct-max-length-of-chap-secret. - commit ac83a80 - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - commit 585bbd5 - Revive usb-audio Keep Interface mixer (bsc#1181014). - commit 80020db - mtd: spi-nor: atmel: fix unlock_all() for AT25FS010/040 (git-fixes). - mtd: spi-nor: atmel: remove global protection flag (git-fixes). - commit c76850f - netfilter: ctnetlink: add a range check for l3/l4 protonum (CVE-2020-25211 bsc#1176395). - commit ebf5e43 - fix patches metadata - fix Patch-mainline: patches.suse/NFS-nfs_delegation_find_inode_server-must-first-refe.patch patches.suse/NFS-nfs_igrab_and_active-must-first-reference-the-su.patch patches.suse/NFS-pNFS-Fix-a-leak-of-the-layout-plh_outstanding-co.patch patches.suse/NFS-pNFS-Fix-a-typo-in-ff_layout_resend_pnfs_read.patch patches.suse/NFS-switch-nfsiod-to-be-an-UNBOUND-workqueue.patch patches.suse/NFS4-Fix-use-after-free-in-trace_event_raw_event_nfs.patch patches.suse/NFSv4-Fix-the-alignment-of-page-data-in-the-getdevic.patch patches.suse/NFSv4.2-condition-READDIR-s-mask-for-security-label-.patch patches.suse/Revert-nfsd4-support-change_attr_type-attribute.patch patches.suse/SUNRPC-Clean-up-the-handling-of-page-padding-in-rpc_.patch patches.suse/SUNRPC-rpc_wake_up-should-wake-up-tasks-in-the-corre.patch patches.suse/lockd-don-t-use-interval-based-rebinding-over-TCP.patch patches.suse/md-fix-a-warning-caused-by-a-race-between-concurrent.patch patches.suse/net-sunrpc-Fix-snprintf-return-value-check-in-do_xpr.patch patches.suse/net-sunrpc-interpret-the-return-value-of-kstrtou32-c.patch patches.suse/nfs_common-need-lock-during-iterate-through-the-list.patch patches.suse/nfsd-Fix-message-level-for-normal-termination.patch patches.suse/sunrpc-fix-xs_read_xdr_buf-for-partial-pages-receive.patch - commit f5dfabc - fix patches metadata - fix Patch-mainline: patches.suse/kprobes-tracing-kprobes-Fix-to-kill-kprobes-on-initmem-after-boot.patch patches.suse/mm-vmalloc-Fix-unlock-order-in-s_stop.patch - commit 8ea9f59 - tests: add close_range() tests (jsc#SLE-17337, bsc#1179090). - arch: wire-up close_range() (jsc#SLE-17337, bsc#1179090). - open: add close_range() (jsc#SLE-17337, bsc#1179090). - commit abad1c5 - Refresh patches.suse/0011-x86-hpet-Move-MSI-support-into-hpet.c.patch. - Update patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch (git-fixes bsc#1180889). Add missing hunks in the e3beca48a45b's backport. - commit 060c4e5 - Update patches.suse/tun-correct-header-offsets-in-napi-frags-mode.patch (git-fixes bsc#1180812 CVE-2021-0342). Added CVE reference - commit 0059c1d - NFS: nfs_igrab_and_active must first reference the superblock (for-next). - NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next). - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next). - net: sunrpc: interpret the return value of kstrtou32 correctly (for-next). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next). - NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next). - sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next). - NFS: switch nfsiod to be an UNBOUND workqueue (for-next). - lockd: don't use interval-based rebinding over TCP (for-next). - net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next). - SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next). - NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next). - NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next). - SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next). - md: fix a warning caused by a race between concurrent md_ioctl()s (for-next). - Revert "nfsd4: support change_attr_type attribute" (for-next). - nfs_common: need lock during iterate through the list (for-next). - nfsd: Fix message level for normal termination (for-next). - commit 685e8f2 ++++ libsolv: - repo_write: fix handling of nested flexarray - improve choicerule generation a bit more to cover more cases - harden testcase parser against repos being added too late - support python-3.10 - check %_dbpath macro in rpmdb code - handle default/visible/langonly attributes in comps parser - support multiple collections in updateinfo parser - add '-D' option in rpmdb2solv to set the dbpath - bump version to 0.7.17 ++++ libunwind: - update to 1.5.0: * dwarf: clang doesn't respect the static alias * Fixed a missing dependency in dwarf-eh.h * x86_64: Fix tdep_init_done when built with libatomic_ops * mips: make _step_n64 as a static function * Added braces to suppress empty if/else warnings * Delete hardcode of address size to support MIPS64. * Fix format specifier for int64_t:29 * Add initial support for Solaris x86-64 * x86_64: Add fixup code if previous RIP was invalid * x86-64: make `is_cached_valid_mem` functional * arm: clear ip thumb/arm mode bit before move to previous instruction * Fix compilation with -fno-common. * Fix off-by-one error in x86_64 stack frames * aarch64: Fix __sigset build issue on muslC * Make SHF_COMPRESSED use contingent on its existence - remove libunwind_U_dyn_info_list.patch (upstream) ++++ libvirt: - Update to libvirt 7.0.0 - jsc#SLE-15860 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: 0d05d51b-apparmor-lxc-fix.patch, cf4e7e62-lxc-def-secmodel.patch, 0ddebdb4-qemu-snapshot-deletion.patch ++++ python-libvirt-python: - Update to 7.0.0 - Add all new APIs and constants in libvirt 7.0.0 - jsc#SLE-15860 ++++ supportutils: - Require the awk, which and sed commands instead of packages to allow alternate implementations on embedded/Edge systems ++++ sysuser-tools: - If systemd-sysusers is used to create a new user/group, invalidate the nscd passwd and group cache to make the new user/group visible immediately as workaround [bsc#1181121]. Needs to be removed after sytemd-sysusers get's fixed, since we invalidate the cache even if the user/group file wasn't changed. ++++ toolbox: - Update to version 1.0+git20210119.b5acdcf: * Dynamically set REGISTRY and IMAGE (#11) ++++ u-boot-rpiarm64: Fix USB in RPi4 and RPi400 (jsc@OPENSUSE-13 bsc#1180336) Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2020.10 * Patches added: 0030-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0031-pci-brcmstb-Cleanup-controller-stat.patch ------------------------------------------------------------------ ------------------ 2021-1-18 - Jan 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077). - commit a71f120 - blacklist.conf: No in-tree users of the table - commit 9c6c6be - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)). - commit 47f3848 - blacklist.conf: UP not enabled in kernel config - commit c97848a - mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)). - commit 70dafb3 - blacklist.conf: nilfs2 not enabled in kernel config - commit 409ae2f - scsi: ibmvfc: Fix spelling mistake "succeded" -> "succeeded" (jsc#SLE-15442 bsc#1180814 ltc#187461). - commit a426064 - blk-mq-debugfs: Add decode for BLK_MQ_F_TAG_HCTX_SHARED (jsc#SLE-15442 bsc#1180814 ltc#187461). - blk-mq: Facilitate a shared sbitmap per tagset (jsc#SLE-15442 bsc#1180814 ltc#187461). - blk-mq: Use pointers for blk_mq_tags bitmap tags (jsc#SLE-15442 bsc#1180814 ltc#187461). - blk-mq: Pass flags for tag init/free (jsc#SLE-15442 bsc#1180814 ltc#187461). - blk-mq: Free tags in blk_mq_init_tags() upon error (jsc#SLE-15442 bsc#1180814 ltc#187461). - commit c2ebad8 - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/dasd: fix list corruption of lcu list (git-fixes). - s390/dasd: fix list corruption of pavgroup group list (git-fixes). - s390/dasd: prevent inconsistent LCU device data (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes). - s390/qeth: consolidate online/offline code (git-fixes). - s390/qeth: don't raise NETDEV_REBOOT event from L3 offline path (git-fixes). - commit 22371f9 - Update config files (jsc#SLE-17227) Enable CMA and DMA_CMA backend. Also enable SPI_BITBANG as requested. - commit ebe7020 - blacklist.conf: 78762b0e79bc x86/asm/32: Add ENDs to some functions and relabel with SYM_CODE_* - commit 2b5cd2a - ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014). - ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014). - ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014). - ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014). - commit b78b9c6 - Do not backport 30ad8db3a patch because HPE needs uv_bios_call() (bsc#1180598) Do not backport 30ad8db3a2c2e0121202342c6c2a48fc28937056 x86/platform/uv: Mark uv_bios_call() and uv_bios_call_irqsave() because HPE needs uv_bios_call() in SLE15-SP3 - blacklist.conf: - Delete patches.suse/x86-platform-uv-Mark-uv_bios_call-and-uv_bios_call_i.patch. - commit cb1e448 ++++ openssh: - sysusers-sshd.conf: use sysusers.d configuration file to create sshd user (avoid hard dependency on shadow). - update to 8.4p1: Security ======== * ssh-agent(1): restrict ssh-agent from signing web challenges for FIDO/U2F keys. * ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating a FIDO resident key. * ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for each use. These keys may be generated using ssh-keygen using a new "verify-required" option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. New Features - ----------- * sshd(8): authorized_keys now supports a new "verify-required" option to require FIDO signatures assert that the token verified that the user was present before making the signature. The FIDO protocol supports multiple methods for user-verification, but currently OpenSSH only supports PIN verification. * sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn signatures. Webauthn is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and thus require explicit support. * ssh(1): allow some keywords to expand shell-style ${ENV} environment variables. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. bz#3140 * ssh(1), ssh-agent(1): allow some additional control over the use of ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable, including forcibly enabling and disabling its use. bz#69 * ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time limit for keys in addition to its current flag options. Time- limited keys will automatically be removed from ssh-agent after their expiry time has passed. * scp(1), sftp(1): allow the -A flag to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. * ssh(1): add a '%k' TOKEN that expands to the effective HostKey of the destination. This allows, e.g., keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654 * ssh(1): add %-TOKEN, environment variable and tilde expansion to the UserKnownHostsFile directive, allowing the path to be completed by the configuration (e.g. bz#1654) * ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted from stdin. bz#3180 * sshd(8): improve logging for MaxStartups connection throttling. sshd will now log when it starts and stops throttling and periodically while in this state. bz#3055 Bugfixes - ------- * ssh(1), ssh-keygen(1): better support for multiple attached FIDO tokens. In cases where OpenSSH cannot unambiguously determine which token to direct a request to, the user is now required to select a token by touching it. In cases of operations that require a PIN to be verified, this avoids sending the wrong PIN to the wrong token and incrementing the token's PIN failure counter (tokens effectively erase their keys after too many PIN failures). * sshd(8): fix Include before Match in sshd_config; bz#3122 * ssh(1): close stdin/out/error when forking after authentication completes ("ssh -f ...") bz#3137 * ssh(1), sshd(8): limit the amount of channel input data buffered, avoiding peers that advertise large windows but are slow to read from causing high memory consumption. * ssh-agent(1): handle multiple requests sent in a single write() to the agent. * sshd(8): allow sshd_config longer than 256k * sshd(8): avoid spurious "Unable to load host key" message when sshd load a private key but no public counterpart * ssh(1): prefer the default hostkey algorithm list whenever we have a hostkey that matches its best-preference algorithm. * sshd(1): when ordering the hostkey algorithms to request from a server, prefer certificate types if the known_hosts files contain a key marked as a @cert-authority; bz#3157 * ssh(1): perform host key fingerprint comparisons for the "Are you sure you want to continue connecting (yes/no/[fingerprint])?" prompt with case sensitivity. * sshd(8): ensure that address/masklen mismatches in sshd_config yield fatal errors at daemon start time rather than later when they are evaluated. * ssh-keygen(1): ensure that certificate extensions are lexically sorted. Previously if the user specified a custom extension then the everything would be in order except the custom ones. bz#3198 * ssh(1): also compare username when checking for JumpHost loops. bz#3057 * ssh-keygen(1): preserve group/world read permission on known_hosts files across runs of "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 * ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen manual page and usage(). * sshd(8): explicitly construct path to ~/.ssh/rc rather than relying on it being relative to the current directory, so that it can still be found if the shell startup changes its directory. bz#3185 * sshd(8): when redirecting sshd's log output to a file, undo this redirection after the session child process is forked(). Fixes missing log messages when using this feature under some circumstances. * sshd(8): start ClientAliveInterval bookkeeping before first pass through select() loop; fixed theoretical case where busy sshd may ignore timeouts from client. * ssh(1): only reset the ServerAliveInterval check when we receive traffic from the server and ignore traffic from a port forwarding client, preventing a client from keeping a connection alive when it should be terminated. bz#2265 * ssh-keygen(1): avoid spurious error message when ssh-keygen creates files outside ~/.ssh * sftp-client(1): fix off-by-one error that caused sftp downloads to make one more concurrent request that desired. This prevented using sftp(1) in unpipelined request/response mode, which is useful when debugging. bz#3054 * ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect() helpers. bz#3071 * ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to write to it so we don't leave an empty .ssh directory when it's not needed. bz#3156 * ssh(1), sshd(8): fix multiplier when parsing time specifications when handling seconds after other units. bz#3171 ++++ patterns-microos: - include the cockpit package in the pattern ++++ qemu: - Fix qemu-testsuite issue where white space processing gets handled differently under bash 5.1 (boo#1181054) iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch ++++ u-boot-rpiarm64: Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2020.10 * Patches added: 0029-Revert-Fix-data-abort-caused-by-mis.patch - boo#1180728 ++++ yast2-trans: - Update to version 84.87.20210116.f5a95d2c8b: * Translated using Weblate (Dutch) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'slp'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Portuguese) * Added translation using Weblate (Czech) * New POT for text domain 'network'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) ------------------------------------------------------------------ ------------------ 2021-1-17 - Jan 17 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.39.1: + Don't use gdbus-broker if not running under systemd. + Unref bus at the end of cleanup. + Fix XML interfaces. + Use unix sockets instead of abstract sockets. + Added a device API to replace the old API for capturing key grabs. This is needed for toolkits that do not report keystrokes to atk, such as gtk 4. ++++ libusb-1_0: - Add 0001-fix-descriptor-parsing.patch to fix detection of some devices. ++++ sysuser-tools: - An "u" in a sysusers.d file will create an user and a group. Create provides for both, user and group. ------------------------------------------------------------------ ------------------ 2021-1-16 - Jan 16 2021 ------------------- ------------------------------------------------------------------ ++++ gstreamer: - Update to version 1.18.3: + Highlighted bugfixes: - Fix ogg playback regression for ogg files that also have ID3 or APE tags - compositor: fix artefacts and invalid memory access when blending subsampled formats - Exported mini object ref/unref/copy functions for use in bindings such as gstreamer-sharp - Add support for Apple silicon (M1) to cerbero package builder - Ship RIST plugin in binary packages - Various stability, performance and reliability improvements - Memory leak fixes - Build fixes + gstreamer: - gst: Add non-inline ref/unref/copy/replace methods for various mini objects (buffer, bufferlist, caps, context, event, memory, message, promise, query, sample, taglist, uri) for use in bindings such as gstreamer-sharp. - harness: don't use GST_DEBUG_OBJECT with GstHarness which is not a GObject. ++++ gstreamer-plugins-base: - Update to version 1.18.3: + audiorate: Make buffer writable before changing its metadata + compositor: fix blending of subsampled components + decodebin3: - When reconfiguring a slot make sure that the ghostpad is unlinked - Release selection lock when pushing EOS + encodebasebin: Ensure that parsers are compatible with selected encoders + tagdemux: resize and trim buffer in place to fix interaction with oggdemux + videoaggregator: Pop out old buffers on timeout + video-blend: fix blending 8-bit and 16-bit frames together + appsrc: fix signal documentation + gl: document some GL caps specifics + libvisual: workaround clang compiler warning ++++ kernel-default: - scsi: scsi_debug: Support host tagset (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: core: Show nr_hw_queues in sysfs (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: Add host and host template flag 'host_tagset' (jsc#SLE-15442 bsc#1180814 ltc#187461). Refresh patches.suse/scsi-add-disable_async_probing-module-argument.patch - scsi: scsi_debug: Support hostwide tags (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: core: Refactor scsi_mq_setup_tags function (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: scsi_debug: Re-arrange parameters alphabetically (jsc#SLE-15442 bsc#1180814 ltc#187461). - commit 0e8c445 ++++ util-linux: - Update to version 2.36.1: * chrt: use SCHED_FLAG_RESET_ON_FORK for sched_setattr() * fallocate: fix --dig-holes at end of files * fdisk: always report fdisk_create_disklabel() errors * flock: keep -E exit status more restrictive * fstrim: remove fstab condition from fstrim.timer * hexdump: automatically use -C when called as hd * hwclock: add fallback if SYS_settimeofday does not exist, fix SYS_settimeofday fallback * libblkid: allow a lot of mac partitions, fix Atari prober logic, limit amount of parsed partitions * more libfdisk improvements * losetup: avoid infinite busy loop, increase limit of setup attempts * lsblk: fix -T optional argument, fix SCSI_IDENT_SERIAL, print zero rather than empty SIZE, read ID_SCSI_IDENT_SERIAL if available * lscpu: Add FUJITSU aarch64 A64FX cpupart, Even more Arm part numbers, avoid segfault on PowerPC systems with valid hardware configurations (bsc#1175623) * mount: Add support for "nosymfollow" mount option. * pg: fix wcstombs() * sfdisk: correct --json --dump false exclusive, fix backward - -move-data * vipw: fix short write handling in copyfile * whereis: fix out of boundary read, support zst compressed man pages * minor code improvements and fixes * minor licensing changes * improve docs - Require both group(uuidd) and user(uuidd). ++++ util-linux-systemd: - Update to version 2.36.1: * chrt: use SCHED_FLAG_RESET_ON_FORK for sched_setattr() * fallocate: fix --dig-holes at end of files * fdisk: always report fdisk_create_disklabel() errors * flock: keep -E exit status more restrictive * fstrim: remove fstab condition from fstrim.timer * hexdump: automatically use -C when called as hd * hwclock: add fallback if SYS_settimeofday does not exist, fix SYS_settimeofday fallback * libblkid: allow a lot of mac partitions, fix Atari prober logic, limit amount of parsed partitions * more libfdisk improvements * losetup: avoid infinite busy loop, increase limit of setup attempts * lsblk: fix -T optional argument, fix SCSI_IDENT_SERIAL, print zero rather than empty SIZE, read ID_SCSI_IDENT_SERIAL if available * lscpu: Add FUJITSU aarch64 A64FX cpupart, Even more Arm part numbers, avoid segfault on PowerPC systems with valid hardware configurations (bsc#1175623) * mount: Add support for "nosymfollow" mount option. * pg: fix wcstombs() * sfdisk: correct --json --dump false exclusive, fix backward - -move-data * vipw: fix short write handling in copyfile * whereis: fix out of boundary read, support zst compressed man pages * minor code improvements and fixes * minor licensing changes * improve docs - Require both group(uuidd) and user(uuidd). ------------------------------------------------------------------ ------------------ 2021-1-15 - Jan 15 2021 ------------------- ------------------------------------------------------------------ ++++ iptables: - Update to release 1.8.7 * iptables-nft: * Improved performance when matching on IP/MAC address prefixes if the prefix is byte-aligned. In ideal cases, this doubles packet processing performance. * Dump user-defined chains in lexical order. This way ruleset dumps become stable and easily comparable. * Avoid pointless table/chain creation. For instance, `iptables-nft -L` no longer creates missing base-chains. ++++ kernel-default: - scsi: ibmvfc: Provide modules parameters for MQ settings (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Enable MQ and set reasonable defaults (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Purge SCSI channels after transport loss/reset (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Send Cancel MAD down each hw SCSI channel (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add cancel mad initialization helper (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Register Sub-CRQ handles with VIOS during channel setup (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Send commands down HW Sub-CRQ when channelized (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Set and track hw queue in ibmvfc_event struct (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Advertise client support for using hardware channels (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Implement channel enquiry and setup commands (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Map/request irq and register Sub-CRQ interrupt handler (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Define Sub-CRQ interrupt handler routine (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add handlers to drain and complete Sub-CRQ responses (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add Sub-CRQ IRQ enable/disable routine (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add alloc/dealloc routines for SCSI Sub-CRQ Channels (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add Subordinate CRQ definitions (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Define hcall wrapper for registering a Sub-CRQ (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add size parameter to ibmvfc_init_event_pool() (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Init/free event pool during queue allocation/free (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Move event pool init/free routines (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add vhost fields and defaults for MQ enablement (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Relax locking around ibmvfc_queuecommand() (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Complete commands outside the host/queue lock (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Define per-queue state/list locks (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Make command event pool queue specific (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Define generic queue structure for CRQs (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Advertise client support for targetWWPN using v2 commands (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add support for target_wwpn field in v2 MADs and vfcFrame (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add FC payload retrieval routines for versioned vfcFrames (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add helper for testing capability flags (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Add new fields for version 2 of several MADs (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Deduplicate common ibmvfc_cmd init code (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Use correlation token to tag commands (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Remove trailing semicolon (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Byte swap login_buf.resp values in attribute show functions (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Protect vhost->task_set increment by the host lock (jsc#SLE-15442 bsc#1180814 ltc#187461). - scsi: ibmvfc: Interface updates for future FPIN and MQ support (jsc#SLE-15442 bsc#1180814 ltc#187461). - commit fe5294b - Revert dwc3 series. As of now, this recently merged series fails to build without the kabi workaround which would break SLE15-SP3 merge. Drop the patches until the build failure is fixed. - commit a8aaab2 - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848). - commit 8584e95 - Drop incorrectly re-backported radeon patch again (bsc#1180971) Also add cherry-picked commit ids in the two relevant patches - commit bb3221b - blacklist.conf: 66ab33bf6d43 ("virtiofs fix leak in setup") Requires a massive commit, which is quite intrusive in fuse and not worth it. - commit 2076b1f - fuse: fix page dereference after free (jsc#SLE-13782). - virtio_fs: convert to LE accessors (jsc#SLE-13782). - commit 5376406 - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809). - commit 953316b - blacklist.conf: 0e9fb6f17ad5 ("fuse: BUG_ON correction in fuse_dev_splice_write()") Requires intrusive changes in pipe, splice, etc. - commit eac6f26 - fuse: reject options on reconfigure via fsconfig(2) (jsc#SLE-13782). - fuse: ignore 'data' argument of mount(..., MS_REMOUNT) (jsc#SLE-13782). - fuse: use ->reconfigure() instead of ->remount_fs() (jsc#SLE-13782). - virtiofs: do not use fuse_fill_super_common() for device installation (jsc#SLE-13782). - fuse: invalidate inode attr in writeback cache mode (jsc#SLE-13782). - fuse: Update stale comment in queue_interrupt() (jsc#SLE-13782). - virtiofs: Add mount option and atime behavior to the doc (jsc#SLE-13782). - virtiofs: schedule blocking async replies in separate worker (jsc#SLE-13782). - commit ac0b54e - fuse: fix stack use after return (jsc#SLE-13782). - fuse: Support RENAME_WHITEOUT flag (jsc#SLE-13782). - fuse: don't overflow LLONG_MAX with end offset (jsc#SLE-13782). - commit 3a3db69 - fuse: fix fuse_send_readpages() in the syncronous read case (jsc#SLE-13782). - fuse: fix leak of fuse_io_priv (jsc#SLE-13782). - virtiofs: Use completions while waiting for queue to be drained (jsc#SLE-13782). - virtiofs: Do not send forget request "struct list_head" element (jsc#SLE-13782). - virtiofs: Use a common function to send forget (jsc#SLE-13782). - fuse: verify write return (jsc#SLE-13782). - commit a5ee2f4 ++++ fuse3: - prepare usrmerge (boo#1029961) ++++ nftables: - Update to release 0.9.8 * Complete support for matching ICMP header content fields. * Added raw tcp option match support. * Added ability to check for the presence of any tcp option. * Support for rejecting traffic from the ingress chain. ++++ libnftnl: - Update to release 1.1.9 * Improve formatting of registers in bitwise dumps. ++++ pam: - Create macros.pam with definition of %_pamdir so packages which are commonly shared between Factory and SLE can use this macro [pam.spec] ++++ raspberrypi-firmware: - Update to c78f3ef4 (2021-01-15): * firmware: isp: Fix handling of different YUV colour spaces * firmware: poe_hat: Actually close the I2C handle * Firmware: undo previous reverts * firmware: Revert firmware: HAT/I2C updates * firmware: firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 formats * firmware: audioplus: Fix hang when switching destination See: #1516 * firmware: HAT/I2C updates * firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 format * firmware: dmalib: Keep 40-bit DMA clear of L2 alias * firmware: DSI interrupt fixes, and HDMI SM clock for deep colour ++++ raspberrypi-firmware-config: - Update to c78f3ef4 (2021-01-15): * firmware: isp: Fix handling of different YUV colour spaces * firmware: poe_hat: Actually close the I2C handle * Firmware: undo previous reverts * firmware: Revert firmware: HAT/I2C updates * firmware: firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 formats * firmware: audioplus: Fix hang when switching destination See: #1516 * firmware: HAT/I2C updates * firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 format * firmware: dmalib: Keep 40-bit DMA clear of L2 alias * firmware: DSI interrupt fixes, and HDMI SM clock for deep colour ------------------------------------------------------------------ ------------------ 2021-1-14 - Jan 14 2021 ------------------- ------------------------------------------------------------------ ++++ cifs-utils: - use new %_pamdir macro to avoid hardcoding pam module path ++++ firewalld: - Add dependency for firewall-offline-cmd (bsc#1180883) ++++ glib-networking: - Update to version 2.68.alpha: + Download and validate missing intermediate certificates (requires GnuTLS 3.7). + OpenSSL backend now uses system crypto policy. + Remove use of g_assert in testsuite. + Restore support for old versions of OpenSSL. + Implement TLS channel bindings API. + Implement PKCS#11 API. + Update testsuite for Fedora 33 crypto policy. + Fix NULL dereference in g_tls_connection_base_read_message. + Fix a couple code issues found by Coverity. ++++ kernel-default: - blacklist.conf: 035fff1f7aab x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled - commit e52f15d - x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489). - commit f89b6b0 - hwmon: (amd_energy) fix allocation of hwmon_channel_info config (git-fixes). - dmaengine: idxd: off by one in cleanup code (git-fixes). - commit 22fcbaa - fuse: redundant get_fuse_inode() calls in fuse_writepages_fill() (jsc#SLE-13782). - fuse: Add changelog entries for protocols 7.1 - 7.8 (jsc#SLE-13782). - virtiofs: Remove set but not used variable 'fc' (jsc#SLE-13782). - virtiofs: Retry request submission from worker context (jsc#SLE-13782). - virtiofs: Count pending forgets as in_flight forgets (jsc#SLE-13782). - virtiofs: Set FR_SENT flag only after request has been sent (jsc#SLE-13782). - virtiofs: No need to check fpq->connected state (jsc#SLE-13782). - virtiofs: Do not end request in submission context (jsc#SLE-13782). - fuse: don't advise readdirplus for negative lookup (jsc#SLE-13782). - fuse: don't dereference req->args on finished request (jsc#SLE-13782). - virtio-fs: don't show mount options (jsc#SLE-13782). - commit ce0c590 - virtio-fs: Change module name to virtiofs.ko (jsc#SLE-13782). - fuse: Make fuse_args_to_req static (jsc#SLE-13782). - fuse: unexport fuse_put_request (jsc#SLE-13782). - fuse: kmemcg account fs data (jsc#SLE-13782). - fuse: on 64-bit store time in d_fsdata directly (jsc#SLE-13782). - commit 5c78fc0 - virtio-fs: add virtiofs filesystem (jsc#SLE-13782). - Refresh patches.suse/mac80211_hwsim-add-frame-transmission-support-over-v.patch. - Update config files: CONFIG_VIRTIO_FS=m - supported.conf: add virtiofs - commit f56518a - virtio-fs: add Documentation/filesystems/virtiofs.rst (jsc#SLE-13782). - fuse: reserve values for mapping protocol (jsc#SLE-13782). - fuse: reserve byteswapped init opcodes (jsc#SLE-13782). - fuse: allow skipping control interface and forced unmount (jsc#SLE-13782). - fuse: dissociate DESTROY from fuseblk (jsc#SLE-13782). - fuse: delete dentry if timeout is zero (jsc#SLE-13782). - fuse: separate fuse device allocation and installation in fuse_conn (jsc#SLE-13782). - fuse: add fuse_iqueue_ops callbacks (jsc#SLE-13782). - fuse: extract fuse_fill_super_common() (jsc#SLE-13782). - fuse: export fuse_dequeue_forget() function (jsc#SLE-13782). - commit ca085b1 - fuse: export fuse_get_unique() (jsc#SLE-13782). - fuse: export fuse_send_init_request() (jsc#SLE-13782). - fuse: export fuse_len_args() (jsc#SLE-13782). - fuse: export fuse_end_request() (jsc#SLE-13782). - fuse: stop copying pages to fuse_req (jsc#SLE-13782). - fuse: stop copying args to fuse_req (jsc#SLE-13782). - fuse: clean up fuse_req (jsc#SLE-13782). - commit 0d1d5ea - fuse: simplify request allocation (jsc#SLE-13782). - Refresh patches.suse/fuse-fix-parameter-for-fs_ioc_-get-set-flags.patch. - commit 7f8dfa3 - fuse: unexport request ops (jsc#SLE-13782). - fuse: convert retrieve to simple api (jsc#SLE-13782). - fuse: convert release to simple api (jsc#SLE-13782). - cuse: convert init to simple api (jsc#SLE-13782). - fuse: convert init to simple api (jsc#SLE-13782). - commit 652a991 - fuse: convert writepages to simple api (jsc#SLE-13782). - Refresh patches.suse/fuse-don-t-ignore-errors-from-fuse_writepages_fill.patch. - commit d1549f6 - fuse: convert readdir to simple api (jsc#SLE-13782). - fuse: convert readpages to simple api (jsc#SLE-13782). - commit f65ef7d - fuse: convert direct_io to simple api (jsc#SLE-13782). - Refresh patches.suse/fix-up-iter-on-short-count-in-fuse_direct_io.patch. - commit bfbe398 - Update patches.suse/netfilter-add-and-use-nf_hook_slow_list.patch (bsc#1176447 bsc#1180765 CVE-2021-20177). Added CVE number. - commit 8e9abe5 - fuse: add simple background helper (jsc#SLE-13782). - fuse: convert sync write to simple api (jsc#SLE-13782). - fuse: covert readpage to simple api (jsc#SLE-13782). - fuse: fuse_short_read(): don't take fuse_req as argument (jsc#SLE-13782). - fuse: convert ioctl to simple api (jsc#SLE-13782). - commit 960efa9 - fuse: move page alloc (jsc#SLE-13782). - Refresh patches.suse/fuse-fix-parameter-for-fs_ioc_-get-set-flags.patch. - commit ae6a2de - fuse: convert readlink to simple api (jsc#SLE-13782). - fuse: add pages to fuse_args (jsc#SLE-13782). - fuse: convert destroy to simple api (jsc#SLE-13782). - fuse: add nocreds to fuse_args (jsc#SLE-13782). - fuse: convert fuse_force_forget() to simple api (jsc#SLE-13782). - fuse: add noreply to fuse_args (jsc#SLE-13782). - fuse: convert flush to simple api (jsc#SLE-13782). - fuse: simplify 'nofail' request (jsc#SLE-13782). - fuse: rearrange and resize fuse_args fields (jsc#SLE-13782). - commit 99f9f98 - fuse: flatten 'struct fuse_args' (jsc#SLE-13782). - Refresh patches.suse/fuse-verify-attributes.patch. - commit ace7210 - vfs: subtype handling moved to fuse (jsc#SLE-13782). - fuse: convert to use the new mount API (jsc#SLE-13782). - cuse: fix broken release (jsc#SLE-13782). - commit b7625ea - fuse: cleanup fuse_wait_on_page_writeback (jsc#SLE-13782). - commit 6d24ff2 - fuse: require /dev/fuse reads to have enough buffer capacity (take 2) (jsc#SLE-13782). - Refresh patches.suse/fuse-fix-deadlock-with-aio-poll-and-fuse_iqueue-wait.patch. - commit acb8ea8 - kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes). - commit 03d1108 - ALSA: doc: Fix reference to mixart.rst (git-fixes). - commit b4c3583 - ASoC: meson: axg-tdm-interface: fix loopback (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes). - commit 04a1c91 - ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes). - clk: tegra30: Add hda clock default rates to clock driver (git-fixes). - ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes). - ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes). - ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes). - ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes). - ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - commit db30ae4 - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489). - commit a8a5227 ++++ colord: - allow access to /usr/local/share/color in AppArmor profile (boo#1180898) ++++ Mesa: - update to 20.3.3 * third bugfix release for the 20.3 branch ++++ patterns-microos: - added system-group-kvm ++++ sudo: - Update to 1.9.5.p1 * Fixed a regression introduced in sudo 1.9.5 where the editor run by sudoedit was set-user-ID root unless SELinux RBAC was in use. The editor is now run with the user's real and effective user-IDs. - News in 1.9.5 * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an unknown user. This is related to but distinct from Bug #948. * If the "lecture_file" setting is enabled in sudoers, it must now refer to a regular file or a symbolic link to a regular file. * Fixed a potential use-after-free bug in sudo_logsrvd when the server shuts down if there are existing connections from clients that are only logging events and not session I/O data. * Fixed a buffer size mismatch when serializing the list of IP addresses for configured network interfaces. This bug is not actually exploitable since the allocated buffer is large enough to hold the list of addresses. * If sudo is executed with a name other than "sudo" or "sudoedit", it will now fall back to "sudo" as the program name. This affects warning, help and usage messages as well as the matching of Debug lines in the /etc/sudo.conf file. Previously, it was possible for the invoking user to manipulate the program name by setting argv[0] to an arbitrary value when executing sudo. (bsc#1180687) * Sudo now checks for failure when setting the close-on-exec flag on open file descriptors. This should never fail but, if it were to, there is the possibility of a file descriptor leak to a child process (such as the command sudo runs). * Fixed CVE-2021-23239, a potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists. If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location. (bsc#1180684) * Fixed CVE-2021-23240, a flaw in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a user with sudoedit permissions may be able to set the owner of an arbitrary file to the user-ID of the target user. On Linux kernels that support "protected symlinks", setting /proc/sys/fs/protected_symlinks to 1 will prevent the bug from being exploited. For more information see https://www.sudo.ws/alerts/sudoedit_selinux.html. (bsc#1180685) * Added writability checks for sudoedit when SELinux RBAC is in use. This makes sudoedit behavior consistent regardless of whether or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" setting had no effect for RBAC entries. * A new sudoers option "selinux" can be used to disable sudo's SELinux RBAC support. * Quieted warnings from PVS Studio, clang analyzer, and cppcheck. Added suppression annotations for PVS Studio false positives. ++++ sysuser-tools: - Use systemd-sysusers as default to create and update the user account. Fixes the problem that a modified sysusers config file get's ignored by useradd and adduser [bsc#1180549]. ++++ tcl: - tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH - Set TCL_LIBRARY at configure time for better consistency. ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#441 - Handle the rename of MicroOS to SLE Micro (bsc#1180918) - handle the change of the user-visible name of SUSE MicroOS to SLE Micro - 16.29 ------------------------------------------------------------------ ------------------ 2021-1-13 - Jan 13 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - prepare usrmerge (boo#1029961) * use %_pamdir ++++ haproxy: - Update to version 2.3.4+git0.10189c965: * [RELEASE] Released version 2.3.4 * MINOR: contrib/prometheus-exporter: use fill_info for process dump * MINOR: contrib/prometheus-exporter: avoid connection close header * BUG/MINOR: init: enforce strict-limits when using master-worker * BUG/MINOR: check: Don't perform any check on servers defined in a frontend * BUG/MINOR: sample: Memory leak of sample_expr structure in case of error * Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records" * MINOR: reg-tests: add base prometheus test * BUG/MINOR: reg-tests: fix service dependency script * BUG/MINOR: sample: check alloc_trash_chunk return value in concat() * MINOR: reg-tests: add a way to add service dependency ++++ kernel-default: - netfilter: add and use nf_hook_slow_list() (bsc#1180765 CVE-2021-20177). - commit 465dae1 - Refresh patches.suse/edac-amd64-add-amd-family-17h-model-60h-pci-ids.patch. Complete the backport now that 5e4c55276ae8 ("EDAC/amd64: Save max number of controllers to family type") has been backported too. - commit f6cb75f - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - commit f699093 - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (bsc#1180870). - Input: elan_i2c - add new trackpoint report type 0x5F (bsc#1180870). - Input: synaptics - demote non-conformant kernel-doc header (bsc#1180870). - Input: elan_i2c_core - move header inclusion inside (bsc#1180870). - Input: elantech - demote obvious abuse of kernel-doc header (bsc#1180870). - Input: elan_i2c - fix firmware update on newer ICs (bsc#1180870). - Input: synaptics - enable InterTouch for ThinkPad T14 Gen 1 (bsc#1180870). - commit d5ab100 - Input: synaptics - enable InterTouch for ThinkPad P1/X1E gen 2 (bsc#1180870). - Input: synaptics-rmi4 - rename f30_data to gpio_data (bsc#1180870). - Input: elan_i2c - add ic type 0x15 (bsc#1180870). - Input: elan_i2c - add support for high resolution reports (bsc#1180870). - Input: elan_i2c - do not constantly re-query pattern ID (bsc#1180870). - Input: elan_i2c - add firmware update info for ICs 0x11, 0x13, 0x14 (bsc#1180870). - Input: elan_i2c - handle firmware updated on newer ICs (bsc#1180870). - Input: elan_i2c - add support for different firmware page sizes (bsc#1180870). - Input: elan_i2c - fix detecting IAP version on older controllers (bsc#1180870). - Input: elan_i2c - handle devices with patterns above 1 (bsc#1180870). - commit 8cfe63d - Input: elan_i2c - make fetching IC type of older controllers more robust (bsc#1180870). - Input: elan_i2c - handle firmware not implementing "get pattern" command (bsc#1180870). - Input: elantech - remove redundant assignments to variable error (bsc#1180870). - Input: introduce input_mt_report_slot_inactive() (bsc#1180870). - Input: psmouse - drop all unneeded functions from mouse headers (bsc#1180870). - Input: synaptics - fix a typo (bsc#1180870). - Input: elan_i2c - switch to using devm_add_action_or_reset() (bsc#1180870). - Input: elan_i2c - switch to using devm_device_add_groups() (bsc#1180870). - commit 6509eab - nvmem: Add driver to expose reserved memory as nvmem (jsc#SLE-SLE-16616). - Update config files: Enable nvmem-rmem as module on arm64 & armv7+lpae, disable it otherwise - supported.conf: Add nvmem-rmem This is needed early to get boot-loader configuration working on RPi4; an essential feature. - commit 212522b - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - commit 227b9e8 - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf: - commit 3ceea3c - scsi: scsi_transport_srp: Don't block target in failfast state (bsc#1172355). - commit 4d51a17 - xen: support having only one event pending per watch (bsc#1179508 XSA-349 CVE-2020-29568). - commit b454020 - xen: revert Allow watches discard events before queueing (bsc#1179508 XSA-349 CVE-2020-29568). - commit 7a45cd4 - xen: revert Add 'will_handle' callback support in xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568). - commit b9e03df - xen: revert Support will_handle watch callback (bsc#1179508 XSA-349 CVE-2020-29568). - commit 3082598 - xen: revert Count pending messages for each watch (bsc#1179508 XSA-349 CVE-2020-29568). - commit 9d4ca48 - video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - commit 7cdcf45 - xen: revert Disallow pending watch messages (bsc#1179508 XSA-349 CVE-2020-29568). - commit a948c9f - ntb: idt: fix error check in ntb_hw_idt.c (jsc#SLE-13360). - commit 93a77b3 - usb: gadget: enable super speed plus (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes). - usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes). - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - crypto: asym_tpm: correct zero out potential secrets (git-fixes). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - CDC-NCM: remove "connected" log message (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - lib/genalloc: fix the overflow when size is too big (git-fixes). - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes). - commit 052b915 - drm/panfrost: Move the GPU reset bits outside the timeout handler (git-fixes). - drm/panfrost: don't use pfdevfreq.busy_count to know if hw is idle (git-fixes). - commit 173f5a4 - drm/panfrost: Remove unused variables in panfrost_job_close() (git-fixes). - commit 11a7e60 - drm/panfrost: Don't corrupt the queue mutex on open/close (git-fixes). - commit a5f75e8 - drm/i915/dp: Track pm_qos per connector (git-fixes). - drm/i915: clear the shadow batch (git-fixes). - drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes). - drm/amd/display: updated wm table for Renoir (git-fixes). - drm/meson: dw-hdmi: Enable the iahb clock early enough (git-fixes). - commit 11d51e1 - drm/meson: dw-hdmi: Disable clocks on driver teardown (git-fixes). - drm/edid: fix objtool warning in drm_cvt_modes() (git-fixes). - drm/amdkfd: Fix leak in dmabuf import (git-fixes). - drm/amd/display: Prevent bandwidth overflow (git-fixes). - drm/amdgpu: fix compute queue priority if num_kcq is less than 4 (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/mediatek: Use correct aliases name for ovl (git-fixes). - drm/meson: dw-hdmi: Ensure that clocks are enabled before touching the TOP registers (git-fixes). - commit d189b05 - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/meson: Unbind all connectors on module removal (git-fixes). - drm/meson: Free RDMA resources after tearing down DRM (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/udl: Fix missing error code in udl_handle_damage() (git-fixes). - drm/i915: Avoid mixing integer types during batch copies (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/amdgpu: fix incorrect enum type (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - commit 714ea88 - drm/i915/tgl: Fix Combo PHY DPLL fractional divider for 38.4MHz ref clock (git-fixes). - drm/panel: simple: Add flags to boe_nv133fhm_n61 (git-fixes). - drm/edid: Fix uninitialized variable in drm_cvt_modes() (git-fixes). - drm/bridge: tpd12s015: Fix irq registering in tpd12s015_probe (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (git-fixes). - drm/mcde: Fix handling of platform_get_irq() error (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes). - drm/panfrost: Fix job timeout handling (git-fixes). - commit 2743044 ++++ libapparmor: - prepare usrmerge (boo#1029961) * use %_pamdir ++++ harfbuzz: - Re-enable graphite2 support: TexLive relies on this to be present: + Pass -Dgraphite=enabled to meson. + Add pkgconfig(graphite2) BuildRequires. ++++ protobuf: - Add missing dependency of python subpackages on python-six (bsc#1177127). ++++ systemd: - prepare usrmerge (boo#1029961) * don't install legacy symlinks to / * use %_pamdir to install pam modules * leave nss files in /usr/lib*, glibc loads them from there just fine independent of usrmerge ++++ patterns-microos: - adjust pattern descriptions to product rename ++++ python-M2Crypto: - Dr. Strangelove or: How I Learned to Stop Worrying and Love pytest ++++ python-gobject: - Recompile python cache files after removal of components, include cache files in correct subpackage - Fix supplements declarations, where possible. Disable for -gdk. - Simplify the dependency exclusion from __init__.py to also match with multiple python3-flavors. - Remove exec bit from all *.py files in examples, also subdirectories. ++++ salt: - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Added: * remove-deprecated-warning-that-breaks-miniion-execut.patch - Revert wrong zypper patch to support vendorchanges flags on pkg.install - Added: * revert-add-patch-support-for-allow-vendor-change-opt.patch ++++ qemu: - Convert qemu-kvm from a script to a symlink. Using qemu-kvm to invoke the QEMU emulator has been deprecated for some time, but is still provided. It has as it's ancient origins a version of QEMU which had KVM acceleration enabled by default, and then recently, until now, it is a shell script which execs the QEMU emulator, adding '-machine accel=kvm' to the beginning of the list of command line options passed to the emulator. This method collides with the now preferred method of specifying acceleration options by using -accel. qemu-kvm is now changed to simply be a symlink to the same QEMU binary which the prior script exec'd. This new approach takes advantage of a built-in QEMU feature where if QEMU is invoked using a program name ending in 'kvm', KVM emulation is enabled. This approach is better in that it is more compatible with any other command line option that may be added for describing acceleration. For those who have modified qemu-kvm to add additional command line options, or take other actions in the context of the script you will now need to create an alternate script "emulator" to achieve the same result. Note that it's possible there may be some very subtle behavioral difference in the switch from a script to a symlink, but given that qemu-kvm is a deprecated package, we're not going to worry about that. ++++ yast2: - Keep the libzypp target open to verify other packages (bsc#1180858, related to the previous fix bsc#1179773) - 4.3.49 ------------------------------------------------------------------ ------------------ 2021-1-12 - Jan 12 2021 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support ++++ python-kiwi: - Reference commit for SUSE maintenance This commit adds a reference to bsc#1180781 ++++ gpg2: - GnuPG 2.2.27: * gpgconf: Fix case with neither local nor global gpg.conf * gpgconf: Fix description of two new options - includes changes from 2.2.26: * gpg: New AKL method "ntds" * gpg: Fix --trusted-key with fingerprint arg * scd: Fix writing of ECC keys to an OpenPGP card * scd: Make an USB error fix specific to SPR532 readers * dirmngr: With new LDAP keyservers store the new attributes. Never store the useless pgpSignerID. Fix a long standing bug storing some keys on an ldap server. * dirmngr: Support the new Active Direcory LDAP schema for keyservers * dirmngr: Allow LDAP OpenPGP searches via fingerprint * dirmngr: Do not block other threads during keyserver LDAP calls * Support global configuration files * Fix the iconv fallback handling to UTF-8 ++++ branding-openSUSE: - Sync with Tumbleweed - Bump to 15.3 ++++ libguestfs: - Modify Source0 to point at the correct url for the source. libguestfs.spec ++++ kernel-default: - scsi: qedi: Correct max length of CHAP secret (bsc#1180221). - commit 5b6934e - fix patch metadata - fix Patch-mainline: patches.suse/sched-fair-Check-for-idle-core-in-wake_affine.patch - commit b5830a4 - drm/gma500: fix double free of gma_connector (git-fixes). - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes). - drm/i915/gt: Cancel the preemption timeout on responding to it (git-fixes). - drm/i915/gt: Ignore repeated attempts to suspend request flow across reset (git-fixes). - drm/i915/gem: Propagate error from cancelled submit due to context closure (git-fixes). - drm/amdgpu: fix sdma instance fw version and feature version init (git-fixes). - drm/amdgpu/disply: set num_crtc earlier (git-fixes). - drm/omap: sdi: fix bridge enable/disable (git-fixes). - drm/panel: sony-acx565akm: Fix race condition in probe (git-fixes). - commit cdc5bb1 - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - drm/amdgpu/vcn3.0: remove old DPG workaround (git-fixes). - drm/amdgpu/vcn3.0: stall DPG when WPTR/RPTR reset (git-fixes). - drm/amd/display: Init clock value by current vbios CLKs (git-fixes). - drm/i915/gt: Limit frequency drop to RPe on parking (git-fixes). - drm/i915/gt: Retain default context state across shrinking (git-fixes). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes). - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes). - drm/tegra: replace idr_init() by idr_init_base() (git-fixes). - drm/nouveau: fix relocations applying logic and a double-free (git-fixes). - commit 83684ef - drm/mediatek: dsi: Modify horizontal front/back porch byte formula (git-fixes). - drm/exynos: depend on COMMON_CLK to fix compile tests (git-fixes). - drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes). - drm/i915/perf: workaround register corruption in OATAILPTR (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amd/display: Avoid HDCP initialization in devices without output (git-fixes). - drm/amdgpu: fix a page fault (git-fixes). - drm/amdgpu: fix SI UVD firmware validate resume fail (git-fixes). - drm/amd/amdgpu: fix null pointer in runtime pm (git-fixes). - drm/i915/gt: Fixup tgl mocs for PTE tracking (git-fixes). - commit 4d0b8ee - blacklist.conf: 4f8af077a02e docs: Fix reST markup when linking to sections - commit 28e1ebf - drm/i915/gvt: return error when failing to take the module reference (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/i915: Handle max_bpc==16 (git-fixes). - drm/i915/selftests: Fix wrong return value of perf_request_latency() (git-fixes). - drm/i915/selftests: Fix wrong return value of perf_series_engines() (git-fixes). - drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes). - drm/i915/tgl: Fix Media power gate sequence (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (git-fixes). - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes). - commit c514745 - drm/amd/display: Add missing pflip irq (git-fixes). - drm/i915: Correctly set SFC capability for video engines (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes). - drm/panfrost: Fix module unload (git-fixes). - drm/panfrost: Fix a deadlock between the shrinker and madvise path (git-fixes). - drm/amdgpu: resolved ASD loading issue on sienna (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes). - drm/i915: Fix encoder lookup during PSR atomic check (git-fixes). - drm/i915/gt: Use the local HWSP offset during submission (git-fixes). - commit f811a3d - drm/i915/gvt: Only pin/unpin intel_context along with workload (git-fixes). - drm/imx: parallel-display: remove unused function enc_to_imxpd() (git-fixes). - drm/i915: Reject 90/270 degree rotated initial fbs (git-fixes). - drm/i915: Restore ILK-M RPS support (git-fixes). - drm/i915/region: fix max size calculation (git-fixes). - drm/nouveau/device: fix changing endianess code to work on older GPUs (git-fixes). - drm/nouveau/gem: fix "refcount_t: underflow; use-after-free" (git-fixes). - drm/nouveau/kms/nv50-: Program notifier offset before requesting disp caps (git-fixes). - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes). - drm/shme-helpers: Fix dma_buf_mmap forwarding bug (git-fixes). - commit f9a03a3 - drm/v3d: Fix double free in v3d_submit_cl_ioctl() (git-fixes). - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes). - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes). - drm/sun4i: frontend: Rework a bit the phase data (git-fixes). - drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: Fix kernel panic by dal_gpio_open() error (git-fixes). - drm/amd/display: adding ddc_gpio_vga_reg_list to ddc reg def'ns (git-fixes). - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes). - drm/amd/display: Fixed panic during seamless boot (git-fixes). - drm/amdgpu: don't map BO in reserved region (git-fixes). - commit adc6b7e - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes). - drm/amdgpu: disable DCN and VCN for navi10 blockchain SKU(v3) (git-fixes). - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915: Exclude low pages (128KiB) of stolen from use (git-fixes). - drm/i915: Use the active reference on the vma while capturing (git-fixes). - drm/i915/gt: Undo forced context restores after trivial preemptions (git-fixes). - drm/i915/gt: Delay execlist processing for tgl (git-fixes). - drm/i915: Mark ininitial fb obj as WT on eLLC machines to avoid rcu lockup during fbdev init (git-fixes). - drm/i915/gt: Initialize reserved and unspecified MOCS indices (git-fixes). - commit fdd5a7c - drm/i915/dp: Tweak initial dpcd backlight.enabled value (git-fixes). - drm/amdgpu: correct the cu and rb info for sienna cichlid (git-fixes). - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes). - drm/amd/psp: Fix sysfs: cannot create duplicate filename (git-fixes). - drm/amd/display: Avoid MST manager resource leak (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes). - drm/amdgpu: add rlc iram and dram firmware support (git-fixes). - drm/amdgpu: add function to program pbb mode for sienna cichlid (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - commit 6b6cb10 - drm/i915: Set all unused color plane offsets to ~0xfff again (git-fixes). - drm/i915: Fix TGL DKL PHY DP vswing handling (git-fixes). - drm/amdgpu: vcn and jpeg ring synchronization (git-fixes). - drm/amdgpu: Fix invalid number of character '{' in amdgpu_acpi_init (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amd/display: Avoid set zero in the requested clk (git-fixes). - drm/amd/display: Increase timeout for DP Disable (git-fixes). - drm/amd/display: Fix incorrect backlight register offset for DCN (git-fixes). - drm/i915/gem: Always test execution status on closing the context (git-fixes). - drm/i915/gt: Always send a pulse down the engine after disabling heartbeat (git-fixes). - commit 6c3296a - drm/i915: Cancel outstanding work after disabling heartbeats on an engine (git-fixes). - drm/i915/gem: Serialise debugfs i915_gem_objects with ctx->mutex (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915/gem: Prevent using pgprot_writecombine() if PAT is not supported (git-fixes). - drm/i915: Fix state checker hw.active/hw.enable readout (git-fixes). - drm/msm: Fix the a650 hw_apriv check (git-fixes). - drm/msm/a6xx: fix a potential overflow issue (git-fixes). - drm/msm/adreno: fix probe without iommu (git-fixes). - drm/panfrost: add Amlogic GPU integration quirks (git-fixes). - drm/panfrost: add amlogic reset quirk callback (git-fixes). - commit dde6379 - drm/panfrost: add support for vendor quirk (git-fixes). - drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create (git-fixes). - drm/xlnx: Use devm_drm_dev_alloc (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/amd/display: Delete duplicated argument to '&&' or '||' (git-fixes). - drm/amdgpu: No sysfs, not an error condition (git-fixes). - drm/amd/display: Check clock table return (git-fixes). - drm: panfrost: fix common struct sg_table related issues (git-fixes). - drm: lima: fix common struct sg_table related issues (git-fixes). - commit 0a6baa2 - drm: exynos: fix common struct sg_table related issues (git-fixes). - drm/vkms: avoid warning in vkms_get_vblank_timestamp (git-fixes). - drm/amdgpu: fix max_entries calculation v4 (git-fixes). - drm/amd/display: fix potential integer overflow when shifting 32 bit variable bl_pwm (git-fixes). - drm/scheduler: Scheduler priority fixes (v2) (git-fixes). - drm/amd/display: Screen corruption on dual displays (DP+USB-C) (git-fixes). - drm/amd/display: Disconnect pipe separetely when disable pipe split (git-fixes). - drm/amdgpu: restore ras flags when user resets eeprom(v2) (git-fixes). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (git-fixes). - drm/amdgpu: Remove redundant NULL check (git-fixes). - commit cf5d051 - drm/bridge_connector: Set default status connected for eDP connectors (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/malidp: Use struct drm_gem_object_funcs.get_sg_table internally (git-fixes). - drm/hisilicon: Code refactoring for hibmc_drv_de (git-fixes). - drm/vkms: add missing platform_device_unregister() in vkms_init() (git-fixes). - drm/vgem: add missing platform_device_unregister() in vgem_init() (git-fixes). - drm/panfrost: perfcnt: fix ref count leak in panfrost_perfcnt_enable_locked (git-fixes). - drm/panfrost: move devfreq_init()/fini() in device (git-fixes). - drm/panfrost: rename error labels in device_init (git-fixes). - commit 86204b1 - dma-buf/dma-resv: Respect num_fences when initializing the shared fence list (git-fixes). - drm/mediatek: set dpi pin mode to gpio low to avoid leakage current (git-fixes). - drm/i915: Stub out i915_gpu_coredump_put (git-fixes). - commit 145aef1 - Bluetooth: Fix attempting to set RPA timeout when unsupported (git-fixes). - commit d1047e2 - usb: dwc3: core: Properly default unspecified speed (git-fixes). - commit 777b42e ++++ kmod: - Update usr-lib-modprobe.patch to upstream submission (boo#1180821). - Require libxslt-tools for xsltproc and use local stylesheet. * no-stylesheet-download.patch ++++ libcontainers-common: - Update common to 0.33.0: v0.33: seccomp: drop 'vmsplice' from the allowed list Add new function to setup default environment Implement secrets pkg: backend and filedriver v0.32: Do not retry on most syscall failures Set http_proxy default to true Add new completion functions for Arch and Os. v0.31: Switch default runtime from runc to crun Add a volume plugins field to containers.conf Remove libpod.conf v0.30: Add ability to set system wide options for slirp4netns v0.29: Remove stutter APIs from pkg/umask and pkg/subscriptions. v0.28: Add support for enabling/disabling kernel keyring in engines We should not be setting a default infra command. Print the error to log info Move buildah/pkg/secrets to common/pkg/subscriptions Move some volume and device parsing from buildah to common v0.27: fix: Set ping_group_range to 0 0 by default Allow users to customer the --remote flag to be on by default. v0.26: Consolidate reporting functions from Buildah and Podman. Update pkg/report to consolidate --format flag handling between Buildah and Podman and eventually Skopeo. v0.25: Common library now has pkg/formats pulled out of containers/buildah to make it easier to share with other tools. Recommended containers.conf is also now available to be used by distros and CI/CD systems. v0.24: Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 Add shared autocomplete functions for podman/buildah v0.23: Allow users to specify the default format for image builds Shell Completion with cobra for login/logout flags remove fchmodat2 from seccomp.json file Add support for CONTAINER_CONNECTION environment variable Bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 Allow pidfd_getfd by default in seccomp.json Fix problems found by codespell v0.22: Add new syscalls to allowed seccomp.json ValidatePullPolicy case-insensitive Update default seccomp rules to match fedora rules Bump github.com/onsi/gomega from 1.10.1 to 1.10.2 Bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 Bump github.com/containers/storage from 1.23.3 to 1.23.5 Add seccomp validation unit test for failing BuildProfile() v0.21: Add BuildFilter() and ValidateProfile() API Add FindAppArmorParserBinary() helper Add mock'able unit tests and move package to `internal` Add owners file Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 Bump github.com/containers/storage from 1.23.2 to 1.23.3 Bump golang to 1.15 Change fmt.Errorf calls to be replaced by errors package Enable retry EOF from http request Fix all gocritic lints Fix nested elseif Migrate seccomp/containers-golang RetryIfNecessary: add a field for setting the delay in RetryOptions Update golangci-lint and add config Update pkg/config/config_darwin.go Update pkg/config/config_linux.go Update pkg/config/config_windows.go Update pkg/retry/retry.go Validate that apparmor_parser is available on the system begin migration off travis containers.conf: Fix ulimits nofile example syntax fix windows containers.conf path getCustomConfigFile for windows and darwin v0.20: multi_image_archive: add option for `podman save` Wrap AppArmor errors to provide more debug information Omit apparmor_parser warnings when parsing the version Support different zoneinfo locations Do not mention libpod.conf if no files found v0.19: Vendor in containers/storage v1.23.0 Fix duplicated code found by codeverity. Export NormalizeCapabilities function Use homedir.GetConfigHome() Respect XDG_CONFIG_HOME for policy.json and cni Fix documentation hooks_dir_path was in wrong location, should be under Enigine section Fix deprecation warnings about libpod.conf and raise log level v0.18: Move retry code to pkg/retry Bump github.com/containers/storage from 1.21.1 to 1.21.2 v0.17: Add retry helper functions Remove extra lock in Reload function v0.16: Add support for Umask Fix config reload race Add support for multiple service destinations Bump github.com/containers/storage from 1.21.0 to 1.21.1 Add config reload Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 v0.15: Add support for timezone Specify container engine in comments of engine env Add env to [engines] for engine to use Fix location of stop_timeout in default containers.conf Bump github.com/containers/image/v5 from 5.4.4 to 5.5.1 Fix testing to not race on containers.conf pkg/version -> version Move pkg/version to version to be consistent with other libraries in c/image. Fixup handling of remote_uri for documentation Add script to rebuild images on quay.io Fix AppArmor profile prefix and name Change AppArmor profile prefix and fix name-check - Update image to 5.9.0: v5.5.0: * Add Security Policy * Bump to v5.5.0-dev again * Bump github.com/containers/storage from 1.19.1 to 1.19.2 * Add debug line to get Content-Type from manifests * Add defaults for using the rootless policy path * Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0 * Bump github.com/klauspost/pgzip from 1.2.3 to 1.2.4 * pkg/docker/config/ModifyJSON: fix MkdirAll usage * Bump github.com/vbauerster/mpb/v5 from 5.0.4 to 5.2.1 * Bump github.com/containers/storage from 1.19.2 to 1.20.1 * Bump github.com/klauspost/compress from 1.10.5 to 1.10.6 * Bump github.com/vbauerster/mpb/v5 from 5.2.1 to 5.2.2 * Go module noise * Fix crash on inspecting an OCI image with no config * Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2 * Add hardcode Authfile for windows and mac * docker/config: initialize dockerConfigFile * docker/config: add `GetAllCredentials` * Bump github.com/stretchr/testify from 1.5.1 to 1.6.0 * Bump github.com/klauspost/compress from 1.10.6 to 1.10.7 * Bump github.com/containers/storage from 1.20.1 to 1.20.2 * Add documentation for credHelper * Fix error messages on !canModifyManifest * Add support for ProgressEventSkipped * Bump github.com/stretchr/testify from 1.6.0 to 1.6.1 * Bump github.com/klauspost/compress from 1.10.7 to 1.10.8 * oci: don't overwrite tags pointing at the same manifest * oci test: simplify length calculation v5.5.1: because the Go proxy caches an old version of the 5.5.0 tag, making it difficult to use 5.5.0. v5.5.2: * backports pagination fix v5.6.0: * When we can't store signatures, point the user at the destination. * Update for https://github.com/containers/skopeo/pull/932 * Refactor configPath API * Load the rootless registries.conf.d for override * docker config: clean up after test * blobinfocache: clean up after test * enable search using pagination * pkg/docker/config: correct default file mode when create auth.json file * Update to Go 1.13 * Coverity found potential nil dereference * Look for normalized paths in tarfile. * Move docker/tarfile.Destination to docker/internal/tarfile.Destination * Use the docker/internal/tarfile.Destination from docker/daemon and docker/archive * Remove deprecated non-SystemContext functions from docker/internal.tarfile * Introduce Destination.configPath and Destination.physicalLayerPath * Split docker/internal.tarfile.Writer from Destination * Move createRepositoriesFile to a bit better place * Split Writer.createManifest from Destination.PutManifest * Reorganize docker/internal/tarfile.Writer.createManifest a bit * Move the computation of layerPaths in docker-archive * Implement writing multiple images in the modern format. * Split createSingleLegacyLayer from writeLegacyLayerMetadata * Move legacy layer ID computation to a bit later * Merge writeLegacyMetadata and createRepositoriesFile * Implement writing multiple images in the legacy format * Separate tarfile.Writer creation from Destination creation * Lock docker/internal/tarfile.Writer to support concurrent uses * Split openArchiveForWriting from docker/archive/newImageDestination * Finally, introduce docker/archive.Writer * use container/storage/pkg/homedir * Fix an error message on docker-archive:path:name@sha256:$digest * Move docker/tarfile.Source to docker/internal/tarfile.Source * Use the docker/internal/tarfile.Source from docker/daemon and docker/archive * Remove deprecated non-SystemContext functions from docker/internal/tarfile * Split docker/internal/tarfile.Reader from Source * Separate tarfile.Reader creation from Source creation * Read the tarfile manifest already when initializing tarfile.Reader * Turn tarfile.Source.LoadTarManifest into a TarManifest * Allow choosing an image from tarfile.Reader by reference * Introduce docker-archive:path:@index syntax for reading untagged images * Introduce docker/archive.Reader * Finally, share a tarfile.Reader across archiveSource objects * Add docker/archive.NewReaderForReference * Add docker/archive.Reader.ManifestTagsForReference * Support per user registries.d * Move TestInvalidPolicyFormatError * Reduce duplication in policy_config_test.go * Eliminate more duplication in signature/policy_config_tests.go * Return error body if UnexpectedHTTPResponseError * Set NoLchown to true in untar opts v5.7.0: * add comment on CVE-2020-15157 * Bump github.com/containers/storage from 1.23.5 to 1.23.6 * Search credentials under XDG_CONFIG_HOME * Bump github.com/klauspost/compress from 1.11.0 to 1.11.1 * Use $DOCKER_CONFIG/config.json to match the docker CLI. * Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 * Regenerate oci/layout fixture certificates * Extend the lifetime of test certificates to 10 years * Set default rootless sigstore * Update copier/imagecopier to fix race * Fix problems found by codespell v5.8.0: * pkg/shortnames * Finally, split configuration loading and merging * Reorder merging code in loadConfig to match field order in V2RegistriesConf * Remove "TODO: separate upper format from internal data below:" * Move shortNameMode from V2RegistriesConf to parsedConfig * Behavior change: Move unqualifiedSearchRegistriesOrigin to parsedConfig * Deprecate TryUpdatingCache return value, warn about parsedConfig.v2 * Some progress: Move aliasCache out of V2RegistriesConf to parsedConfig * Add a parsedConfig return value to loadConfigFile * Split shortNameAliasCache.updateWithConfigurationFrom from loadConfig * Move the creation of shortNameAliasCache to loadConfigFile * Rename shortNameAliasConf.parseAndValidate to newShortNameAliasCache * Move the allocation of an empty alias map to editShortNameAlias * Bump github.com/klauspost/compress from 1.11.1 to 1.11.2 * Split shortNameAliasCache from shortNameAliasConf * Split the error and success return paths of shortNameAliasConf.parseAndValidate * Sort Registries in V2RegistriesConf.postProcess * Make it clearer that .postProcessRegistries() is called on the V2RegistriesConf data * Make tomlConfig private * Split loadConfigFile from loadConfig * Make loadConfig a method on parsedConfig instead of tomlConfig * Introduce sysregistriesv2.parsedConfig, use it for configCache * Don't hard-code cache implementation details in tests * Add a test for correctly merging unqualified-search-registries * sysregistriesv2: short-name aliasing * Add GetDigest method to retrieve digest from manifest HEAD request * Fix misleading network error * Bump github.com/containers/storage from 1.23.6 to 1.23.7 * docs: update reference to containers-registeries.d.md v5.9.0: * copy: check our assumptions about compression * Add a signedIdentity choice "type": "remapIdentity" * shortnames: error if there's no alias and no search registries - Update podman to 2.2.1 v2.2.1 [#]## Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using `--mount type=image`) were handled in the database. As a result, containers created in Podman 2.2.0 with image volumes will not have them in v2.2.1, and these containers will need to be re-created. [#]## Bugfixes - Fixed a bug where rootless Podman would, on systems without the `XDG_RUNTIME_DIR` environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start ([#8539](https://github.com/containers/podman/issues/8539)). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors ([#8613](https://github.com/containers/podman/issues/8613)). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the `podman system reset` command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount `sysfs` in circumstances where it was not allowed; some OCI runtimes (notably `crun`) would fall back to alternatives and not fail, but others (notably `runc`) would fail to run containers. - Fixed a bug where the `podman run` and `podman create` commands would fail to create containers from untagged images ([#8558](https://github.com/containers/podman/issues/8558)). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)). - Fixed a bug where the `podman exec` command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the `ancestor` option to `podman ps --filter` did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if `--rm` was set) if the Podman command that created them was invoked with `--log-level=debug`. [#]## API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the `Binds` and `Mounts` parameters in `HostConfig`. - Fixed a bug where the Compat Create endpoint for Containers ignored the `Name` query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for `NetworkMode` (this value is used extensively by `docker-compose`) ([#8544](https://github.com/containers/podman/issues/8544)). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the `target` query parameter as the image's tag. [#]## Misc - Podman v2.2.0 vendored a non-released, custom version of the `github.com/spf13/cobra` package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 v2.2.0 [#]## Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing) and [here](https://www.redhat.com/sysadmin/container-image-short-names). - Initial support has been added for the `podman network connect` and `podman network disconnect` commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify `--network=none` when they were created. - The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Aliases can also be added and removed using the new `podman network connect` and `podman network disconnect` commands. Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks. - The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)). - The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)). - The `podman play kube` command now supports persistent volumes claims using Podman named volumes. - The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)). - The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers. - The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles. - The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)). - The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)). - The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added. - The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)). - The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)). - The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster. - The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository. - The `podman search` command can now output JSON using the `--format=json` option. - The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman. - The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)). - The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option. - The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option. - The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`. - The `name` and `id` filters for `podman pod ps` now match based on a regular expression, instead of requiring an exact match. - The `podman pod ps` command now supports a new filter `status`, that matches pods in a certain state. [#]## Changes - The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)). - The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given. - If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release. - The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)). - The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)). - A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. `--publish` and `--net=host`) are specified when creating a container. - The `--restart on-failure` and `--rm` options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly ([#7906](https://github.com/containers/podman/issues/7906)). - Remote Podman will no longer use settings from the client's `containers.conf`; defaults will instead be provided by the server's `containers.conf` ([#7657](https://github.com/containers/podman/issues/7657)). - The `podman network rm` command now has a new alias, `podman network remove` ([#8402](https://github.com/containers/podman/issues/8402)). [#]## Bugfixes - Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)). - Fixed a bug where the `--pull` option to `podman run`, `podman create`, and `podman build` did not match Docker's behavior. - Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)). - Fixed a bug where the `podman untag --all` command was not supported with remote Podman. - Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)). - Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)). - Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)). - Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)). - Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)). - Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)). - Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)). - Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)). - Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)). - Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)). - Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)). - Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)). - Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)). - Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)). - Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted. - Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)). - Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)). - Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations. - Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)). - Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)). - Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing. - Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions. - Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)). - Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)). - Fixed a bug where the `--extract` option to `podman cp` was nonfunctional. - Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)). - Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)). - Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)). - Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)). - Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)). - Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)). - Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)). - Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)). - Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)). - Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)). - Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)). - Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)). - Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)). - Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)). - Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it). - Fixed a bug where the `podman network rm` command would error when trying to remove `macvlan` networks and rootless CNI networks ([#8491](https://github.com/containers/podman/issues/8491)). - Fixed a bug where Podman was not setting sane defaults for missing `XDG_` environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server ([#8473](https://github.com/containers/podman/issues/8473)). - Fixed a bug where the `podman manifest create` and `podman manifest add` commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by `podman network create` did not include the `tuning` plugin, and as such did not support setting custom MAC addresses ([#8385](https://github.com/containers/podman/issues/8385)). - Fixed a bug where container healthchecks did not use `$PATH` when searching for the Podman executable to run the healthcheck. - Fixed a bug where the `--ip-range` option to `podman network create` did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment ([#8448](https://github.com/containers/podman/issues/8448)). - Fixed a bug where the `podman container ps` alias for `podman ps` was missing ([#8445](https://github.com/containers/podman/issues/8445)). [#]## API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (`Libpod-Buildha-Version` instead of `Libpod-Buildah-Version`). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with `CAP_` (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)). - Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the `ParentId` field if the image had no parent, and the `Created` field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the `Force` query parameter. [#]## Misc - Updated Buildah to v1.18.0 - Updated the containers/storage library to v1.24.1 - Updated the containers/image library to v5.8.1 - Updated the containers/common library to v0.27.0 v2.2.0-rc2 APIv2 * Fix Bugs and compatability * Fix list of images - mandatory Created attribute * Add network connect|disconnect compat endpoints Missing Commands * Add alias for podman network rm -> remove * Add podman container ps command Missing Options support * Align the podman pod ps --filter behavior with podman ps * Allow containers to --restart on-failure with --rm * Allow multiple --network flags for podman run/create Documentation: * Containers.conf settings for remote connections * Specify what the replace flag replaces in help text * Clarify ps(1) fallback of `podman top` Improve shell completions Bugs * Fix ip-range for classless subnet masks * Make c.networks() list include the default network * Make podman service log events * Set PATH env in systemd timer. * Fix container cgroup lookup v2.2.0-RC1 This is the first release candidate for Podman v2.2.0. Preliminary release notes are below: [#]# 2.2.0 [#]## Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing). - The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)). - The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)). - The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)). - The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers. - The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles. - The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks. - The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)). - The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)). - The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added. - The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)). - The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)). - The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster. - The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository. - The `podman search` command can now output JSON using the `--format=json` option. - The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman. - The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)). - The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option. - The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option. - The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`. - The `name` filter for `podman pod ps` now matches based on a regular expression, instead of requiring an exact match. [#]## Changes - The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)). - The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given. - If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release. - The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)). - The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)). - A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`. [#]## Bugfixes - Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)). - Fixed a bug where the `--pull` option to `podman run`, `podman create`, and `podman build` did not match Docker's behavior. - Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)). - Fixed a bug where the `podman untag --all` command was not supported with remote Podman. - Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)). - Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)). - Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)). - Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)). - Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)). - Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)). - Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)). - Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)). - Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)). - Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)). - Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)). - Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)). - Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)). - Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)). - Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted. - Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)). - Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)). - Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations. - Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)). - Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)). - Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing. - Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions. - Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)). - Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)). - Fixed a bug where the `--extract` option to `podman cp` was nonfunctional. - Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)). - Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)). - Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)). - Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)). - Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)). - Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)). - Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)). - Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)). - Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)). - Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)). - Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)). - Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)). - Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)). - Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)). - Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it). [#]## API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)). - Fixed a bug where the Compat Inspect endpoint for Containers did not include complete network information on the container. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)). - Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response. [#]## Misc - Updated Buildah to v1.18.0 - Updated the containers/storage library to v1.24.0 - Updated the containers/image library to v5.8.0 - Updated the containers/common library to v0.27.0 v2.1.1 [#]## Changes - The `podman info` command now includes the cgroup manager Podman is using. [#]## Bugfixes - Fixed a bug where Podman would not build with the `varlink` build tag enabled. - Fixed a bug where the `podman save` command could, when asked to save multiple images, write its progress bar to the archive instead of the terminal, producing a corrupted archive. - Fixed a bug where the `json-file` log driver did not write logs. - Fixed a bug where `podman-remote start --attach` did not properly handle detaching using the detach keys. - Fixed a bug where `podman pod ps --filter label=...` did not work. - Fixed a bug where the `podman build` command did not respect the `--runtime` flag. [#]## API - The REST API now includes a Server header in all responses. - Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container. - Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter. - Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error. - Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) ([#7722](https://github.com/containers/podman/issues/7722)). - The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release. v2.1.0 [#]## Features - A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)). - The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)). - Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks. - The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present. - The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)). - The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport. - The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications. - The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units. - The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)). - The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host. - The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)). - The `podman play kube` command now supports read-only mounts. - The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels. - The `podman play kube` command now supports setting container restart policy ([#7656](https://github.com/containers/podman/issues/7656)). - The `podman play kube` command now properly handles `HostAlias` entries. - The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries. - The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods. - The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container). - The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container. - The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)). - Environment variables for Podman can now be added in the `containers.conf` configuration file. - The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal. - The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem. - Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems. - The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran. - A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called. - The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options. [#]## Security - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API. [#]## Changes - Podman will now retry pulling an image 3 times if a pull fails due to network errors. - The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did. - Error messages when creating a container or pod with a name that is already in use have been improved. - For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`. - The `podman system reset` command no longer removes configuration files for rootless Podman. [#]## Bugfixes - Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)). - Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)). - Fixed a bug where privileged containers would still configure an AppArmor profile. - Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)). - Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman. - Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)). - Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)). - Fixed a bug where input to the `--log-level` option was no longer case-insensitive. - Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)). - Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory. - Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)). - Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)). - Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)). - Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands. - Fixed a bug where the `podman build --logfile` command would segfault. - Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)). - Fixed a bug where the `podman ps` was ignoring the `--latest` flag. - Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)). - Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional. - Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional. - Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system. - Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)). - Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)). - Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)). - Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)). - Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)). - Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)). - Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)). - Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)). - Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)). - Fixed a bug where `podman images -a` would break if any image pulled by digest was present in the store ([#7651](https://github.com/containers/podman/issues/7651)). - Fixed a bug where the `--mount` option to `podman run` and `podman create` required the `type=` parameter to be passed first ([#7628](https://github.com/containers/podman/issues/7628)). - Fixed a bug where the `--infra-command` parameter to `podman pod create` was nonfunctional. - Fixed a bug where `podman auto-update` would fail for any container started with `--pull=always` ([#7407](https://github.com/containers/podman/issues/7407)). - Fixed a bug where the `podman wait` command would only accept a single argument. - Fixed a bug where the parsing of the `--volumes-from` option to `podman run` and `podman create` was broken, making it impossible to use multiple mount options at the same time ([#7701](https://github.com/containers/podman/issues/7701)). - Fixed a bug where the `podman exec` command would not join executed processes to the container's supplemental groups if the container was started with both the `--user` and `--group-add` options. - Fixed a bug where the `--iidfile` option to `podman-remote build` was nonfunctional. [#]## API - The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API. - Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available! - Added an endpoint for generating systemd unit files for containers. - The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)). - The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings - The Compat Inspect endpoint for containers now includes port information in NetworkSettings. - The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)). - Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts. - Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present. - Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images. - Fixed a bug where name history information was not properly added in the Libpod Image List endpoint. - Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses. - Added a `noTrunc` option to the Libpod image search endpoint. - Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)). - Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)). - Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed. - The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)). - Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod. - Fixed a bug where Pull endpoints did not stream progress back to the client. - The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker. - All non-hijacking responses to API requests should not include headers with the version of the server. - Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred ([#7263](https://github.com/containers/podman/issues/7263)). - Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client. - Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting. - Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly. - Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format ([#7196](https://github.com/containers/podman/issues/7196)). [#]## Misc - Updated Buildah to v1.16.1 - Updated the containers/storage library to v1.23.5 - Updated the containers/image library to v5.6.0 - Updated the containers/common library to v0.22.0 v2.1.0-RC2 This is the second release candidate for Podman v2.1.0. v2.1.0-RC1 This is the first release candidate of Podman v2.1.0. Preliminary release notes are attached below: [#]## Features - A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)). - The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)). - Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks. - The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present. - The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)). - The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport. - The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications. - The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units. - The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)). - The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host. - The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)). - The `podman play kube` command now supports read-only mounts. - The `podman play kube` command now properly handles `HostAlias` entries. - The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries. - The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods. - The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container). - The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container. - The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)). - Environment variables for Podman can now be added in the `containers.conf` configuration file. - The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal. - The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem. - Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems. - The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran. - A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called. - The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options. [#]## Changes - Podman will now retry pulling an image 3 times if a pull fails due to network errors. - The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did. - Error messages when creating a container or pod with a name that is already in use have been improved. - For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`. - The `podman system reset` command no longer removes configuration files for rootless Podman. [#]## Bugfixes - Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)). - Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)). - Fixed a bug where privileged containers would still configure an AppArmor profile. - Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)). - Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman. - Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)). - Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)). - Fixed a bug where input to the `--log-level` option was no longer case-insensitive. - Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)). - Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory. - Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)). - Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)). - Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)). - Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands. - Fixed a bug where the `podman build --logfile` command would segfault. - Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)). - Fixed a bug where the `podman ps` was ignoring the `--latest` flag. - Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)). - Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional. - Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional. - Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system. - Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)). - Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)). - Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)). - Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)). - Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)). - Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)). - Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)). - Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)). - Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)). [#]## API - Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available! - Added an endpoint for generating systemd unit files for containers. - The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)). - The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings - The Compat Inspect endpoint for containers now includes port information in NetworkSettings. - The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)). - Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts. - Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present. - Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images. - Fixed a bug where name history information was not properly added in the Libpod Image List endpoint. - Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses. - Added a `noTrunc` option to the Libpod image search endpoint. - Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)). - Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)). - Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed. - The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)). - Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod. [#]## Misc - Updated Buildah to v1.16.1 - Updated the containers/storage library to v1.23.5 - Updated the containers/common library to v0.22.0 v2.0.6 [#]## Bugfixes - Fixed a bug where running systemd in a container on a cgroups v1 system would fail. - Fixed a bug where `/etc/passwd` could be re-created every time a container is restarted if the container's `/etc/passwd` did not contain an entry for the user the container was started as. - Fixed a bug where containers without an `/etc/passwd` file specifying a non-root user would not start. - Fixed a bug where the `--remote` flag would sometimes not make remote connections and would instead attempt to run Podman locally. [#]## Misc - Updated the containers/common library to v0.14.10 v2.0.6-rc1 This is the first release candidate for Podman v2.0.6. It includes several small bugfixes for issues identified with v2.0.5. v2.0.5 [#]## Features - Rootless Podman will now add an entry to `/etc/passwd` for the user who ran Podman if run with `--userns=keep-id`. - The `podman system connection` command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, `--connection`, to specify a connection to a remote Podman API instance. [#]## Changes - Podman's automatic systemd integration (activated by the `--systemd=true` flag, set by default) will now activate for containers using `/usr/local/sbin/init` as their command, instead of just `/usr/sbin/init` and `/sbin/init` (and any path ending in `systemd`). - Seccomp profiles specified by the `--security-opt seccomp=...` flag to `podman create` and `podman run` will now be honored even if the container was created using `--privileged`. [#]## Bugfixes - Fixed a bug where the `podman play kube` would not honor the `hostIP` field for port forwarding ([#5964](https://github.com/containers/podman/issues/5964)). - Fixed a bug where the `podman generate systemd` command would panic on an invalid restart policy being specified ([#7271](https://github.com/containers/podman/issues/7271)). - Fixed a bug where the `podman images` command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the `podman logs` command with the `--tail` flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com/containers/podman/issues/7230]). - Fixed a bug where the `podman exec` command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) ([#6893](https://github.com/containers/podman/issues/6893)). - Fixed a bug where the `podman load` command with remote Podman would did not honor user-specified tags ([#7124](https://github.com/containers/podman/issues/7124)). - Fixed a bug where the `podman system service` command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result ([#7180](https://github.com/containers/podman/issues/7180)). - Fixed a bug where the `--publish` flag to `podman create`, `podman run`, and `podman pod create` did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) ([#7104](https://github.com/containers/podman/issues/7014)). - Fixed a bug where the `podman start --attach` command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the `podman rm` command with remote Podman would not remove volumes, even if the `--volumes` flag was specified ([#7128](https://github.com/containers/podman/issues/7128)). - Fixed a bug where the `podman run` command with remote Podman and the `--rm` flag could exit before the container was fully removed. - Fixed a bug where the `--pod new:...` flag to `podman run` and `podman create` would create a pod that did not share any namespaces. - Fixed a bug where the `--preserve-fds` flag to `podman run` and `podman exec` could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables (`$PATH` and `$TERM`) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with `podman network create` with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the `podman save` command would not work properly when its output was piped to another command ([#7017](https://github.com/containers/podman/issues/7017)). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under `/sys/fs/cgroup/systemd` to the host. - Fixed a bug where `podman build` would not generate an event on completion ([#7022](https://github.com/containers/podman/issues/7022)). - Fixed a bug where the `podman history` command with remote Podman printed incorrect creation times for layers ([#7122](https://github.com/containers/podman/issues/7122)). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear `CMD` from the container image if the user overrode `ENTRYPOINT` ([#7115](https://github.com/containers/podman/issues/7115)). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the `podman images` command with remote Podman did not support printing image tags in Go templates supplied to the `--format` flag ([#7123](https://github.com/containers/podman/issues/7123)). - Fixed a bug where the `podman rmi --force` command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the `podman generate systemd --new` command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files ([#7285](https://github.com/containers/podman/issues/7285)). - Fixed a bug where the `podman version` command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the `systemd` cgroup manager would fail ([#6734](https://github.com/containers/podman/issues/6734)). - Fixed a bug where capabilities from `--cap-add` were not properly added when a container was started as a non-root user via `--user`. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues ([#7103](https://github.com/containers/podman/issues/7103)). [#]## API - Fixed a bug where the libpod and compat Build endpoints did not accept the `application/tar` content type (instead only accepting `application/x-tar`) ([#7185](https://github.com/containers/podman/issues/7185)). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions ([#7197](https://github.com/containers/podman/issues/7197)). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned `_ping` endpoint (e.g. `http://localhost/v1.40/_ping`). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when `podman system service` shut down due to its idle timeout ([#7294](https://github.com/containers/podman/issues/7294)). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The `Pod` URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the `Pod` boolean will now be included in the response unconditionally. [#]## Misc - Updated Buildah to v1.15.1 - Updated containers/image library to v5.5.2 v2.0.4 [#]## Bugfixes - Fixed a bug where the output of `podman image search` did not populate the Description field as it was mistakenly assigned to the ID field. - Fixed a bug where `podman build -` and `podman build` on an HTTP target would fail. - Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes ([#7130](https://github.com/containers/podman/issues/7130)). - Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. - Fixed a bug where the `podman start --attach --interactive` command would print the container ID of the container attached to when exiting ([#7068](https://github.com/containers/podman/pull/7068)). - Fixed a bug where `podman run --ipc=host --pid=host` would only set `--pid=host` and not `--ipc=host` ([#7100](https://github.com/containers/podman/issues/7100)). - Fixed a bug where the `--publish` argument to `podman run`, `podman create` and `podman pod create` would not allow binding the same container port to more than one host port ([#7062](https://github.com/containers/podman/issues/7062)). - Fixed a bug where incorrect arguments to `podman images --format` could cause Podman to segfault. - Fixed a bug where `podman rmi --force` on an image ID with more than one name and at least one container using the image would not completely remove containers using the image ([#7153](https://github.com/containers/podman/issues/7153)). - Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of `podman stats --format=json`. [#]## API - Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified ([#7078](https://github.com/containers/podman/issues/7078)). - Fixed a bug where the `CgroupVersion` field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented). - Update storage to 1.24.5 1.24.5: Use STORAGE_DRIVER environment variable in rootless mode Fix errors about undefined storage driver in vms idtools: handle single user mapped as root 1.24.4: Use /run instead of /var/run archive: Skip FIFO creation in user namespace 1.24.3: Revert returning storageOpts early in rootless mode. Log message when graphdriver is not set 1.24.2: Fix reading of ~/.config/containers/storage.conf 1.24.1: Fix unshare.HomeDir to use entry in /etc/passwd 1.24.0: Add support for force_mask field, which allows for sharing container image over NFS shares or between different users on the same system. (Experimental) 1.23.9: Improve handling Get() in pkg/homedir, handling user namespaced homedirs correctly Improve ID range selection for automatic user namespace range selection. Restore usage of rootless_storage_path in user storage.conf 1.20.5: Fix handling of Interrupts while changing file system attributes. 1.23.8: Tighten permissions on created directory Fix handling of EINTR when changing file permissions, being triggered by newer version of golang. Fix resource leaks and improve error messages. 1.23.7: Fix handling of SetDefaultConfigFilePath(path) Switch to handling EINTR when chowning content. 1.23.6: Lot's of bug fixes. Drop some Warning messages down to Info level Improve error messages for users Improve imput parsing. Maintain IMA Attributes in image creation Fix usage of rootless_storage_path from system storage.conf file Improve devmapper handling. 1.23.5: For podman v2.0 we need to use use ignore_chown_errors field if set utils_test.go: make test show mismatching items Support the rootless storage path from the system file build(deps): bump github.com/klauspost/compress from 1.10.11 to 1.11.0 1.20.4: For podman v2.0 we need to use use ignore_chown_errors field if set 1.23.4: build(deps): bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5 fix goroutine leak with close tatLogger in a defer clause 1.23.3: Switch to moby/sys/mountinfo counter: check for external umounts 1.20.3: counter: check for external umounts 1.23.2: counter: check for external umounts 1.23.1: recover use graphLock when mount a layer build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11 Use `bash` binary from env instead of /bin/bash for scripts build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11 Allow users to override imagestores Remove dead code 1.23.0: * Revert "build(deps): bump github.com/opencontainers/runc" * Allow any env variable for graphroot, runroot, storagepath * fileutils.Pattern.compile(): end the regex with the right path separator * archive: preallocate a buffer for io.Copy 1.22.0: Allow env variables in graphroot and runroot userns: make sure host id is not always 0 store: support mapped layers deletion Cirrus: Fix matrix filter build(deps): bump github.com/opencontainers/runc Cirrus: Add success-accumulator task Cirrus: Note matrix filter resolution store: support mapped layers deletion userns: fix host id calculation when ranges overlap userns: simplify function Fix leaked fd Coverity errors found 1.21.2: archive: fix the bug of ReadSecurityXattrToTarHeader unbreak build on mipsen harder unshare: memoize HomeDir() 1.21.1: userns: fix available range with explicit idmapping layer mount: fix RO logic When mounting images we have no lowers, but still need to mount layerStore: clean residual resources in layerStore when remove an image Allow mounting of Non Read Write images read/only Always mount the layer via overlay. 1.21.0: Remove whitelist and replace with allowed build(deps): bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 new interface for MountImage added Record security.ima in container images build(deps): bump github.com/opencontainers/runc from 1.0.0-rc90 to 1.0.0-rc91 Store the pvcreate --metadatasize option in storage.conf new interface Free for deleting Store object Just uncommenting this line blew up on me build(deps): bump github.com/hashicorp/go-multierror from 1.0.0 to 1.1.0 Use temp instead of run as fallback directory for rootless mode Make lock files world readable Lock files should be CLOEXEC Stop using golang 1.12 build(deps): bump github.com/klauspost/compress from 1.10.8 to 1.10.10 devmapper: allow devmapper devices as directlvm device build(deps): bump github.com/stretchr/testify from 1.6.0 to 1.6.1 1.20.2: Add back skip_mount_home Update git validation EPOCH build(deps): bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90 build(deps): bump github.com/klauspost/compress from 1.10.5 to 1.10.7 build(deps): bump github.com/stretchr/testify from 1.5.1 to 1.6.0 unbreak build on mipsen - Switch to seccomp profile provided by common instead of podman - Update containers.conf to match latest version ++++ gpgme: - gpgme 1.15.1: * Fix a bug in the secret key export * Make listing of signatures work if only secret keys are listed * qt: Avoid empty "rem@gnupg.org" signature notations * python: Fix key_export functions - remove deprecated texinfo macros ++++ openldap2: - bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch ++++ libzypp: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) - version 17.25.6 (22) ++++ osinfo-db: - Update database to version 20201218 osinfo-db-20201218.tar.xz ++++ salt: - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Fix for file.check_perms to work with numeric uid/gid - Added: * force-zyppnotify-to-prefer-packages.db-than-packages.patch * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch * add-pkg.services_need_restart-302.patch * add-patch-support-for-allow-vendor-change-option-wit.patch - virt: more network support Add more network and PCI/USB host devices passthrough support to virt module and states - Bigvm backports virt consoles, CPU tuning and topology, and memory tuning. - Fix pkg states when DEB package has "all" arch - Added: * open-suse-3002.2-virt-network-311.patch * open-suse-3002.2-bigvm-310.patch * fix-aptpkg.normalize_name-when-package-arch-is-all.patch ++++ zypper: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quitet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) - Prefer /run over /var/run. - version 1.14.42 ------------------------------------------------------------------ ------------------ 2021-1-11 - Jan 11 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit-wicked: - Version 3: * Properly remove the last route in /etc/sysconfig/network/routes (gh#110). * Improve detection of virtual interfaces (gh#113). * Usability improvements in the interfaces (gh#114, gh#115) and routes lists (gh#112). * Update dependencies to latest compatible versions (gh#116). * Added translations for Catalan, Japanese, Portuguese (Brazil and Portugal) and Spanish. ++++ container-selinux: - Update to version 2.154.0 - Allow confined user domains to run confined container domains. - Allow all containers to use nfs shares, iff virt_use_nfs boolean is enabled. - Allow containers to read nsfs file systems. - KVM Container need to use tunnel sockets created by runtime. ++++ cups: - cups-2.2.7-CVE-2020-10001.patch fixes CVE-2020-10001 access to uninitialized buffer in ipp.c (bsc#1180520) - cups-2.2.7-CVE-2019-8842.patch fixes CVE-2019-8842 (bsc#1170671) the ippReadIO function may under-read an extension field ++++ gsettings-desktop-schemas: - Update to version 40.alpha: + Add scroll button locking to trackballs. + Move mouse drag-threshold/double-click settings here. + Move antialiasing/hinting/rgba-order settings here. + Updated translations. ++++ libguestfs: - Update to version 1.44.0 * The minimum version of Python required is 3.6. * Python bindings no longer use deprecated "PyEval_ThreadsInitialized". * Python bindings now include type hints (Sam Eiderman). * Erlang bindings now use libei instead of liberl_interface (Sergei Golovan). * virt-get-kernel(1) can now find uncompressed kernels (Pino Toscano). * virt-sysprep(1) now regenerates the guest certificate store when a certificate is removed from the guest (Pino Toscano). * virt-sysprep(1) can now remove IPA enrollment files and Kerberos keytabs (Pino Toscano, Christian Heimes and François Cami). * "cryptsetup-open" and "cryptsetup-close" replace "luks-open", luks-open-ro and luks-close. The new APIs add support for BitLocker encryption. * "lvm-canonical-lv" no longer produces a noisy error message when called with a non-LV parameter. * Various other bug fixes - Drop bfd08867-golang-Fix-path-to-include-guestfs.h..patch dbfab7d3-build-fix-includedir-in-uninstalled-libguestfs.pc.patch ++++ kernel-default: - x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (bsc#1178134). - commit 0b7cd9d - x86/resctrl: Don't move a task to the same resource group (bsc#1152489). - commit 8a696c5 - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1152489). - commit 309f3cb - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1152489). - commit 41cceca - x86/mm: Fix leak of pmd ptlock (bsc#1152489). - commit cb571f0 - btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773). - btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773). - btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773). - commit fba9b10 - IB/hfi1: Ensure correct mm is used at all times (bsc#1179878 CVE-2020-27835). - IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878). - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878). - commit 79bac5c - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() (git-fixes). - commit 6e1e482 - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: usbip: vhci_hcd: protect shift size (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - staging: mt7621-dma: Fix a resource leak in an error handling path (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() (git-fixes). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() (git-fixes). - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function (git-fixes). - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated (git-fixes). - i2c: sprd: use a specific timeout to avoid system hang up issue (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes). - spi: stm32: FIFO threshold level - fix align packet size (git-fixes). - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev (git-fixes). - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes). - commit da0ba2f - sched/fair: Check for idle core in wake_affine (git fixes (sched)). - commit 2caffed - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes). - commit 52bc22f - blacklist.conf: 2c2b3ad2c4c8 ("spi: spi-fsl-dspi: Use max_native_cs instead of num_chipselect to set SPI_MCR") Depends on 7d93aecdb58d4 ("spi: Add generic support for unused native cs with cs-gpios") which at the moment is not worth back-porting as it'll break kABI. - commit bafcdfd - xen-blkback: set ring->xenblkd to NULL after kthread_stop() (bsc#1179509 XSA-350 CVE-2020-29569). - commit 552ca06 - xenbus/xenbus_backend: Disallow pending watch messages (bsc#1179508 XSA-349 CVE-2020-29568). - commit b293dfc - xen/xenbus: Count pending messages for each watch (bsc#1179508 XSA-349 CVE-2020-29568). - commit d8a62d9 - xen/xenbus/xen_bus_type: Support will_handle watch callback (bsc#1179508 XSA-349 CVE-2020-29568). - commit 8be4352 - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568). - commit 4383a8c - xen/xenbus: Allow watches discard events before queueing (bsc#1179508 XSA-349 CVE-2020-29568). - commit ec8d064 ++++ libjpeg-turbo: - Fix setting of FLOATTEST ++++ ovmf: - Add ovmf-bsc1180079-amd-sev-es-mitigation.patch to mitigate the potential AMD SEV-ES security issues (bsc#1180079) - Add the json descriptor for xen-hvm (bsc#1180050) ++++ selinux-policy: - Update to version 20210111 - Drop fix_policykit.patch (integrated upstream) - Adjust fix_iptables.patch - update container policy ++++ yast2: - Ensure the libzypp target is initialized when downloading the skelcd packages (to verify the GPG signatures) (bsc#1179773) - Log more details when several resolvables (instead of a single one) are unexpectedly found (related to bsc#1176276) - 4.3.48 - Fix default for hibernation proposal (bsc#1169874) - 4.3.47 ++++ yast2-trans: - Update to version 84.87.20210109.77c13975e0: * New POT for text domain 'vm'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'control'. * New POT for text domain 'cluster'. * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) ------------------------------------------------------------------ ------------------ 2021-1-10 - Jan 10 2021 ------------------- ------------------------------------------------------------------ ++++ libqmi: - update to 1.26.8: * libqmi-glib: + Fix proxy segfault when accessing length of NULL GArray. + Add "Release USSD" indication to Basic collection. * qmicli: + Fix element types used in "NAS Get Cell Location Info". * Several other minor improvements and fixes. ------------------------------------------------------------------ ------------------ 2021-1-9 - Jan 9 2021 ------------------- ------------------------------------------------------------------ ++++ findutils: - update upstream signing key - remove deprecated texinfo packaging macros - run spec-cleaner - Update to 4.8.0. Announcement: https://savannah.gnu.org/forum/forum.php?forum_id=9914 - findutils.spec: - Source0: Fix download URL: remove "pub/". - %check: Output the content of all test-suite files in case of errors. - Remove now-upstream patches: - disable-null-ptr-test.patch - findutils-gnulib-disable-test-float.patch - findutils-gnulib-test-avoid-FP-perror-strerror.patch ++++ python-dbus-python: - update to 1.2.16: * All tests are run even if the tap.py module is not available, although diagnostics for failing tests will be better if it is present. * Forbid unexpanded AX-prefixed macros more selectively ++++ tar: - GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - remove deprecated texinfo packaging macros ------------------------------------------------------------------ ------------------ 2021-1-8 - Jan 8 2021 ------------------- ------------------------------------------------------------------ ++++ cni-plugin-dnsname: - Update to version 1.1.1: * Bump to v1.1.1 * use tabs not spaces * Bump to v1.1 * pass aliases to dns masq * Cirrus: Use images from automation_images * correct fedora package name in documentation * clarify where to report issues * change references from libpod to podman ++++ cyrus-sasl: - CVE-2020-8032: cyrus-sasl: Local privilege escalation to root due to insecure tmp file usage. (bsc#1180669) Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary files. ++++ haproxy: - Update to version 2.3.3+git0.9233c2143: * [RELEASE] Released version 2.3.3 * BUG/MINOR: sample: fix concat() converter's corruption with non-string variables * DOC: Add maintainers for the Prometheus exporter * SCRIPTS: announce-release: fix typo in help message * DOC: fix some spelling issues over multiple files * MINOR: contrib/prometheus-exporter: export build_info * CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error * BUILD: Makefile: exclude broken tests by default * MINOR: converter: adding support for url_enc * BUG/MINOR: srv: do not cleanup idle conns if pool max is null * BUG/MINOR: srv: do not init address if backend is disabled * SCRIPTS: make announce release support preparing announces before tag exists * SCRIPTS: improve announce-release to support different tag and versions * BUG/MINOR: stats: Make stat_l variable used to dump a stat line thread local * DOC: Improve the message printed when running `make` w/o `TARGET` * BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule * BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails * BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails * MINOR: atomic: don't use ; to separate instruction on aarch64. * BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h * BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup * DOC: fix "smp_size" vs "sample_size" in "log" directive arguments * BUG/MINOR: dns: SRV records ignores duplicated AR records * BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call * BUILD: plock: remove dead code that causes a warning in gcc 11 * CONTRIB: debug: address "poll" utility build on non-linux platforms * CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps * CONTRIB: halog: mark the has_zero* functions unused * CONTRIB: halog: fix build issue caused by %L printf format * BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request * BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode * BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests * BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well * BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call * REGTESTS: make use of HAPROXY_ARGS and pass -dM by default * BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert" * BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight * BUG/MINOR: tools: Reject size format not starting by a digit * BUG/MINOR: tools: make parse_time_err() more strict on the timer validity * MINOR: tcpcheck: Only wait for more payload data on HTTP expect rules * BUG/MINOR: tcpcheck: Don't rearm the check timeout on each read * BUG/MINOR: http-check: Use right condition to consider HTX message as full * DOC: email change of the DeviceAtlas maintainer * BUG/MEDIUM: spoa/python: Fixing references to None * BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments * BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails * BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations * DOC: spoa/python: Fixing typos in comments * DOC: spoa/python: Rephrasing memory related error messages * DOC: spoa/python: Fixing typo in IP related error messages * BUG/MAJOR: spoa/python: Fixing return None * MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1 * MINOR: listener: now use a generic add_listener() function * MINOR: listener: automatically set the port when creating listeners * MINOR: protocol: add a ->set_port() helper to address families * BUG/MINOR: mux-h1: Handle keep-alive timeout for idle frontend connections * BUG/MINOR: listener: use sockaddr_in6 for IPv6 * DOC/MINOR: Fix formatting in Management Guide * BUILD/MINOR: haproxy DragonFlyBSD affinity build update. * BUG/MAJOR: ring: tcp forward on ring can break the reader counter. * BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times * MINOR: cli: add a function to look up a CLI service description * MINOR: actions: add a function returning a service pointer from its name * MINOR: actions: Export actions lookup functions * BUG/MINOR: lua: Some lua init operation are processed unsafe * BUG/MINOR: lua: Post init register function are not executed beyond the first one * BUG/MINOR: lua: lua-load doesn't check its parameters * BUG/MINOR: lua: missing "\n" in error message * BUG/MINOR: mux-h2/stats: not all GOAWAY frames are errors * BUG/MINOR: mux-h2/stats: make stream/connection proto errors more accurate * BUG/MEDIUM: local log format regression. * BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link * MINOR: task: remove __tasklet_remove_from_tasklet_list() * BUG/MEDIUM: lists: Lock the element while we check if it is in a list. * MINOR: plock: use an ARMv8 instruction barrier for the pause instruction ++++ kernel-default: - drm: bail out of nouveau_channel_new if channel init fails (CVE-2020-25639 bsc#1176846). - commit 1ef70aa - nvme-multipath: fix bogus request queue reference put (bsc#1175389). - commit ef51578 - selftests/bpf: Move and extend ASSERT_xxx() testing macros (bsc#1177028). - libbpf: Add __noinline macro to bpf_helpers.h (bsc#1177028). - commit 630edda - Move "btrfs: qgroup: don't try to wait flushing if we're already holding a transaction (bsc#1179575)." to sorted section - commit 464edf7 ++++ harfbuzz: - Switch to meson buildsystem: + Add meson BuildRequires and macros. + Replace gcc-c++ for generic c++_compiler BuildRequires. + Add meson_test macro in check section, run tests during build. + Drop pkgconfig(graphite2) BuildRequires: No longer build graphite2 support, following upstream that disables this by default. + Stop packaging gtk-docs, pass -Ddocs=disabled to meson, this way we might avoid a build-cycle and since we did not have a explicit docs subpackage, just silently drop them. ++++ open-lldp: - Update to version v1.1+36.e926f7172b96: * tx: rename variable * event_iface: only set rcv buf size if too small (bsc#1175570) * tx: when operating in rx-only mode don't send a port shutdown pdu * Update .travis.yml * vdp22: manpage typo * lldptool: fix manpage * lldp_head: remove all references * add_rtattr: only copy if data is provided * autoconf: convenience to setup asan and ubsan * Post 1.1 release ++++ openssh: - Update openssh-8.1p1-audit.patch (bsc#1180501). This fixes occasional crashes on connection termination caused by accessing freed memory. ++++ salt: - Update to Salt release version 3002.2 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3002.2.html - Do not force beacons configuration to be a list. Revert https://github.com/saltstack/salt/pull/58655 - Drop wrong virt capabilities code after rebasing patches - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Added: * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch - Modified: * add-all_versions-parameter-to-include-all-installed-.patch * fix-failing-unit-tests-for-batch-async.patch * return-the-expected-powerpc-os-arch-bsc-1117995.patch * get-os_arch-also-without-rpm-package-installed.patch * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch * fix-async-batch-race-conditions.patch * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch * make-profiles-a-package.patch * virt._get_domain-don-t-raise-an-exception-if-there-i.patch * add-docker-logout-237.patch * do-not-make-ansiblegate-to-crash-on-python3-minions.patch * fall-back-to-pymysql.patch * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch * fix-bsc-1065792.patch * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch * fix-novendorchange-option-284.patch * do-not-crash-when-there-are-ipv6-established-connect.patch * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch * accumulated-changes-from-yomi-167.patch * add-new-custom-suse-capability-for-saltutil-state-mo.patch * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch * make-setup.py-script-to-not-require-setuptools-9.1.patch * prevent-systemd-run-description-issue-when-running-a.patch * implement-network.fqdns-module-function-bsc-1134860-.patch * add-batch_presence_ping_timeout-and-batch_presence_p.patch * provide-the-missing-features-required-for-yomi-yet-o.patch * debian-info_installed-compatibility-50453.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * fixes-cve-2018-15750-cve-2018-15751.patch * strip-trailing-from-repo.uri-when-comparing-repos-in.patch * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch * add-multi-file-support-and-globbing-to-the-filetree-.patch * accumulated-changes-required-for-yomi-165.patch * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch * reintroducing-reverted-changes.patch * fix-a-wrong-rebase-in-test_core.py-180.patch * changed-imports-to-vendored-tornado.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * fix-batch_async-obsolete-test.patch * xen-disk-fixes-264.patch * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch * read-repo-info-without-using-interpolation-bsc-11356.patch * batch.py-avoid-exception-when-minion-does-not-respon.patch * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch * temporary-fix-extend-the-whitelist-of-allowed-comman.patch * adds-explicit-type-cast-for-port.patch * remove-vendored-backports-abc-from-requirements.patch * drop-wrong-mock-from-chroot-unit-test.patch * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch * loop-fix-variable-names-for-until_no_eval.patch * fix-for-suse-expanded-support-detection.patch * make-aptpkg.list_repos-compatible-on-enabled-disable.patch * run-salt-api-as-user-salt-bsc-1064520.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * fix-unit-test-for-grains-core.patch * add-custom-suse-capabilities-as-grains.patch * transactional_update-unify-with-chroot.call.patch * x509-fixes-111.patch * fix-ipv6-scope-bsc-1108557.patch * add-cpe_name-for-osversion-grain-parsing-u-49946.patch * use-current-ioloop-for-the-localclient-instance-of-b.patch * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch * prevent-import-errors-when-running-test_btrfs-unit-t.patch * add-standalone-configuration-file-for-enabling-packa.patch * support-config-non-root-permission-issues-fixes-u-50.patch * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch * fixing-streamclosed-issue.patch * early-feature-support-config.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * switch-firewalld-state-to-use-change_interface.patch * xfs-do-not-fails-if-type-is-not-present.patch * fix-aptpkg-systemd-call-bsc-1143301.patch * fix-unit-tests-for-batch-async-after-refactor.patch * move-server_id-deprecation-warning-to-reduce-log-spa.patch * add-migrated-state-and-gpg-key-management-functions-.patch * add-virt.all_capabilities.patch * fix-the-removed-six.itermitems-and-six.-_type-262.patch * activate-all-beacons-sources-config-pillar-grains.patch * integration-of-msi-authentication-with-azurearm-clou.patch * run-salt-master-as-dedicated-salt-user.patch * grains-master-can-read-grains.patch * async-batch-implementation.patch * add-hold-unhold-functions.patch * info_installed-works-without-status-attr-now.patch * add-saltssh-multi-version-support-across-python-inte.patch * backport-a-few-virt-prs-272.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * improve-batch_async-to-release-consumed-memory-bsc-1.patch * invalidate-file-list-cache-when-cache-file-modified-.patch * apply-patch-from-upstream-to-support-python-3.8.patch * prevent-test_mod_del_repo_multiline_values-to-fail.patch * avoid-traceback-when-http.query-request-cannot-be-pe.patch * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch * fix-async-batch-multiple-done-events.patch * include-aliases-in-the-fqdns-grains.patch * do-not-raise-streamclosederror-traceback-but-only-lo.patch * backport-virt-patches-from-3001-256.patch * restore-default-behaviour-of-pkg-list-return.patch * batch_async-avoid-using-fnmatch-to-match-event-217.patch * do-not-break-repo-files-with-multiple-line-values-on.patch * opensuse-3000-virt-defined-states-222.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * fix-a-test-and-some-variable-names-229.patch * add-supportconfig-module-for-remote-calls-and-saltss.patch * option-to-en-disable-force-refresh-in-zypper-215.patch * fix-for-temp-folder-definition-in-loader-unit-test.patch * sanitize-grains-loaded-from-roster_grains.json.patch * add-publish_batch-to-clearfuncs-exposed-methods.patch * fix-virt.update-with-cpu-defined-263.patch * fix-git_pillar-merging-across-multiple-__env__-repos.patch * fix-for-log-checking-in-x509-test.patch * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch * batch-async-catch-exceptions-and-safety-unregister-a.patch * re-adding-function-to-test-for-root.patch * bsc-1176024-fix-file-directory-user-and-group-owners.patch * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch * don-t-call-zypper-with-more-than-one-no-refresh.patch * fix-issue-2068-test.patch * python3.8-compatibility-pr-s-235.patch * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch * use-adler32-algorithm-to-compute-string-checksums.patch - Removed: * make-salt.ext.tornado.gen-to-use-salt.ext.backports_.patch * add-patch-support-for-allow-vendor-change-option-wit.patch * add-missing-fun-for-returns-from-wfunc-executions.patch * use-full-option-name-instead-of-undocumented-abbrevi.patch * set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch * make-lazyloader.__init__-call-to-_refresh_file_mappi.patch * add-pkg.services_need_restart-302.patch * fix-typo-on-msgpack-version-when-sanitizing-msgpack-.patch * avoid-has_docker-true-if-import-messes-with-salt.uti.patch * msgpack-support-versions-1.0.0.patch * force-zyppnotify-to-prefer-packages.db-than-packages.patch * fix-for-return-value-ret-vs-return-in-batch-mode.patch * do-not-report-patches-as-installed-when-not-all-the-.patch * fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch * decide-if-the-source-should-be-actually-skipped.patch * loader-invalidate-the-import-cachefor-extra-modules.patch * opensuse-3000.3-bigvm-backports-303.patch * add-missing-_utils-at-loader-grains_func.patch * removes-unresolved-merge-conflict-in-yumpkg-module.patch * add-ip-filtering-by-network.patch * fix-cve-2020-11651-and-fix-cve-2020-11652.patch * various-fixes-to-the-mysql-module-to-break-out-the-h.patch * fix-for-unless-requisite-when-pip-is-not-installed.patch * fix-type-error-in-tornadoimporter.patch * fix-regression-in-service-states-with-reload-argumen.patch * revert-changes-to-slspath-saltstack-salt-56341.patch - Renamed: * support-transactional-systems-microos-268.patch - > support-transactional-systems-microos-271.patch * zypperpkg-filter-patterns-that-start-with-dot-243.patch - > zypperpkg-filter-patterns-that-start-with-dot-244.patch * opensuse-3000-libvirt-engine-fixes-248.patch - > opensuse-3000-libvirt-engine-fixes-251.patch * opensuse-3000.2-virt-backports-236.patch - > opensuse-3000.2-virt-backports-236-257.patch * pkgrepo-support-python-2.7-function-call-294.patch - > pkgrepo-support-python-2.7-function-call-295.patch * fix-__mount_device-wrapper-253.patch - > fix-__mount_device-wrapper-254.patch * fix-grains.test_core-unit-test-276.patch - > fix-grains.test_core-unit-test-277.patch * opensuse-3000-spacewalk-runner-parse-command-247.patch - > opensuse-3000.3-spacewalk-runner-parse-command-250.patch - Adjusted python2-cherrypy naming in salt-api. (#40) - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Bigvm backports - virt consoles, CPU tuning and topology, and memory tuning. - Fix for file.check_perms to work with numeric uid/gid - change 'Requires(pre)' to 'Requires' for salt-minion package (bsc#1083110) - Added: * opensuse-3000-bigvm-backports-300.patch * force-zyppnotify-to-prefer-packages.db-than-packages.patch * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch * add-pkg.services_need_restart-302.patch * add-patch-support-for-allow-vendor-change-option-wit.patch ------------------------------------------------------------------ ------------------ 2021-1-7 - Jan 7 2021 ------------------- ------------------------------------------------------------------ ++++ aide: - aide-0.15-syslog-format.patch: Add a syslog_format to aide (bsc#1180165) ++++ gdk-pixbuf: - Add gdk-pixbuf-bsc1180393-CVE-2020-29385.patch: gif: Fix LZW decoder accepting invalid LZW code. (bsc#1180393) ++++ hwdata: - Add merge-pciids.pl to fully duplicate behavior of pciutils-ids * Resolves SLE issue bsc#1180422 bsc#1180482 ++++ kernel-default: - Refresh patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch. Refresh to v2 URL - commit 82e37f2 - blacklist.conf: 44623b2818f4 crypto: x86/crc32c - fix building with clang ias - commit 4260c52 - x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489). - commit ec737c3 - mm: fix phys_to_target_node() and memory_add_physaddr_to_nid() exports (jsc#SLE-14344). - device-dax/kmem: fix resource release (jsc#SLE-14344). - device-dax: add a range mapping allocation attribute (jsc#SLE-14344). - dax/hmem: introduce dax_hmem.region_idle parameter (jsc#SLE-14344). - device-dax: add an 'align' attribute (jsc#SLE-14344). - device-dax: make align a per-device property (jsc#SLE-14344). - device-dax: introduce 'mapping' devices (jsc#SLE-14344). - device-dax: add dis-contiguous resource support (jsc#SLE-14344). - mm/memremap_pages: support multiple ranges per invocation (jsc#SLE-14344). - mm/memremap_pages: convert to 'struct range' (jsc#SLE-14368). - device-dax: add resize support (jsc#SLE-14344). - drivers/base: make device_find_child_by_name() compatible with sysfs inputs (jsc#SLE-14344). - device-dax: introduce 'seed' devices (jsc#SLE-14344). - device-dax: introduce 'struct dev_dax' typed-driver operations (jsc#SLE-14344). - device-dax: add an allocation interface for device-dax instances (jsc#SLE-14344). - device-dax/kmem: replace release_resource() with release_mem_region() (jsc#SLE-14344). - device-dax/kmem: move resource name tracking to drvdata (jsc#SLE-14344). - device-dax/kmem: introduce dax_kmem_range() (jsc#SLE-14344). - device-dax: make pgmap optional for instance creation (jsc#SLE-14344). - device-dax: move instance creation parameters to 'struct dev_dax_data' (jsc#SLE-14344). - device-dax: drop the dax_region.pfn_flags attribute (jsc#SLE-14344). - ACPI: HMAT: attach a device for each soft-reserved range (jsc#SLE-14344). - mm/memory_hotplug: introduce default phys_to_target_node() implementation (jsc#SLE-14344). - resource: report parent to walk_iomem_res_desc() callback (jsc#SLE-14344). - ACPI: HMAT: refactor hmat_register_target_device to hmem_register_device (jsc#SLE-14344). - efi/fake_mem: arrange for a resource entry per efi_fake_mem instance (jsc#SLE-14344). - x86/numa: add 'nohmat' option (jsc#SLE-14344). - x86/numa: cleanup configuration dependent command-line options (jsc#SLE-14344). - mm/memory_hotplug: introduce default dummy memory_add_physaddr_to_nid() (jsc#SLE-14344). - device-dax: add memory via add_memory_driver_managed() (jsc#SLE-14344). - commit 5becd55 - mm/memory_hotplug: introduce add_memory_driver_managed() (jsc#SLE-14344). - Refresh for the above patch, patches.suse/0001-mm-don-t-panic-when-links-can-t-be-created-in-sysfs.patch. - commit 788a9a9 - device-dax: don't leak kernel memory to user space after unloading kmem (jsc#SLE-14344). - commit b01827a - mm/memremap: set caching mode for PCI P2PDMA memory to WC (jsc#SLE-14344). - Refresh for the above patch, patches.suse/1933-memremap-rename-MEMORY_DEVICE_DEVDAX-to-MEMORY_DEVIC.patch. - commit 4730420 - series.conf: refresh - update upstream reference and resort: patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch - commit c554179 - mm/memory_hotplug: add pgprot_t to mhp_params (jsc#SLE-14344). - Refresh for the above patch, patches.suse/powerpc-mm-Limit-resize_hpt_for_hotplug-call-to-hash.patch. - commit 92a2c86 - powerpc/mm: thread pgprot_t through create_section_mapping() (jsc#SLE-14344). - Refresh for the above patch, patches.suse/powerpc-mm-Limit-resize_hpt_for_hotplug-call-to-hash.patch. patches.suse/powerpc-mm-radix-Create-separate-mappings-for-hot-pl.patch. patches.suse/powerpc-mm-radix-Remove-split_kernel_mapping.patch. - commit 22697fb - ntb: intel: add Intel NTB LTR vendor support for gen4 NTB (jsc#SLE-12710). - commit 22de07c - x86/mm: thread pgprot_t through init_memory_mapping() (jsc#SLE-14344). - Refresh for the above patch, patches.suse/x86-platform-uv-Remove-uv-bios-and-efi-code-related-.patch. - commit 9cc6133 - mm/memory_hotplug: rename mhp_restrictions to mhp_params (jsc#SLE-14368). - mm/memory_hotplug: drop the flags field from struct mhp_restrictions (jsc#SLE-14344). - dax: Move mandatory ->zero_page_range() check in alloc_dax() (jsc#SLE-14344). - libnvdimm/e820: Retrieve and populate correct 'target_node' info (jsc#SLE-14344). - x86/NUMA: Provide a range-to-target_node lookup facility (jsc#SLE-14344). - x86/mm: Introduce CONFIG_NUMA_KEEP_MEMINFO (jsc#SLE-14344). - Update following config files for the above patch, config/arm64/default config/ppc64le/default config/s390x/default config/x86_64/default - commit 3d588c7 - powerpc/papr_scm: Switch to numa_map_to_online_node() (jsc#SLE-14344). - Refresh for the above patch, patches.suse/powerpc-papr_scm-Fetch-nvdimm-health-information-fro.patch. patches.suse/powerpc-papr_scm-Fetch-nvdimm-performance-stats-from.patch. - commit 9f14d6c - mm/numa: Skip NUMA_NO_NODE and online nodes in numa_map_to_online_node() (jsc#SLE-14344). - commit f7082df - mm/memory_hotplug.c: add a bounds check to __add_pages() (jsc#SLE-14344). - dax: Add numa_node to the default device-dax attributes (jsc#SLE-14344). - dax: Simplify root read-only definition for the 'resource' attribute (jsc#SLE-14344). - dax: Create a dax device_type (jsc#SLE-14344). - dax: Fix alloc_dax_region() compile warning (jsc#SLE-14344). - commit 4c51fce - Update kabi files. - update from January 2021 maintenance update submission (commit 4ff469b6e1a0) - commit a9bc2aa - ALSA: usb-audio: Add alias entry for ASUS PRIME TRX40 PRO-S (git-fixes). - ACPI: HMAT: Fix handling of changes from ACPI 6.2 to ACPI 6.3 (git-fixes). - ACPI: Add out of bounds and numa_off protections to pxm_to_node() (git-fixes). - ehci-hcd: Move include to keep CRC stable (git-fixes). - commit 407490e - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - commit e4eab60 - ALSA: hda/realtek - Modify Dell platform name (git-fixes). - ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes). - ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (git-fixes). - commit 5e10442 - Move upstreamed sound patch into sorted section - commit 0c5f21f - r8169: work around power-saving bug on some chip versions (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - rtc: pl031: fix resource leak in pl031_probe (git-fixes). - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes). - i3c master: fix missing destroy_workqueue() on error in i3c_master_register (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes). - media: gp8psk: initialize stats at power control logic (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - commit 57824b9 - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: usb-audio: Add quirk for RC-505 (git-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (git-fixes). - ALSA: hda/realtek: Add two "Intel Reference board" SSID in the ALC256 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes). - ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes). - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes). - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes). - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes). - commit 3b01e24 ++++ colord: - Update to version 1.4.5: + New Features: - Add cd_icc_create_default_full - Add cd_icc_utils_get_adaptation_matrix - Add cd_mat33_is_finite - Add support for datacolor SpyderX + Bugfixes: - Check for errors from more sqlite calls - Fix cd_icc_load_data() annotation for the data array - Fix cd-sensor-dummy - Fix more annotation for data arrays - Fix owner and permissions on existing state files - Fix segfault due to dereferencing NULL pointer - Make the build reproductible - Refactor opening of mapping database and try again if fails - Drop add-spyderx.patch: Included upstream in new release. ++++ u-boot-rpiarm64: - Rename sun50ia64 to sun50i_a64 and sun50ih6 to sun50i_h6 to follow arm-trusted-firmware-* rename ++++ virt-manager: - bsc#1180069 - L3: virsh edit Error: XML document failed to validate against schema: Unable to validate doc. virtinst-smbios-unsupported-for-xenpv.patch ------------------------------------------------------------------ ------------------ 2021-1-6 - Jan 6 2021 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.343: + Updated pci, usb and vendor ids. ++++ kernel-default: - powerpc/sstep: Fix array out of bound warning (bsc#1180581 ltc#190174). - Delete patches.suse/powerpc-sstep-Add-testcases-for-VSX-vector-paired-lo.patch (bsc#1180581 ltc#190174). Drop test for the broken emulation, too. - commit 346e1c7 - powerpc/test_emulate_step: Add testcases for divde[.] and divdeu[.] instructions (bsc#1180581 ltc#190174). - commit 98eaae4 - powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1180581 ltc#190174). - powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1180581 ltc#190174). - commit 4565dda - Delete patches.suse/powerpc-sstep-Support-VSX-vector-paired-storage-acce.patch (bsc#1180581 ltc#190174). Drop patch causing array overflow. - commit ee77681 - drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup (bsc#1159955 ltc#182993). - Delete patches.suse/drivers-base-memory.c-cache-blocks-in-radix-tree-to-.patch. Refresh to upstream patch. - commit 7c92ca5 - Refresh patches.suse/nvme-fc-avoid-calling-_nvme_fc_abort_outstanding_ios-from-interrupt-context.patch Fix commit hash - commit fdfd462 - Refresh patches.suse/0001-btrfs-qgroup-don-t-try-to-wait-flushing.patch Fix commit hash - commit 5ec0893 - Refresh patch metadata. - Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch. - commit 45ce7d1 - ima: Fail rule parsing when asymmetric key measurement isn't supportable (jsc#SLE-15209). - ima: Pre-parse the list of keyrings in a KEY_CHECK rule (jsc#SLE-15209). - ima: Use the common function to detect LSM conditionals in a rule (jsc#SLE-15209). - ima: Move comprehensive rule validation checks out of the token parser (jsc#SLE-15209). - ima: Use correct type for the args_p member of ima_rule_entry.lsm elements (jsc#SLE-15209). - ima: Shallow copy the args_p member of ima_rule_entry.lsm elements (jsc#SLE-15209). - ima: Fail rule parsing when the KEY_CHECK hook is combined with an invalid cond (jsc#SLE-15209). - ima: Fail rule parsing when the KEXEC_CMDLINE hook is combined with an invalid cond (jsc#SLE-15209). - ima: Fail rule parsing when buffer hook functions have an invalid action (jsc#SLE-15209). Refresh patches.suse/ima-Fail-rule-parsing-when-appraise_flag-blacklist-i.patch - ima: Free the entire rule if it fails to parse (jsc#SLE-15209). - ima: Free the entire rule when deleting a list of rules (jsc#SLE-15209). - mm: add kvfree_sensitive() for freeing sensitive data objects (jsc#SLE-15209). - IMA: pre-allocate buffer to hold keyrings string (jsc#SLE-15209). Refresh patches.suse/ima-Directly-assign-the-ima_default_policy-pointer-t.patch - commit d6d4155 - lib/string: remove unnecessary #undefs (git-fixes). - bitmap: remove unused function declaration (git-fixes). - swiotlb: using SIZE_MAX needs limits.h included (git-fixes). - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" (git-fixes). - kdb: Fix pager search for multi-line strings (git-fixes). - kgdb: Drop malformed kernel doc comment (git-fixes). - commit 28d99cb - EDAC/amd64: Fix PCI component registration (bsc#1152489). - commit 6c4ae9b ++++ keyutils: - adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ++++ libarchive: - update to 3.5.1: * various compilation fixes (#1461, #1462, #1463, #1464) * fixed undefined behavior in a function in warc reader (#1465) ++++ libdrm: - update to 2.4.103: * xf86drm.c: Use integer logarithm. * amdgpu: only enable security tests on raven family * amdgpu: sync up amdgpu_drm.h with latest from kernel * amdgpu: add marketing names from 20.40 * intel: add INTEL_DG1_IDS to the pciids list * amdgpu: add device IDs for Raven, Picasso and Renoir * intel: sync i915_pciids.h with kernel * amdgpu: Add Device IDs for Embedded Raven2 platforms * intel: sync i915_pciids.h with kernel * xf86drm.c: fix build failure * core: use `O_RDONLY` instead of ambiguous `0` flag * lots of tests/amdgpu updates ++++ shared-mime-info: - Update to version 2.1: + Adapt to xdgmime behaviour change: in case of multiple glob matches, and the magic match is unrelated to all of them, ignore the magic and pick one of the glob matches. xdgmime was actually deviating from the spec on this. + Improve text/vnd.trolltech.linguist magic to reduce false positives for MPEG TS files. + audio/mpeg: add layer 2, 2.5, and 1 protected magics. + Add many aliases for image/x-tga. + audio/x-mod: improve magic for 669 Composer files. + Add mime-type image/ktx2 (Khronos image texture format version 2). + application/oxps: differentiate from /vnd.ms-xpsdocument. + Make image/g3fax the canonical name for image/fax-g3. + Make text/vnd.trolltech.linguist the canonical name for text/vnd.qt.linguist. + Make application/vnd.smaf the canonical name for application/x-smaf, + Make application/vnd.apple.keynote the canonical name for application/x-iwork-keynote-sffkey. + Add mime-type image/astc (Adaptive Scalable Texture Compression files). + Add mime-type for SageMath script files (*.sage). + Add mime-type for Kaitai Struct. + Remove application/x-dc-rom. + Add mime-type for MAME compressed hard disk image (application/x-mame-chd). + Add mime-types application/nintendo-3ds-executable, application/x-nintendo-3ds-rom. + Add mime-types application/x-dreamcast-rom, application/x-gd-rom-cue, application/x-discjuggler-cd-image. + Add mime-type application/x-compressed-iso (*.cso). + Remove image/avif-sequence. + Fix application/x-sharedlib vs application/x-executable confusion for PIE executables. - Drop smi-Fix-pkg-config-installation-path.patch: fixed upstream. ------------------------------------------------------------------ ------------------ 2021-1-5 - Jan 5 2021 ------------------- ------------------------------------------------------------------ ++++ bcache-tools: - bcache.h: fix typo from SUUP to SUPP (jsc#SLE-9807) 0019-bcache.h-fix-typo-from-SUUP-to-SUPP.patch - bcache-tools: only call set_bucket_size() for cache device (jsc#SLE-9807) 0020-bcache-tools-only-call-set_bucket_size-for-cache-dev.patch - bcache.h: add BCH_FEATURE_INCOMPAT_LARGE_BUCKET to BCH_FEATURE_INCOMPAT_SUPP (jsc#SLE-9807) 0021-bcache.h-add-BCH_FEATURE_INCOMPAT_LARGE_BUCKET-to-BC.patch - bcache-tools: check incompatible feature set (jsc#SLE-9807) 0022-bcache-tools-check-incompatible-feature-set.patch - bcache-tools: introduce BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE for large bucket (jsc#SLE-9807) 0023-bcache-tools-introduce-BCH_FEATURE_INCOMPAT_LOG_LARG.patch - bcache-tools: display obsoleted bucket size configuration (jsc#SLE-9807) 0024-bcache-tools-display-obsoleted-bucket-size-configura.patch - bcache-tools: recover the missing sb.csum for showing bcache device super block (jsc#SLE-9807) 0025-bcache-tools-recover-the-missing-sb.csum-for-showing.patch - bcache-tools: only call to_cache_sb() for bcache device in may_add_item() (jsc#SLE-9807) 0026-bcache-tools-only-call-to_cache_sb-for-bcache-device.patch - bcache-tools: improve column alignment for "bcache show - m" output (jsc#SLE-9807) 0027-bcache-tools-improve-column-alignment-for-bcache-sho.patch ++++ lvm2-device-mapper: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - change lvm.conf item external_device_info_source from none to udev - comment out lvm.conf item preferred_names by default (bsc#1179738) - comment out preferred_names ++++ glibc: - sysvipc-sem-stat-any.patch: sysvipc: Fix SEM_STAT_ANY kernel argument pass (bsc#1180557, BZ #26637) ++++ kernel-default: - KVM: x86: Expose AVX512_FP16 for supported CPUID (jsc#SLE-13413). - commit a3f980a - KVM: x86: Expose fast short REP MOV for supported cpuid (bsc#1180334). - x86/asm: Drop unused RDPID macro (bsc#1180334). - KVM: x86: emulating RDPID failure shall return #UD rather than [#]GP (bsc#1180334). - kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID (bsc#1180334). - commit 05fbe0b - x86: Enumerate AVX512 FP16 CPUID feature flag (jsc#SLE-13413). - commit fd2814e - powerpc/sstep: Add testcases for VSX vector paired load/store instructions (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/sstep: Support VSX vector paired storage access instructions (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions (jsc#SLE-12936 bsc#1180581 ltc#190174). - powerpc/sstep: Add testcases for VSX vector paired load/store instructions (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/ppc-opcode: Add encoding macros for VSX vector paired instructions (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/sstep: Support VSX vector paired storage access instructions (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/ppc-opcode: Fold PPC_INST_* macros into PPC_RAW_* macros (jsc#SLE-13847 bsc#1180581 ltc#190174). - Refresh patches.suse/powerpc-sstep-Add-tests-for-prefixed-floating-point-.patch. - Refresh patches.suse/powerpc-sstep-Add-tests-for-prefixed-integer-load-st.patch. - powerpc/ppc-opcode: Reuse raw instruction macros to stringify (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/ppc-opcode: Consolidate powerpc instructions from bpf_jit.h (jsc#SLE-13847 bsc#1180581 ltc#190174 bsc#1180567 ltc#190612). - powerpc/bpf_jit: Reuse instruction macros from ppc-opcode.h (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/ppc-opcode: Move ppc instruction encoding from test_emulate_step (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/ppc-opcode: Introduce PPC_RAW_* macros for base instruction encoding (jsc#SLE-13847 bsc#1180581 ltc#190174). - powerpc/lib: Fix emulate_step() std test (jsc#SLE-13847 bsc#1180581 ltc#190174). - commit 6a6d57b - target: fix XCOPY NAA identifier lookup (CVE-2020-28374, bsc#1178372). - commit 3e5427c - Move upstreamed regmap and pinctrl patches into sorted section - commit 6d2ef28 - ALSA: hda/hdmi: Fix incorrect mutex unlock in silent_stream_disable() (bsc#1180543). - commit a9190f5 - intel_idle: Disable ACPI _CST on Haswell (bsc#1177399, bsc#1180347, bsc#1180141). - commit 92491ff - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158 bsc#1180559). - commit 3e80605 - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - commit 916e8ac - Replace HTTP links with HTTPS ones: security (jsc#SLE-15209). - tpm_ftpm_tee: register driver on TEE bus (jsc#SLE-15209). - tpm: Add support for event log pointer found in TPM2 ACPI table (jsc#SLE-15209). - tpm: Unify the mismatching TPM space buffer sizes (jsc#SLE-15209). - Removed commit id in blacklist.conf - libnvdimm/security: Fix key lookup permissions (jsc#SLE-15209). - tpm_tis_spi: Prefer async probe (jsc#SLE-15209). - tpm/st33zp24: fix spelling mistake "drescription" -> "description" (jsc#SLE-15209). - tpm_tis_spi: Don't send anything during flow control (jsc#SLE-15209). - security: fix the key_permission LSM hook function type (jsc#SLE-15209). - keys: Make the KEY_NEED_* perms an enum rather than a mask (jsc#SLE-15209). - keys: Implement update for the big_key type (jsc#SLE-15209). - security/keys: rewrite big_key crypto to use library interface (jsc#SLE-15209). Update config files. - KEYS: encrypted: use crypto_shash_tfm_digest() (jsc#SLE-15209). - crypto: hash - introduce crypto_shash_tfm_digest() (jsc#SLE-15209). - tpm: eventlog: Replace zero-length array with flexible-array member (jsc#SLE-15209). - tpm/tpm_ftpm_tee: Use UUID API for exporting the UUID (jsc#SLE-15209). - sysfs: remove redundant __compat_only_sysfs_link_entry_to_kobj fn (jsc#SLE-15209). - KEYS: Avoid false positive ENOMEM error on key read (jsc#SLE-15209). - KEYS: Don't write out to userspace while holding key semaphore (jsc#SLE-15209). - MAINTAINERS: adjust to trusted keys subsystem creation (jsc#SLE-15209). - tpm: tpm_tis_spi_cr50: use new structure for SPI transfer delays (jsc#SLE-15209). - tpm_tis_spi: use new 'delay' structure for SPI transfer delays (jsc#SLE-15209). - tpm: Revert tpm_tis_spi_mod.ko to tpm_tis_spi.ko (jsc#SLE-15209). - IMA: fix measuring asymmetric keys Kconfig (jsc#SLE-15209). - Refresh patches.suse/0002-ima-generalize-x86-EFI-arch-glue-for-other-EFI-archi.patch patches.suse/ima-add-a-new-CONFIG-for-loading-arch-specific-polic.patch - Update config files. CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y - IMA: Read keyrings= option from the IMA policy (jsc#SLE-15209). - IMA: Add support to limit measuring keys (jsc#SLE-15209). - KEYS: Call the IMA hook to measure keys (jsc#SLE-15209). - IMA: Define an IMA hook to measure keys (jsc#SLE-15209). Refresh patches.suse/0002-ima-generalize-x86-EFI-arch-glue-for-other-EFI-archi.patch - IMA: Add KEY_CHECK func to measure keys (jsc#SLE-15209). - IMA: Check IMA policy flag (jsc#SLE-15209). - tpm: Add tpm_version_major sysfs file (jsc#SLE-15209). - tpm/tpm_ftpm_tee: add shutdown call back (jsc#SLE-15209). - security: keys: trusted: fix lost handle flush (jsc#SLE-15209). - KEYS: remove CONFIG_KEYS_COMPAT (jsc#SLE-15209). Update config files. - KEYS: trusted: Remove set but not used variable 'keyhndl' (jsc#SLE-15209). - KEYS: trusted: Move TPM2 trusted keys code (jsc#SLE-15209). - KEYS: trusted: Create trusted keys subsystem (jsc#SLE-15209). Refresh patches.suse/1885-kbuild-remove-header-compile-test.patch patches.suse/KVM-arm-arm64-Factor-out-hypercall-handling-from-PSC.patch patches.suse/crypto-sha-split-sha.h-into-sha1.h-and-sha2.h.patch - KEYS: Use common tpm_buf for trusted and asymmetric keys (jsc#SLE-15209). - tpm: Move tpm_buf code to include/linux/ (jsc#SLE-15209). - tpm: use GFP_KERNEL instead of GFP_HIGHMEM for tpm_buf (jsc#SLE-15209). - tpm: tpm_tis_spi: Drop THIS_MODULE usage from driver struct (jsc#SLE-15209). - tpm: tpm_tis_spi: Cleanup includes (jsc#SLE-15209). - tpm: tpm_tis_spi: Support cr50 devices (jsc#SLE-15209). Update config files. - tpm: tpm_tis_spi: Introduce a flow control callback (jsc#SLE-15209). - tpm: Add a flag to indicate TPM power is managed by firmware (jsc#SLE-15209). - tpm_tis: override durations for STM tpm with firmware 1.2.8.28 (jsc#SLE-15209). - tpm: provide a way to override the chip returned durations (jsc#SLE-15209). - tpm: Remove duplicate code from caps_show() in tpm-sysfs.c (jsc#SLE-15209). - tpm/tpm_ftpm_tee: A driver for firmware TPM running inside TEE (jsc#SLE-15209). Update config files. - tpm: Remove a deprecated comments about implicit sysfs locking (jsc#SLE-15209). - commit 7e1f0f4 - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - commit 7522976 - mm: validate inode in mapping_set_error() (git-fixes). - commit 05b16dc ++++ alsa: - Backport upstream fixes: a PCM plugin regression fix about snd_pcm_status() call, plugin directory handling fixes, missing audio timestamp types, use-after-free fix for conf parser, PCM plugin delay account fixes, etc: 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch 0018-conf-fix-get_hexachar-return-value.patch 0019-pcm-fix-__snd_pcm_state-return-value.patch 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch 0022-pcm-plugin-status-fix-the-return-value-regression.patch 0023-pcm-plugin-status-revert-the-recent-changes.patch 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch 0026-Revert-pcm_plugin-fix-delay.patch 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch 0031-pcm-plugin-fix-status-code-for-capture.patch 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch 0033-pcm-rate-fix-the-capture-delay-values.patch ++++ lvm2: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - change lvm.conf item external_device_info_source from none to udev - comment out lvm.conf item preferred_names by default (bsc#1179738) - comment out preferred_names ++++ libpwquality: - Do not use macro %make_build pre SLE-15 Use "make -O %{?_smp_mflags}" instead [libpwquality.spec] ++++ python3-core: - (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency. ++++ mdadm: - Incremental: Remove redundant spare movement logic (jsc#SLE-13700, bsc#1180220) 0112-Incremental-Remove-redundant-spare-movement-logic.patch - Dump: get stat from a wrong metadata file when restoring metadata (jsc#SLE-13700) 0113-Dump-get-stat-from-a-wrong-metadata-file-when-restor.patch ++++ podman: - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using - -mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 ++++ python3: - (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency. ++++ qemu: - Fix crash when spice used and the qemu-audio-spice package isn't installed (boo#1180210) audio-add-sanity-check.patch - Add some stable patches from upstream block-Fix-deadlock-in-bdrv_co_yield_to_d.patch block-Fix-locking-in-qmp_block_resize.patch block-nfs-fix-int-overflow-in-nfs_client.patch block-Simplify-qmp_block_resize-error-pa.patch build-no-pie-is-no-functional-linker-fla.patch ++++ virt-manager: - bsc#1180047 - [xen][virt-manger] Libvirt or Hyperisor does not support UEFI for 15SP3 XENPV Guest virtman-show-no-firmware-for-xenpv.patch ------------------------------------------------------------------ ------------------ 2021-1-4 - Jan 4 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Second attempt to exclude systemd.automount from nfs processing: fix boo#1116625 ++++ haveged: - Update to 1.9.14: * made enttest configurable * havegecmd.c - new command added to close the communication socket - Drop haveged-conditional-enttest.patch ++++ kernel-default: - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - fs/buffer.c: record blockdev write errors in super_block that it backs (bsc#1172266). - vfs: track per-sb writeback errors and report them to syncfs (bsc#1172266). - commit 934c84a - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - commit 98b0ffc - Revert "ceph: allow rename operation under different quota realms" (bsc#1180541). - commit 1a2a0a7 - Refresh patches.suse/ceph-downgrade-warning-from-mdsmap-decode-to-debug.patch. - Refresh patches.suse/ceph-fix-race-in-concurrent-_ceph_remove_cap-invocations.patch. Patches have been merged into mainline; refreshing Git-commit and Path-mainline tags in patches. - commit d338d00 - nfp: move indirect block cleanup to flower app stop callback (bsc#1176447). - ethtool: fix error paths in ethnl_set_channels() (bsc#1176447). - i40e, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-13701). - RDMA/mlx5: Fix MR cache memory leak (jsc#SLE-15175). - RDMA/bnxt_re: Fix max_qp_wrs reported (bsc#1175499). - RDMA/hns: Bugfix for calculation of extended sge (jsc#SLE-14777). - RDMA/rtrs-srv: Fix typo (jsc#SLE-15176). - RDMA/rtrs-srv: Don't guard the whole __alloc_srv with srv_mutex (jsc#SLE-15176). - RDMA/rtrs-clt: Missing error from rtrs_rdma_conn_established (jsc#SLE-15176). - RDMA/rtrs-clt: Avoid run destroy_con_cq_qp/create_con_cq_qp in parallel (jsc#SLE-15176). - RDMA/rtrs-clt: Remove outdated comment in create_con_cq_qp (jsc#SLE-15176). - RDMA/rtrs-clt: Remove destroy_con_cq_qp in case route resolving failed (jsc#SLE-15176). - IB/isert: add module param to set sg_tablesize for IO cmd (jsc#SLE-15176). - RDMA/core: Fix error return in _ib_modify_qp() (jsc#SLE-15176). - RDMA/bnxt_re: Fix entry size during SRQ create (jsc#SLE-15076 bsc#1175499). - net/mlx5e: remove unnecessary memset (jsc#SLE-15172). - net/sched: fix miss init the mru in qdisc_skb_cb (bsc#1176447). - i40e: remove redundant assignment (jsc#SLE-13701). - ionic: use mc sync for multicast filters (jsc#SLE-16649). - net: sched: Fix dump of MPLS_OPT_LSE_LABEL attribute in cls_flower (bsc#1176447). - net: flow_offload: Fix memory leak for indirect flow block (jsc#SLE-15075). - e1000e: fix S0ix flow to allow S0i3.2 subset entry (jsc#SLE-13532). - bonding: fix feature flag setting at init time (bsc#1176447). - ch_ktls: fix build warning for ipv4-only config (jsc#SLE-15129). - net/sched: fq_pie: initialize timer earlier in fq_pie_init() (jsc#SLE-15172). - commit feb8216 - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - commit a2fd2d8 - Delete patches.suse/powerpc-pci-unmap-legacy-INTx-interrupts-when-a-PHB-.patch (bsc#1172145 ltc#184630). To be replaced with new fix merged through SP2. - commit 8ea9da6 - powerpc/cacheinfo: Print correct cache-sibling map/list for L2 cache (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Add support detecting thread-groups sharing L2 cache (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Rename init_thread_group_l1_cache_map() to make it generic (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Rename cpu_l1_cache_map as thread_group_l1_cache_map (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Parse ibm,thread-groups with multiple properties (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Use GFP_ATOMIC while allocating tmp mask (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Remove unnecessary variable (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Optimize update_coregroup_mask (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Move coregroup mask updation to a new function (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Optimize update_mask_by_l2 (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Check for duplicate topologies and consolidate (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Depend on cpu_l1_cache_map when adding CPUs (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Stop passing mask to update_mask_by_l2 (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Limit CPUs traversed to within a node (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Optimize remove_cpu_from_masks (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Remove get_physical_package_id (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Stop updating cpu_core_mask (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/topology: Update topology_core_cpumask (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/topology: Override cpu_smt_mask (jsc#SLE-13615 bsc#1180100 ltc#190257). - sched/topology: Allow archs to override cpu_smt_mask (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/cacheinfo: Add per cpu per index shared_cpu_list (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/cacheinfo: Make cpumap_show code reusable (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/cacheinfo: Use cpumap_print to print cpumap (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Use IS_ENABLED() to avoid #ifdef (jsc#SLE-13615 bsc#1180100 ltc#190257). - powerpc/smp: Drop superfluous NULL check (jsc#SLE-13615 bsc#1180100 ltc#190257). - commit aa22c03 - blacklist.conf: adab66b71abf ("Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"") We do not support metag and sparc64 archs. - commit 99ad074 - blacklist.conf: d9a9280a0d0a ("seq_buf: Avoid type mismatch for seq_buf_init") It breaks kABI. It is not worth the hassle to backport. - commit 7c29506 - module: delay kobject uevent until after module init call (bsc#1178631). - Refresh patches.suse/supported-flag. - commit 9f35554 - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - commit e888e29 - blacklist.conf: 310e3a4b5a4f ("tracing: Remove WARN_ON in start_thread()") CONFIG_HWLAT_TRACER is not set anywhere. - commit 4f64022 - ocfs2: fix unbalanced locking (bsc#1180506). - commit b54b08a - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - commit 1e25d62 - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - commit 48f3c1f - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware doesn't give back (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - commit 57d3bee ++++ keyutils: - update to 1.6.3: * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow "keyctl supports" to retrieve raw capability data. * Allow "keyctl id" to turn a symbolic key ID into a numeric ID. * Allow "keyctl new_session" to name the keyring. * Allow "keyctl add/padd/etc." to take hex-encoded data. * Add "keyctl watch*" to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. - spec-cleaner run (fixup failing homepage url) ++++ libcap: - update to 2.46: * The bulk of this release concerns fixes and improvements to libpsx * Fix the capsh == argument handling and add a test case * Added build support for systems that do not support libpthread * Added build support for not building shared libraries ++++ libnettle: - GNU Nettle 3.7: * add bcrypt password hashing * add optimizations: PowerPC64 assembly - remove deprecated texinfo packaing macros ++++ openldap2: - bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch ++++ libvirt: - Update libxl-set-migration-constraints.patch Remove code which handled --max_factor. The total amount of transferred data is no indicator to trigger the final stop+copy. This should have been removed during upgrade to Xen 4.7. Reduce default value of --max_iters from 5 to 2. The workload within domU will continue to produce dirty pages. It is unreasonable to expect any slowdown during migration. Now there is one initial copy of all memory, one instead of four iteration for dirty memory, and a final copy iteration prior move. ++++ zchunk: - Add d2eae512bee09a4047cfe586de12f644d73b0736.patch: Fix build with zstd 1.4.7+. ++++ tcl: - New version: 8.6.11: * Add tcltest::(Setup|Eval|Cleanup|)Test * Update to Unicode-13 * Add 3 libtommath functions to stub table * Many more bug fixes - Potentially incompatible changes: * (bug)[ffeb20] [binary decode base64] ignore invalid chars * (bug)[b8e82d] some -maxlen values break uuencode round trip * (bug)[085913] Tcl_DStringAppendElement # quoting precision * (bug)[81242a] revised documentation for Tcl_UtfAtIndex() * (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes * (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24)) * (bug)[501974] [clock scan] +time zone (clock-34.(53-68)) * (new) force -eofchar \032 when evaluating library scripts * (new)[48898a] improve error message consistency * (new) revised case of module names ++++ tk: - Version 8.6.11: * Fix TkKeyEvent platform variations * ttk respect -cursor option * MouseWheel for ttk::scrollbar * fix fontconfig crash when no font installed * fix tearoff menu redraw artifacts * stop crash w/Noto Color Emoji font * fix crash of angled text w/o Xft * fix crash when active button is destroyed * disfavor Master/Slave terminology * many more bug fixes. ++++ u-boot-rpiarm64: - Add rockpro64-rk3399 ++++ xfsprogs: - update to 5.10.0: - xfs_repair: remove old code for mountpoint inodes - xfsprogs: Add inode btree counter feature - xfsprogs: Add bigtime feature for Y2038 - xfsprogs: Polish translation update - mkfs.xfs: Add config file feature - mkfs.xfs: allow users to specify rtinherit=0 - xfs_repair: simplify bmap_next_offset - man: various manpage updates - libxfs: remove some old dead code - libxfs: add realtime extent tracking - libxfs changes merged from kernel 5.10 - refresh 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch against libxfs changes ++++ yast2-trans: - Update to version 84.87.20201231.ee5608b05e: * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (French) * Translated using Weblate (Czech) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) ------------------------------------------------------------------ ------------------ 2021-1-2 - Jan 2 2021 ------------------- ------------------------------------------------------------------ ++++ distribution-logos-openSUSE: - Only build Leap subpackage on Leap base and Tumbleweed based distros subpackages on Tumbleweed base ------------------------------------------------------------------ ------------------ 2021-1-1 - Jan 1 2021 ------------------- ------------------------------------------------------------------ ++++ python-urllib3: - Skip test for RECENT_DATE. It is a test purely for developers. To maintain reproducibility, keep upstreams possibly outdated RECENT_DATE in the source code. ------------------------------------------------------------------ ------------------ 2020-12-31 - Dec 31 2020 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908 (which addresses CVE-2020-17437, CVE-2020-17438, CVE-2020-13987, and CVE-2020-13988), changes include: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface ++++ kernel-default: - series.conf: cleanup - move unsortable patch out of sorted section: patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch - update upstream reference: patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch - commit a0b2ce7 ++++ Mesa: - update to 20.3.2 * second bugfix release for the 20.3 branch - drm and surfaceless are not specified as platforms anymore, remove them from egl_platforms ++++ supportutils: - Additions to version 3.1.13 + Added update-alternatives to etc.txt #82 + Collects rotated logs with different compression types (bsc#1180478) + Added GPL-2.0-only license tag to spec file ------------------------------------------------------------------ ------------------ 2020-12-30 - Dec 30 2020 ------------------- ------------------------------------------------------------------ ++++ gstreamer: - Move gst-plugins-doc-cache-generator to devel subpackage (remove python3 dependency on main gstreamer package). ++++ kernel-default: - ibmvnic: fix login buffer memory leak (jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - commit 2d2f67f - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - commit e6ea824 - Refresh patches.suse/powerpc-perf-Exclude-kernel-samples-while-counting-e.patch. - commit fc17dca - powerpc/perf: Fix Threshold Event Counter Multiplier width for P10 (jsc#SLE-13513 bsc#1180072 ltc#190309). - commit c1c01ab - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - commit e90809a - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - commit b5cc99b - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - commit 9125964 - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - commit 7bcd26b - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - commit bfd7479 - powerpc/64: Fix an EMIT_BUG_ENTRY in head_64.S (jsc#SLE-9246 git-fixes). - powerpc/signal: Move inline functions in signal.h (jsc#SLE-16200 git-fixes). - commit d0ddb83 - powerpc/sstep: Cover new VSX instructions under CONFIG_VSX (jsc#SLE-13847 git-fixes). - powerpc/sstep: Emulate prefixed instructions only when CPU_FTR_ARCH_31 is set (jsc#SLE-13847 git-fixes). - commit c3ca4ff - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - commit 3d98ea5 - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - commit 88fe3ed - Refresh patches.suse/powerpc-rtas-fix-typo-of-ibm-open-errinjct-in-rtas-f.patch Refresh to upstream version. - commit f0055e2 - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - commit e904a78 - Revert "powerpc/pseries/hotplug-cpu: Remove double free in error path" (bsc#1065729). - commit 243e39e - blacklist.conf: Add e91d8d78237d mm/zsmalloc.c: drop ZSMALLOC_PGTABLE_MAPPING The option is not enabled. - commit 65fee6f - powerpc/64: irq replay remove decrementer overflow check (jsc#SLE-9246 git-fixes(stable-5.10)). - commit 6c37cac - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - commit 1dd80ec - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - commit 59feb80 - Refresh patches.suse/powercap-Restrict-energy-meter-to-root-access.patch. Now in mainline - commit 414492a - blacklist.conf: fix already added by other patch - commit ed48336 - blacklist.conf: already gone in by another ID - commit 7020218 - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - commit 6f94554 - blacklist.conf: fix not relevant for our config - commit 47a12a9 ------------------------------------------------------------------ ------------------ 2020-12-29 - Dec 29 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - USB: UAS: introduce a quirk to set no_write_same (git-fixes). - commit bda3ea7 - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - commit 0912116 - crypto: qat - add CRYPTO_AES to Kconfig dependencies (git-fixes). - commit 6dcc047 - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - commit 5a12d1c - blacklist.conf: 3d51507f29f2 x86/entry/32: Add missing ASM_CLAC to general_protection entry - commit 794e745 - ACPI: NFIT: Fix input validation of bus-family (git-fixes). - nl80211: validate key indexes for cfg80211_registered_device (git-fixes). - commit d4bf12f - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - commit 705ed83 - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - commit 2f3db03 - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - commit 0da5ae4 ++++ libproxy: - Update to version 0.4.17: + python bindings: fix "TypeError: argtypes must be a sequence of types". - Drop 147.patch: fixed upstream. ++++ python-pytz: - update to 2020.5: * update to IANA 2020e timezone release ++++ timezone: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. ------------------------------------------------------------------ ------------------ 2020-12-28 - Dec 28 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/constraints.in: more disk space for aarch64 binary builds (bsc#1180261) Tumbleweed KotD builds already consume ~30 GB of disk space and SLE15-SP3 builds sometimes exceed even 32 GB, resulting in build failures. Thus the exception providing only 30 GB for aarch64 binary builds is no longer sustainable and if requiring 35 GB limits the portfolio of available builders, we need to address that. - commit 07b084b - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - commit 6e7d005 - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - commit 72ce98e - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - commit be1bad6 - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - commit af076e7 - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - commit 877e64a - rpm: drop /usr/bin/env in interpreter specification OBS checks don't like /usr/bin/env in script interpreter lines but upstream developers tend to use it. A proper solution would be fixing the depedency extraction and drop the OBS check error but that's unlikely to happen so that we have to work around the problem on our side and rewrite the interpreter lines in scripts before collecting files for packages instead. - commit 0ec5324 ++++ kernel-firmware: - Update to version 20201218 (git commit 646f159690e2): * make AP6212 in bananpi m2 plus/zero work * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: add firmware for Lontium LT9611UXC DSI to HDMI bridge * mediatek: update MT8173 VPU firmware to v1.1.6 * QCA : Updated firmware files for WCN3991 - Remove the already upstreamed extrawhence entry - Update topic entry for lt9611uxc - Update aliases from 5.10.x kernels ++++ libjpeg-turbo: - version update to 2.0.6 1. Fixed "using JNI after critical get" errors that occurred on Android platforms when using any of the YUV encoding/compression/decompression/decoding methods in the TurboJPEG Java API. 2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`: - Fixed segfaults or "Corrupt JPEG data: premature end of data segment" errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or 4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a similar fix, but it did not cover all cases. - `jpeg_skip_scanlines()` now throws an error if two-pass color quantization is enabled. Two-pass color quantization never worked properly with `jpeg_skip_scanlines()`, and the issues could not readily be fixed. - Fixed an issue whereby `jpeg_skip_scanlines()` always returned 0 when skipping past the end of an image. 3. The Arm 64-bit (Armv8) Neon SIMD extensions can now be built using MinGW toolchains targetting Arm64 (AArch64) Windows binaries. 4. Fixed unexpected visual artifacts that occurred when using `jpeg_crop_scanline()` and interblock smoothing while decompressing only the DC scan of a progressive JPEG image. 5. Fixed an issue whereby libjpeg-turbo would not build if 12-bit-per-component JPEG support (`WITH_12BIT`) was enabled along with libjpeg v7 or libjpeg v8 API/ABI emulation (`WITH_JPEG7` or `WITH_JPEG8`.) - modified sources % libjpeg-turbo.keyring ++++ python3-core: - readd --with-fpectl (bsc#1180377) ++++ python3: - readd --with-fpectl (bsc#1180377) ++++ samba: - Uninstalling samba-client: Failed to disable unit, cifs.service does not exists; (bsc#1180388); ++++ yast2-trans: - Update to version 84.87.20201227.aee94d5ba8: * Translated using Weblate (Portuguese) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Portuguese) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Indonesian) * New POT for text domain 'network'. * Translated using Weblate (Portuguese) * New POT for text domain 'storage'. * Translated using Weblate (Portuguese) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * Translated using Weblate (Italian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) ------------------------------------------------------------------ ------------------ 2020-12-27 - Dec 27 2020 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - update to NSS 3.59.1 * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules ++++ harfbuzz: - Update to version 2.7.4: + Fix missing --enable-introspection configure option - Changes from version 2.7.3: + Update USE shaper to 2020-08-13 specification, and other improvements + Don’t disable liga feature in myanmar shaper, to match Uniscribe + Improvements to language and script tags handling. + Update language system tag registry to OpenType 1.8.4 + Support for serializing and deserializing Unicode buffers + Increase buffer work limits to handle fonts with many complex lookups + Handle more shaping operations in trace output + Memory access fixes + More OOM fixes + Improved documentation. ++++ swtpm: - Update to version 0.5.2 - swtpm: - Fix potential buffer overflow related to largely unused data hashing function in control channel - swtpm: Unconditionally close fd if writing of pidfile fails (coverity) - swtpm_setup: - Increase timeout from 10s to 30s for slower machines - Travis: - Not building on OS X anymore due to additional costs ------------------------------------------------------------------ ------------------ 2020-12-24 - Dec 24 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - reset: raspberrypi: Don't reset USB if already up (bsc#1180336). - commit 72c8f7f - blacklist.conf: ignore CRYPTO_SKCIPHER kconfig option - commit 00dae55 - crypto: hisilicon - Cap block size at 2^31 (jsc#SLE-16507 jsc#SLE-15835). - commit 4cc08f7 ++++ inih: - Make package conform to spec-cleaner. ++++ u-boot-rpiarm64: Enable RPi 4 Compute Module (jsc#SLE-16895). Fix problems with DMA offset after FW update (bsc#1180338) Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2020.10 * Patches added: 0015-rpi-Add-identifier-for-the-new-RPi4.patch 0016-rpi-Add-identifier-for-the-new-CM4.patch 0017-pci-pcie-brcmstb-Fix-inbound-window.patch 0018-dm-Introduce-xxx_get_dma_range.patch 0019-dm-test-Add-test-case-for-dev_get_d.patch 0020-dm-Introduce-DMA-constraints-into-t.patch 0021-dm-test-Add-test-case-for-dev-dma_o.patch 0022-dm-Introduce-dev_phys_to_bus-dev_bu.patch 0023-dm-test-Add-test-case-for-dev_phys_.patch 0024-xhci-translate-virtual-addresses-in.patch 0025-mmc-Introduce-mmc_phys_to_bus-mmc_b.patch 0026-configs-rpi4-Enable-DM_DMA-across-a.patch 0027-video-arm-rpi-Add-brcm-bcm2711-hdmi.patch 0028-usb-xhci-xhci_bulk_tx-Don-t-BUG-whe.patch ------------------------------------------------------------------ ------------------ 2020-12-23 - Dec 23 2020 ------------------- ------------------------------------------------------------------ ++++ docker: - Add Conflicts and Provides for kubic flavour of docker-fish-completion. ++++ kernel-default: - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - commit 8a7b72b - crypto: hisilicon - fix driver compatibility issue with different versions of devices (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - change debugfs file name from qm_regs to regs (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - add DebugFS for xQC and xQE dump (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/zip - add debugfs for Hisilicon ZIP (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/hpre - add debugfs for Hisilicon HPRE (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - add debugfs for Hisilicon SEC (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - add debugfs to the QM state machine (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - add debugfs for QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/zip - Use temporary sqe when doing work (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add device error report through abnormal irq (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - remove codes of directly report device errors through MSI (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - QM memory management optimization (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - unify initial value assignment into QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - remove use_dma_api related codes (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add FLR support (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - add state machine for QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - refactor module parameter pf_q_num related code (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/zip - modify the ZIP probe process (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/hpre - modify the HPRE probe process (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - modify the SEC probe process (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - constify sec_dfx_regs (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/zip - constify struct debugfs_reg32 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/hpre - constify struct debugfs_reg32 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - Make qm_controller_reset() static (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - add more ACPI dependencies (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - fix build failure with ACPI off (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - stop qp by judging sq and cq tail (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - add controller reset support for SEC2 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/hpre - add controller reset support for HPRE (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/zip - add controller reset support for zip (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - add controller reset interface (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add vfs_num module parameter for hpre/sec (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - unify SR-IOV related codes into QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - put vfs_num into struct hisi_qm (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - Add new create qp process (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/hpre - Optimize finding hpre device process (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/zip - Use hisi_qm_alloc_qps_node() when init ctx (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/qm - Put device finding logic into QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - Add pbuffer mode for SEC driver (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - Update IV and MAC operation (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - Add iommu status check (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - Add workqueue for SEC driver (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Use one workqueue per qm instead of per qp (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - remove redundant assignment of pointer ctx (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Remove module_param uacce_mode (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Fix duplicate print when qm occur multiple errors (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Unify error detect process into qm (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Configure zip RAS error type (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Unify hardware error init/uninit into QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix spelling mistake "disgest" -> "digest" (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add branch prediction macro (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - adjust hpre_crt_para_get (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Fixed some tiny bugs of HPRE (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Bugfixed tfm leak (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Add aead support on SEC2 (jsc#SLE-16507 jsc#SLE-15835). - Refresh patches.suse/crypto-sha-split-sha.h-into-sha1.h-and-sha2.h.patch. - crypto: hisilicon - redefine skcipher initiation (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Add branch prediction macro (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Add callback error check (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Adjust some inner logic (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Update QP resources of SEC V2 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Update some names on SEC V2 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix print/comment of SEC V2 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Update debugfs usage of SEC V2 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - still no need to check return value of debugfs_create functions (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Remove useless MODULE macros (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Use the offset fields in sqe to avoid need to split scatterlists (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Fix issue with wrong number of sg elements after dma map (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon/sec2 - Use atomics instead of __sync (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix a NULL vs IS_ERR() bug in sec_create_qp_ctx() (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add DebugFS for HiSilicon SEC (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add SRIOV for HiSilicon SEC (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add HiSilicon SEC V2 driver (jsc#SLE-16507 jsc#SLE-15835). - Update config files. DEV_HISI_SEC2 as module - supported.conf: add hisi_sec2 - crypto: hisilicon - no need to check return value of debugfs_create functions (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add vfs_num module param for zip (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - replace #ifdef with IS_ENABLED for CONFIG_NUMA (jsc#SLE-16507 jsc#SLE-15835). - hwrng: hisi - add HiSilicon TRNG driver support (jsc#SLE-16507 jsc#SLE-15835). - Update config files. Enable HW_RANDOM_HISI_V2 - support.conf: add hisi-trng-v2 - crypto: hisilicon - fix to return sub-optimal device when best device has no qps (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - use sgl API to get sgl dma addr and len (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix endianness verification problem of QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix param should be static when not external (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Fix using plain integer as NULL pointer (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - tiny fix about QM/ZIP error callback print (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon: Fix misuse of GENMASK macro (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Add debugfs for HPRE (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add SRIOV support for HPRE (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add HiSilicon HPRE accelerator (jsc#SLE-16507 jsc#SLE-15835). - Update config files. Enable CRYPTO_DEV_HISI_HPRE - supported.conf: add hisi_hpre - crypto: hisilicon - misc fix about sgl (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix large sgl memory allocation problem when disable smmu (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add sgl_sge_nr module param for zip (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - merge sgl support to hisi_qm module (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - allow compile-testing on x86 (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - avoid unused function warning (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Fix return value check in hisi_zip_acompress() (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - Fix warning on printing %p with dma_addr_t (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix error handle in hisi_zip_create_req_q (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add missing single_release (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - init curr_sgl_dma to fix compile warning (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add dependency for CRYPTO_DEV_HISI_ZIP (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - fix kbuild warnings (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add debugfs for ZIP and QM (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add SRIOV support for ZIP (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add HiSilicon ZIP accelerator support (jsc#SLE-16507 jsc#SLE-15835). - Update config files. Enable CRYPTO_DEV_HISI_ZIP - supported.conf: add hisi_zip - crypto: hisilicon - add hardware SGL support (jsc#SLE-16507 jsc#SLE-15835). - crypto: hisilicon - add queue management driver for HiSilicon QM module (jsc#SLE-16507 jsc#SLE-15835). - Update config files. Enable CRYPTO_DEV_HISI_QM - supported.conf: add hisi_qm - commit 2188cb3 - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - commit 9b27f4f - i2c: Revert incorrect conversion to use generic helper (jsc#SLE-16407). - commit 80898a3 ++++ rpm: - Finish split of SUSE macros and some helpers into rpm-config-SUSE [jsc#SLE-17074] * new patch: findsupplements.diff * modified patches: fileattrs.diff, brp.diff, macrosin.diff, enable-postin-scripts-error.diff * dropped files: rpm-suse_macros * dropped patches: firmware.diff, initscriptsprov.diff, modalias-encode.diff, modalias.diff, compressed-kernel-modules.diff, findksyms.diff ++++ timezone: - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ------------------------------------------------------------------ ------------------ 2020-12-22 - Dec 22 2020 ------------------- ------------------------------------------------------------------ ++++ crypto-policies: - Add crypto-policies-typos.patch to fix some typos ++++ gtk2: - Update to version 2.24.33: + This is the final GTK 2.x release. There will be no more updates to GTK 2. All users are encouraged to update to GTK 3 or 4. + Make the output of gtk-query-immodules deterministic. + GtkCalendar: Use %OB if supported. + GtkIconTheme: prefer exact matches. + build: - Support automake 1.16. - Fix compiler warnings with newer gcc. ++++ kernel-default: - blacklist.conf: 3d51507f29f2 x86/entry/32: Add missing ASM_CLAC to general_protection entry - commit 1aa31e3 - fix patch metadata - fix Patch-mainline: patches.suse/mm-memory_failure-always-pin-the-page-in-madvise_inj.patch - commit 4f786fa - Refresh patches.suse/arm64-force-no_block_mappings-if-crashkernel-reservation-is-required.patch. - Refresh patches.suse/arm64-ignore-any-dma-offsets-in-the-max_zone_phys-calculation.patch. - Refresh patches.suse/arm64-mm-move-reserve_crashkernel-into-mem_init.patch. - Refresh patches.suse/arm64-mm-move-zone_dma_bits-initialization-into-zone_sizes_init.patch. - Refresh patches.suse/arm64-mm-set-zone_dma-size-based-on-devicetree-s-dma-ranges.patch. - Refresh patches.suse/arm64-mm-set-zone_dma-size-based-on-early-iort-scan.patch. - Refresh patches.suse/ibmvnic-Clean-up-TX-code-and-TX-buffer-data-structur.patch. - Refresh patches.suse/ibmvnic-Correctly-re-enable-interrupts-in-NAPI-polli.patch. - Refresh patches.suse/ibmvnic-Do-not-replenish-RX-buffers-after-every-poll.patch. - Refresh patches.suse/ibmvnic-Ensure-that-device-queue-memory-is-cache-lin.patch. - Refresh patches.suse/ibmvnic-Introduce-batched-RX-buffer-descriptor-trans.patch. - Refresh patches.suse/ibmvnic-Introduce-indirect-subordinate-Command-Respo.patch. - Refresh patches.suse/ibmvnic-Introduce-xmit_more-support-using-batched-su.patch. - Refresh patches.suse/ibmvnic-Remove-send_subcrq-function.patch. - Refresh patches.suse/ibmvnic-Use-netdev_alloc_skb-instead-of-alloc_skb-to.patch. - Refresh patches.suse/ibmvnic-fix-rx-buffer-tracking-and-index-management-.patch. - Refresh patches.suse/net-smc-improve-return-codes-for-smc-dv2. - Refresh patches.suse/of-address-introduce-of_dma_get_max_cpu_address.patch. - Refresh patches.suse/s390-sles15sp3-03-01-s390-cio-Export-information-about-Endpoint-Security-.patch. - Refresh patches.suse/s390-sles15sp3-03-02-s390-cio-Provide-Endpoint-Security-Mode-per-CU.patch. - Refresh patches.suse/s390-sles15sp3-03-03-s390-cio-Add-support-for-FCES-status-notification.patch. - Refresh patches.suse/s390-sles15sp3-03-04-s390-dasd-Remove-unused-parameter-from-dasd_generic_.patch. - Refresh patches.suse/s390-sles15sp3-03-05-s390-dasd-Move-duplicate-code-to-separate-function.patch. - Refresh patches.suse/s390-sles15sp3-03-06-s390-dasd-Store-path-configuration-data-during-path-.patch. - Refresh patches.suse/s390-sles15sp3-03-07-s390-dasd-Fix-operational-path-inconsistency.patch. - Refresh patches.suse/s390-sles15sp3-03-08-s390-dasd-Display-FC-Endpoint-Security-information-v.patch. - Refresh patches.suse/s390-sles15sp3-03-09-s390-dasd-Prepare-for-additional-path-event-handling.patch. - Refresh patches.suse/s390-sles15sp3-03-10-s390-dasd-Process-FCES-path-event-notification.patch. - Refresh patches.suse/scsi-fnic-avoid-looping-in-trans-eth-on-unload. - Refresh patches.suse/scsi-fnic-change-shost_printk-to-fnic_fcs_dbg. - Refresh patches.suse/scsi-fnic-change-shost_printk-to-fnic_main_dbg. - Refresh patches.suse/scsi-fnic-set-scsi_set_resid-only-for-underflow. - Refresh patches.suse/scsi-fnic-validate-io_req-before-others. - commit 87eecb7 - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - commit 82533c7 - clk: bcm: dvp: Add MODULE_DEVICE_TABLE() (git-fixes). - clk: fsl-sai: fix memory leak (git-fixes). - commit bba80c9 - ASoC: wm8994: Fix PM disable depth imbalance on error (git-fixes). - commit e953294 - Update commit ids for already cherry-picked pinctrl patches - commit 5e797b0 - dmaengine: idxd: add IAX configuration support in the IDXD driver (jsc#SLE-13380). - dmaengine: idxd: add ATS disable knob for work queues (jsc#SLE-13380). - commit aca8d81 - Add cherry-picked dup ID for IDXD patch - commit 1fde049 - Move ASoC patch into sorted section The patch was mistakenly put into nirvana because of badly tagged commit id. - commit df0bd91 - Move upstreamed IDXD patches into sorted section - commit 6ca191c - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - commit 21d14d2 - drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264). - commit 64673b1 - x86/cpu: Add a X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS() macro (jsc#SLE-13358). - commit 6c034c0 - EDAC/i10nm: Add Intel Sapphire Rapids server support (jsc#SLE-13358). - commit 991ab76 - EDAC/i10nm: Use readl() to access MMIO registers (jsc#SLE-13358). - commit 0389f79 ++++ libepoxy: - Update to version 1.5.5: + Remove Python 2 support. + Remove Autotools support. + Use EGL_NO_X11 to disable X11 headers. + Use call convention for mock function. + Return correct version of GLSL on GLES2. + Rely on Meson's darwin_versions option. - Drop Lower-the-minimum-required-version-of-Meson.patch: New minimum meson is 0.48. ++++ perl-ExtUtils-MakeMaker: - updated to 7.58 see /usr/share/doc/packages/perl-ExtUtils-MakeMaker/Changes 7.58 Mon 21 Dec 18:16:04 GMT 2020 No changes since v7.57_02 7.57_02 Fri 18 Dec 23:04:09 GMT 2020 Macosx fixes: - Improve dlopen check on MacOS 7.57_01 Fri 18 Dec 13:30:30 GMT 2020 Macosx fixes: - Use dlopen to check for library presence on Mac OS (Big Sur fix) Bug fixes: - check CPAN::Meta::Requirements capabilities rather than prereqs ++++ python-pyOpenSSL: - Adjust metadata for skip-networked-test.patch and refer to the proper upstream ticket gh#pyca/pyopenssl#68. ++++ swtpm: - Use "Requires user(tss)" for the "tss" user and group - Create /var/lib/swtpm-localca to store the keys created by swtpm-localca (bsc#1179811) - Replace net-tools-deprecated with iproute2 since the scripts in swtpm now can use 'ss' instead of 'netstat' ------------------------------------------------------------------ ------------------ 2020-12-21 - Dec 21 2020 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1178969 bsc#1180243 ++++ docker: - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 ++++ golang-github-docker-libnetwork: - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 ++++ kernel-default: - EDAC: Add DDR5 new memory type (jsc#SLE-13358). - commit add2e95 - ACPI: processor: Fix build for ARCH_APICTIMER_STOPS_ON_C3 unset (jsc#SLE-16407). - ACPI: processor: Use CPUIDLE_FLAG_TIMER_STOP (jsc#SLE-16407). - ACPI: OSL: Prevent acpi_release_memory() from returning too early (jsc#SLE-16407). - ACPI: ioremap: avoid redundant rounding to OS page size (jsc#SLE-16407). - ACPI: SoC: APD: Check return value of acpi_dev_get_property() (jsc#SLE-16407). - ACPI: APD: Add a fmw property is_raven (jsc#SLE-16407). - ACPI: APD: Change name from ST to FCH (jsc#SLE-16407). - i2c: designware: Add device HID for Hygon I2C controller (jsc#SLE-16407). - ACPI: NFIT: Fix ARS zero-sized allocation (jsc#SLE-16407). - acpi: thermal: Don't call thermal_zone_device_is_enabled() (jsc#SLE-16407). - thermal: Simplify or eliminate unnecessary set_mode() methods (jsc#SLE-16407). - thermal: Use mode helpers in drivers (jsc#SLE-16407). - thermal: Add mode helpers (jsc#SLE-16407). - thermal: remove get_mode() operation of drivers (jsc#SLE-16407). - thermal: Store device mode in struct thermal_zone_device (jsc#SLE-16407). - thermal: Add current mode to thermal zone device (jsc#SLE-16407). - thermal: Store thermal mode in a dedicated enum (jsc#SLE-16407). Refresh patches.suse/acpi_thermal_passive_blacklist.patch - acpi: thermal: Fix error handling in the register function (jsc#SLE-16407). - sched,acpi_pad: Convert to sched_set_fifo*() (jsc#SLE-16407). - ACPI: Replace HTTP links with HTTPS ones (jsc#SLE-16407). Refresh patches.suse/0017-ACPI-NFIT-Define-runtime-firmware-activation-command.patch - ACPI: Use valid link to the ACPI specification (jsc#SLE-16407). - ACPI: Use fallthrough pseudo-keyword (jsc#SLE-16407). - ACPI: APEI: remove redundant assignment to variable rc (jsc#SLE-16407). - ACPI: NUMA: Remove the useless 'node >= MAX_NUMNODES' check (jsc#SLE-16407). - ACPI: NUMA: Remove the useless sub table pointer check (jsc#SLE-16407). - ACPI: tables: Remove the duplicated checks for acpi_parse_entries_array() (jsc#SLE-16407). - ACPI: tables: avoid relocations for table signature array (jsc#SLE-16407). - ACPI: OSL: Clean up the removal of unused memory mappings (jsc#SLE-16407). - ACPI: OSL: Use deferred unmapping in acpi_os_unmap_iomem() (jsc#SLE-16407). - ACPI: OSL: Use deferred unmapping in acpi_os_unmap_generic_address() (jsc#SLE-16407). - ACPI: OSL: Implement deferred unmapping of ACPI memory (jsc#SLE-16407). - ACPI: property: use cached name in acpi_fwnode_get_named_child_node() (jsc#SLE-16407). - ACPI: EC: add newline when printing 'ec_event_clearing' module parameter (jsc#SLE-16407). - ACPI: PAD: Eliminate usage of uninitialized_var() macro (jsc#SLE-16407). - ACPI: sysfs: add newlines when printing module parameters (jsc#SLE-16407). - ACPI: procfs: Remove last dirs after being marked deprecated for a decade (jsc#SLE-16407). - Remove patches.suse/acpi-disable-deprecated-warnings.patch - Update config files. x86_64/default removed CONFIG_ACPI_PROCFS_POWER=y - ACPICA: Update version to 20200717 (jsc#SLE-16407). - acpi: Extend TPM2 ACPI table with missing log fields (jsc#SLE-16407). - libnvdimm: Replace guid_copy() with import_guid() where it makes sense (jsc#SLE-16407). - thermal/of: Rename of-thermal.c (jsc#SLE-16407). - ACPICA: Update version to 20200528 (jsc#SLE-16407). - PCI: Rename _DSM constants to align with spec (jsc#SLE-16407). - ACPI: DPTF: Add battery participant driver (jsc#SLE-16407). Refresh patches.suse/ACPI-DPTF-Add-battery-participant-for-TigerLake.patch - ACPI: DPTF: Additional sysfs attributes for power participant driver (jsc#SLE-16407). - ACPI / PMIC: Add i2c address for thermal control (jsc#SLE-16407). - ACPI: utils: Add acpi_evaluate_reg() helper (jsc#SLE-16407). - ACPI: Delete unused proc filename macros (jsc#SLE-16407). - ACPI: debug: Make two functions static (jsc#SLE-16407). - ACPI: processor: idle: Allow probing on platforms with one ACPI C-state (jsc#SLE-16407). - ACPI: sleep: Put the FACS table after using it (jsc#SLE-16407). - ACPI: scan: Put SPCR and STAO table after using it (jsc#SLE-16407). - ACPI: EC: Put the ACPI table after using it (jsc#SLE-16407). - ACPI: APEI: Put the HEST table for error path (jsc#SLE-16407). - ACPI: APEI: Put the error record serialization table for error path (jsc#SLE-16407). - ACPI: APEI: Put the error injection table for error path and module exit (jsc#SLE-16407). - ACPI: APEI: Put the boot error record table after parsing (jsc#SLE-16407). - ACPI: watchdog: Put the watchdog action table after parsing (jsc#SLE-16407). - ACPI: LPIT: Put the low power idle table after using it (jsc#SLE-16407). - ACPICA: Update version to 20200430 (jsc#SLE-16407). - PM: sleep: core: Rename DPM_FLAG_LEAVE_SUSPENDED (jsc#SLE-16407). - PM: sleep: core: Rename dev_pm_smart_suspend_and_suspended() (jsc#SLE-16407). - PM: sleep: core: Rename dev_pm_may_skip_resume() (jsc#SLE-16407). - PM: sleep: core: Rework the power.may_skip_resume handling (jsc#SLE-16407). - PM: sleep: core: Do not skip callbacks in the resume phase (jsc#SLE-16407). - PM: sleep: core: Fold functions into their callers (jsc#SLE-16407). - PM: sleep: core: Simplify the SMART_SUSPEND flag handling (jsc#SLE-16407). - ACPI: PM: s2idle: Print type of wakeup debug messages (jsc#SLE-16407). - ACPI/PCI: pci_link: use extended_irq union member when setting ext-irq shareable (jsc#SLE-16407). - ACPI: button: Drop no longer necessary Asus T200TA lid_init_state quirk (jsc#SLE-16407). - ACPI: EC: Fix up fast path check in acpi_ec_add() (jsc#SLE-16407). - ACPI: NFIT: Replace zero-length array with flexible-array member (jsc#SLE-16407). - ACPI: NUMA: Up-level "map to online node" functionality (jsc#SLE-16407). - ACPICA: Update version 20200326 (jsc#SLE-16407). - ACPICA: WSMT: Fix typo, no functional change (jsc#SLE-16407). - ACPICA: Fix IVRS IVHD type 10h reserved field name (jsc#SLE-16407). - ACPICA: Implement IVRS IVHD type 11h parsing (jsc#SLE-16407). - ACPICA: Fix a typo in a comment field (jsc#SLE-16407). - x86: ACPI: fix CPU hotplug deadlock (jsc#SLE-16407). - PM: sleep: core: Drop racy and redundant checks from device_prepare() (jsc#SLE-16407). Refresh patches.suse/0011-PM-sleep-core-Rename-DPM_FLAG_NEVER_SKIP.patch - PCI/ACPI: Move pcie_to_hpx3_type from stack to static data (jsc#SLE-16407). - acpi: Remove header dependency (jsc#SLE-16407). - ACPI: PCI: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-16407). - ACPI: fan: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-16407). - ACPI: EC: Eliminate EC_FLAGS_QUERY_HANDSHAKE (jsc#SLE-16407). - ACPI: EC: Do not clear boot_ec_is_ecdt in acpi_ec_add() (jsc#SLE-16407). - blacklist.conf: Removed 65a691f5f8f0bb63d6a82eec7b0ffd193d8d8a5f # ACPI: not for stable, reverted below c85a7109f905f7848735ef50d7e63e5534c4e95d # ACPI: stable commit reverting the above - ACPI: EC: Simplify acpi_ec_ecdt_start() and acpi_ec_init() (jsc#SLE-16407). - ACPI: EC: Consolidate event handler installation code (jsc#SLE-16407). - ACPI: EC: Use fast path in acpi_ec_add() for DSDT boot EC (jsc#SLE-16407). - ACPI: EC: Simplify acpi_ec_add() (jsc#SLE-16407). - ACPI: EC: Drop AE_NOT_FOUND special case from ec_install_handlers() (jsc#SLE-16407). - ACPI: EC: Avoid passing redundant argument to functions (jsc#SLE-16407). - ACPI: EC: Avoid printing confusing messages in acpi_ec_setup() (jsc#SLE-16407). - ACPI: list_for_each_safe() -> list_for_each_entry_safe() (jsc#SLE-16407). - ACPI: video: remove redundant assignments to variable result (jsc#SLE-16407). - ACPI: OSL: Add missing __acquires/__releases annotations (jsc#SLE-16407). - ACPI / battery: Cleanup Lenovo Ideapad Miix 320 DMI table entry (jsc#SLE-16407). - ACPI / AC: Cleanup DMI quirk table (jsc#SLE-16407). - ACPI: Add new tiny-power-button driver to directly signal init (jsc#SLE-16407). Update config files. x86_64/default add # CONFIG_ACPI_TINY_POWER_BUTTON is not set arm64/default add # CONFIG_ACPI_TINY_POWER_BUTTON is not set - ACPI: button: move HIDs to acpi/button.h (jsc#SLE-16407). - ACPICA: Update version to 20200214 (jsc#SLE-16407). - PM: sleep: core: Use built-in RCU list checking (jsc#SLE-16407). - i2c: designware: Add ACPI HID for Hisilicon Hip08-Lite I2C controller (jsc#SLE-16407). - ACPI / APD: Add clock frequency for Hisilicon Hip08-Lite I2C controller (jsc#SLE-16407). - ACPI/IORT: Parse SSID property of named component node (jsc#SLE-16407). Refresh patches.suse/ACPI-IORT-Add-an-input-ID-to-acpi_dma_configure.patch - ACPI: thermal: switch to use helpers (jsc#SLE-16407). - ACPI / LPSS: Rename pwm_backlight pwm-lookup to pwm_soc_backlight (jsc#SLE-16407). - ACPI: PPTT: Consistently use unsigned int as parameter type (jsc#SLE-16407). - ACPI: video: Use native backlight on Lenovo E41-25/45 (jsc#SLE-16407). - ACPI: video: fix typo in comment (jsc#SLE-16407). - ACPICA: Update version to 20200110 (jsc#SLE-16407). - ACPICA: Update version to 20191213 (jsc#SLE-16407). - ACPICA: acpisrc: add unix line ending support for non-windows build (jsc#SLE-16407). - ACPI: Fix Kconfig indentation (jsc#SLE-16407). - ACPI: button: Add DMI quirk for Acer Switch 10 SW5-032 lid-switch (jsc#SLE-16407). - device property: Add a function to obtain a node's prefix (jsc#SLE-16407). Refresh patches.suse/device-property-export-fwnode_get_name.patch - ACPI: HMAT: use %u instead of %d to print u32 values (jsc#SLE-16407). - ACPI: NUMA: HMAT: fix a section mismatch (jsc#SLE-16407). - ACPI: HMAT: don't mix pxm and nid when setting memory target processor_pxm (jsc#SLE-16407). - ACPI: NUMA: HMAT: Register "soft reserved" memory as an "hmem" device (jsc#SLE-16407). - ACPI: NUMA: HMAT: Register HMAT at device_initcall level (jsc#SLE-16407). - device-dax: Add a driver for "hmem" devices (jsc#SLE-16407). - Update config files. x86_64/default add CONFIG_DEV_DAX_HMEM=m arm64/default add CONFIG_DEV_DAX_HMEM=m - supported.conf: - drivers/dax/dax_hmem - ACPI: NUMA: Establish a new drivers/acpi/numa/ directory (jsc#SLE-16407). Update config files. - ACPI: video: update doc for acpi_video_bus_DOS() (jsc#SLE-16407). - ACPI: platform: Unregister stale platform devices (jsc#SLE-16407). - ACPI / LPSS: Switch to use acpi_dev_hid_uid_match() (jsc#SLE-16407). - ACPI / utils: Describe function parameters in kernel-doc (jsc#SLE-16407). - ACPI: button: Remove unused acpi_lid_notifier_register() functions (jsc#SLE-16407). Refresh patches.suse/ACPI-button-fix-handling-lid-state-changes-when-inpu.patch - ACPI: button: Add DMI quirk for Asus T200TA (jsc#SLE-16407). - ACPI: button: Turn lid_blacklst DMI table into a generic quirk table (jsc#SLE-16407). Refresh patches.suse/ACPI-button-Add-DMI-quirk-for-Medion-Akoya-E2215T.patch - ACPI: button: Allow disabling LID support with the lid_init_state module option (jsc#SLE-16407). - ACPI: button: Refactor lid_init_state module parsing code (jsc#SLE-16407). - ACPI / PMIC: Add Cherry Trail Crystal Cove PMIC OpRegion driver (jsc#SLE-16407). - ACPI / PMIC: Add byt prefix to Crystal Cove PMIC OpRegion driver (jsc#SLE-16407). - ACPI / PMIC: Do not register handlers for unhandled OpRegions (jsc#SLE-16407). - ACPI: EC: add support for hardware-reduced systems (jsc#SLE-16407). - ACPI: EC: tweak naming in preparation for GpioInt support (jsc#SLE-16407). - ACPICA: Update version to 20191018 (jsc#SLE-16407). - ACPI: OSI: Shoot duplicate word (jsc#SLE-16407). - ACPI: processor_idle: Skip dummy wait if kernel is in guest (jsc#SLE-16407). - acpi: Use pr_warn instead of pr_warning (jsc#SLE-16407). Refresh patches.suse/acpi-disable-deprecated-warnings.patch - ACPI: HMAT: ACPI_HMAT_MEMORY_PD_VALID is deprecated since ACPI-6.3 (jsc#SLE-16407). - PCI/ACPI: Remove unnecessary struct hotplug_program_ops (jsc#SLE-16407). Refresh patches.suse/pci-aer-add-pci_aer_raw_clear_status-to-unconditionally-clear-error-status - PCI/ACPI: Move _HPP & _HPX functions to pci-acpi.c (jsc#SLE-16407). Refresh patches.suse/pci-aer-add-pci_aer_raw_clear_status-to-unconditionally-clear-error-status - PCI/ACPI: Rename _HPX structs from hpp_* to hpx_* (jsc#SLE-16407). - PCI: Move ASPM declarations to linux/pci.h (jsc#SLE-16407). Refresh patches.suse/r8169-improve-rtl_get_coalesce.patch patches.suse/mt76-mt76x2e-disable-pcie_aspm-by-default.patch patches.suse/mt76-fix-include-in-pci.h.patch - ACPI: thermal: Remove redundant acpi_has_method() calls (jsc#SLE-16407). - ACPI: SBS: remove unused const variable 'SMBUS_PEC' (jsc#SLE-16407). - ACPI/PCI: Remove surplus parentheses from a return statement (jsc#SLE-16407). - HMAT: Register attributes for memory hot add (jsc#SLE-16407). Refresh patches.suse/0001-HMAT-Skip-publishing-target-info-for-nodes-with-no-o.patch - ACPI / APEI: Get rid of NULL_UUID_LE constant (jsc#SLE-16407). Refresh patches.suse/ACPI-APEI-Kick-the-memory_failure-queue-for-synchron.patch - ACPICA: Update version to 20190816 (jsc#SLE-16407). - ACPICA: Macros: remove pointer math on a null pointer (jsc#SLE-16407). - ACPI: PM: Print debug messages on device power state changes (jsc#SLE-16407). - PM: sleep: Drop dpm_noirq_begin() and dpm_noirq_end() (jsc#SLE-16407). - PM: sleep: Integrate suspend-to-idle with generig suspend flow (jsc#SLE-16407). - drivers: Introduce device lookup variants by ACPI_COMPANION device (jsc#SLE-16407). - Refresh patches.suse/drivers-base-implement-dev_enable_async_probe.patch patches.suse/i2c-acpi-put-device-when-verifying-client-fails.patch - acpi: Use built-in RCU list checking for acpi_ioremaps list (jsc#SLE-16407). - commit 2e42a5c - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - commit 7fb306a - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - commit 37afaed - fix patches metadata - fix Patch-mainline: patches.suse/IB-isert-Fix-unaligned-immediate-data-handling.patch patches.suse/IB-mthca-fix-return-value-of-error-branch-in-mthca_i.patch patches.suse/IB-rdmavt-Fix-sizeof-mismatch.patch patches.suse/IB-srpt-Fix-memory-leak-in-srpt_add_one.patch patches.suse/IB-uverbs-Set-IOVA-on-IB-MR-in-uverbs-layer.patch patches.suse/RDMA-bnxt_re-Do-not-add-user-qps-to-flushlist.patch patches.suse/RDMA-core-Fix-bogus-WARN_ON-during-ib_unregister_dev.patch patches.suse/RDMA-core-Fix-reported-speed-and-width.patch patches.suse/RDMA-core-Fix-return-error-value-in-_ib_modify_qp-to.patch patches.suse/RDMA-core-Free-DIM-memory-in-error-unwind.patch patches.suse/RDMA-core-Stop-DIM-before-destroying-CQ.patch patches.suse/RDMA-counter-Allow-manually-bind-QPs-with-different-.patch patches.suse/RDMA-counter-Only-bind-user-QPs-in-auto-mode.patch patches.suse/RDMA-hns-Bugfix-for-memory-window-mtpt-configuration.patch patches.suse/RDMA-netlink-Remove-CAP_NET_RAW-check-when-dump-a-ra.patch patches.suse/RDMA-pvrdma-Fix-missing-kfree-in-pvrdma_register_dev.patch patches.suse/RDMA-qedr-Endianness-warnings-cleanup.patch patches.suse/RDMA-qedr-Fix-memory-leak-in-iWARP-CM.patch patches.suse/RDMA-qedr-SRQ-s-bug-fixes.patch patches.suse/RDMA-rxe-Drop-pointless-checks-in-rxe_init_ports.patch patches.suse/RDMA-rxe-Fix-memleak-in-rxe_mem_init_user.patch patches.suse/RDMA-rxe-Fix-skb-lifetime-in-rxe_rcv_mcast_pkt.patch patches.suse/RDMA-rxe-Fix-the-parent-sysfs-read-when-the-interfac.patch patches.suse/RDMA-rxe-Handle-skb_clone-failure-in-rxe_recv.c.patch patches.suse/RDMA-rxe-Prevent-access-to-wr-next-ptr-afrer-wr-is-p.patch patches.suse/RDMA-rxe-Remove-unused-rxe_mem_map_pages.patch patches.suse/RDMA-rxe-Return-void-from-rxe_init_port_param.patch patches.suse/RDMA-rxe-Return-void-from-rxe_mem_init_dma.patch patches.suse/RDMA-rxe-Skip-dgid-check-in-loopback-mode.patch patches.suse/RDMA-srpt-Fix-typo-in-srpt_unregister_mad_agent-docs.patch - commit 2dad798 - fix patches metadata - fix Patch-mainline: patches.suse/scsi-mpt3sas-add-bypass_dirty_port_flag-parameter patches.suse/scsi-mpt3sas-add-module-parameter-multipath_on_hba patches.suse/scsi-mpt3sas-allocate-memory-for-hba_port-objects patches.suse/scsi-mpt3sas-bump-driver-version-to-35-101-00-00 patches.suse/scsi-mpt3sas-define-hba_port-structure patches.suse/scsi-mpt3sas-get-device-objects-using-sas_address-portid patches.suse/scsi-mpt3sas-get-sas_device-objects-using-device-s-rphy patches.suse/scsi-mpt3sas-handle-vses-vphy-object-during-hba-reset patches.suse/scsi-mpt3sas-handling-hba-vses-device patches.suse/scsi-mpt3sas-rearrange-scsih_mark_responding_sas_device patches.suse/scsi-mpt3sas-rename-transport_del_phy_from_an_existing_port patches.suse/scsi-mpt3sas-set-valid-physicalport-in-smppassthrough patches.suse/scsi-mpt3sas-update-hba_port-objects-after-host-reset patches.suse/scsi-mpt3sas-update-hba_port-s-sas_address-phy_mask - commit a2950eb - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - commit a3a0100 - series.conf: cleanup - update upstream reference and resort: patches.suse/powerpc-perf-Fix-crash-with-is_sier_available-when-p.patch - commit adb35a0 - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1177028). - libbpf: Sanitise map names before pinning (bsc#1177028). - samples: bpf: Refactor hbm program with libbpf (bsc#1177028). - tools/bpftool: Fix build slowdown (bsc#1177028). - bpf: Fix propagation of 32-bit signed bounds from 64-bit bounds (bsc#1177028). - selftests/bpf/test_offload.py: Filter bpftool internal map when counting maps (bsc#1177028). - selftests/bpf/test_offload.py: Fix expected case of extack messages (bsc#1177028). - selftests/bpf/test_offload.py: Only check verifier log on verification fails (bsc#1177028). - selftests/bpf/test_offload.py: Remove check for program load flags match (bsc#1177028). - xdp: Remove the xdp_attachment_flags_ok() callback (bsc#1177028). - tools/bpftool: Fix PID fetching with a lot of results (bsc#1177028). - selftests/bpf: Drain ringbuf samples at the end of test (bsc#1177028). - libbpf: Fix ring_buffer__poll() to return number of consumed samples (bsc#1177028). - commit fa84f47 - series.conf: refresh - update upstream references and resort: patches.suse/arm64-force-no_block_mappings-if-crashkernel-reservation-is-required.patch. patches.suse/arm64-ignore-any-dma-offsets-in-the-max_zone_phys-calculation.patch. patches.suse/arm64-mm-move-reserve_crashkernel-into-mem_init.patch. patches.suse/arm64-mm-move-zone_dma_bits-initialization-into-zone_sizes_init.patch. patches.suse/arm64-mm-set-zone_dma-size-based-on-devicetree-s-dma-ranges.patch. patches.suse/arm64-mm-set-zone_dma-size-based-on-early-iort-scan.patch. patches.suse/ibmvnic-Clean-up-TX-code-and-TX-buffer-data-structur.patch. patches.suse/ibmvnic-Correctly-re-enable-interrupts-in-NAPI-polli.patch. patches.suse/ibmvnic-Do-not-replenish-RX-buffers-after-every-poll.patch. patches.suse/ibmvnic-Ensure-that-device-queue-memory-is-cache-lin.patch. patches.suse/ibmvnic-Introduce-batched-RX-buffer-descriptor-trans.patch. patches.suse/ibmvnic-Introduce-indirect-subordinate-Command-Respo.patch. patches.suse/ibmvnic-Introduce-xmit_more-support-using-batched-su.patch. patches.suse/ibmvnic-Remove-send_subcrq-function.patch. patches.suse/ibmvnic-Use-netdev_alloc_skb-instead-of-alloc_skb-to.patch. patches.suse/ibmvnic-fix-rx-buffer-tracking-and-index-management-.patch. patches.suse/net-smc-improve-return-codes-for-smc-dv2. patches.suse/of-address-introduce-of_dma_get_max_cpu_address.patch. patches.suse/powerpc-perf-Add-generic-and-cache-event-list-for-po.patch. patches.suse/powerpc-perf-Add-new-power-PMU-flag-PPMU_P10_DD1-for.patch. patches.suse/powerpc-perf-Drop-the-check-for-SIAR_VALID.patch. patches.suse/powerpc-perf-Fix-crash-with-is_sier_available-when-p.patch. patches.suse/powerpc-perf-Fix-the-PMU-group-constraints-for-thres.patch. patches.suse/powerpc-perf-Fix-to-update-cache-events-with-l2l3-ev.patch. patches.suse/powerpc-perf-Fix-to-update-generic-event-codes-for-p.patch. patches.suse/powerpc-perf-Fix-to-update-radix_scope_qual-in-power.patch. patches.suse/powerpc-perf-Invoke-per-CPU-variable-access-with-dis.patch. patches.suse/powerpc-perf-MMCR0-control-for-PMU-registers-under-P.patch. patches.suse/powerpc-perf-Update-the-PMU-group-constraints-for-l2.patch. patches.suse/powerpc-perf-Use-regs-nip-when-SIAR-is-zero.patch. patches.suse/powerpc-perf-Use-the-address-from-SIAR-register-to-s.patch. patches.suse/s390-sles15sp3-03-01-s390-cio-Export-information-about-Endpoint-Security-.patch. patches.suse/s390-sles15sp3-03-02-s390-cio-Provide-Endpoint-Security-Mode-per-CU.patch. patches.suse/s390-sles15sp3-03-03-s390-cio-Add-support-for-FCES-status-notification.patch. patches.suse/s390-sles15sp3-03-04-s390-dasd-Remove-unused-parameter-from-dasd_generic_.patch. patches.suse/s390-sles15sp3-03-05-s390-dasd-Move-duplicate-code-to-separate-function.patch. patches.suse/s390-sles15sp3-03-06-s390-dasd-Store-path-configuration-data-during-path-.patch. patches.suse/s390-sles15sp3-03-07-s390-dasd-Fix-operational-path-inconsistency.patch. patches.suse/s390-sles15sp3-03-08-s390-dasd-Display-FC-Endpoint-Security-information-v.patch. patches.suse/s390-sles15sp3-03-09-s390-dasd-Prepare-for-additional-path-event-handling.patch. patches.suse/s390-sles15sp3-03-10-s390-dasd-Process-FCES-path-event-notification.patch. patches.suse/scsi-fnic-avoid-looping-in-trans-eth-on-unload. patches.suse/scsi-fnic-change-shost_printk-to-fnic_fcs_dbg. patches.suse/scsi-fnic-change-shost_printk-to-fnic_main_dbg. patches.suse/scsi-fnic-set-scsi_set_resid-only-for-underflow. patches.suse/scsi-fnic-validate-io_req-before-others. - commit 41ceac4 - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (git-fixes). - commit fe3d756 - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - commit 52e449a ++++ libidn2: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, match factory licenses (bsc#1180138) ++++ sudo: - Update to 1.9.4p2 * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash if the sudoers file contains a runas user-specific Defaults entry. Bug #951. - News in 1.9.4p1 * Fixed a regression introduced in version 1.9.4 where sudo would not build when configured using the --without-sendmail option. Bug #947. * Fixed a problem where if I/O logging was disabled and sudo was unable to connect to sudo_logsrvd, the command would still be allowed to run even when the "ignore_logfile_errors" sudoers option was enabled. * Fixed a crash introduced in version 1.9.4 when attempting to run a command as a non-existent user. Bug #948. * The installed sudo.conf file now has the default sudoers Plugin lines commented out. This fixes a potential conflict when there is both a system-installed version of sudo and a user-installed version. GitHub issue #75. * Fixed a regression introduced in sudo 1.9.4 where sudo would run the command as a child process even when a pseudo-terminal was not in use and the "pam_session" and "pam_setcred" options were disabled. GitHub issue #76. * Fixed a regression introduced in sudo 1.8.9 where the "closefrom" sudoers option could not be set to a value of 3. Bug #950. ++++ yast2-trans: - Update to version 84.87.20201220.b9bcd0f062: * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'registration'. * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'tune'. * New POT for text domain 'network'. * Translated using Weblate (Portuguese (Portugal)) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Added translation using Weblate (Portuguese (Portugal)) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Portuguese) ------------------------------------------------------------------ ------------------ 2020-12-20 - Dec 20 2020 ------------------- ------------------------------------------------------------------ ++++ hdparm: - update to 9.60: - support for ioSafe Solo with jMicron bridge, courtesy Matthias-Christian Ott. - decode more bits from id[69], courtesy Adrián Kálazi. - allow passing of custom LDFLAGS from the environment. - add new "static" target. - fix --dco-identify max sectors, courtesy of Paul Sultana. - get rid of leftover "unknown" variables from identify.c - fixed return values from get_log_page_data(). ++++ kernel-default: - pwm: imx27: Fix overflow for bigger periods (git-fixes). - firmware: tegra: fix strncpy()/strncat() confusion (git-fixes). - mtd: spi-nor: ignore errors in spi_nor_unlock_all() (git-fixes). - mtd: spi-nor: sst: fix BPn bits for the SST25VF064C (git-fixes). - iwlwifi: sta: set max HE max A-MPDU according to HE capa (git-fixes). - commit 48bc7b1 - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - commit 22a0fb4 ++++ python-cryptography: - update to 3.3.1: * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use ------------------------------------------------------------------ ------------------ 2020-12-19 - Dec 19 2020 ------------------- ------------------------------------------------------------------ ++++ udisks2: - Add upstream bugfix patches: + udisks2-Fix-memory-leaks.patch + udisks2-lvm2-Fix-leaking-BDLVMVDOPooldata.patch ++++ zstd: - Update to version 1.4.8 to fix i586+s390x ------------------------------------------------------------------ ------------------ 2020-12-18 - Dec 18 2020 ------------------- ------------------------------------------------------------------ ++++ curl: - Enable zstd and brotli support ++++ kbd: - Update to version 2.4.0: * po: Update cs and sr translations (from translationproject.org) * libkfont: Use only KDFONTOP * Added support for a few derivatives of neo * Fix use-after-free of pipe_cmd * Update solar24x32 font * vlock's pam config added to destination directory * Update sun12x22.psfu * libkeymap: unify non/unicode accent_table generation * libkeymap: note about --unicode use * libkeymap: remove last ushort * fi.map: use newly added deadkeys * Do not install internal library * Additional deadkeys - Remove kbd-1.15.2-setfont-no-cruft.patch The old ioctls were finally dropped. ++++ kernel-default: - Fixed 14 mpt3sas patches, now upstream (jsc#SLE-16914, bsc#1177733) Should be no functional change, bu the patches are updated with commit ID, and moved to the proper place in series.conf. - commit eef3811 - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - commit efdf30e - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (bsc#1180214). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1180214). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1180214). - ahci: qoriq: enable acpi support in qoriq ahci driver (bsc#1180214). - spi: spi-nxp-fspi: Add ACPI support (bsc#1180214). - commit 8759723 - supported.conf: Declare qat4xxx supported externally by Intel - commit b7913fb - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Don't call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Don't change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - commit 5bf7889 ++++ systemd: - Import commit 520e53b6d85087b05892ee637ae93f1b269e7e52 (merge of v246.9) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/2401461e5f0e32922823d954c56106f96344070e...520e53b6d85087b05892ee637ae93f1b269e7e52 - Import commit 2401461e5f0e32922823d954c56106f96344070e 6131548b0f udev: link_update() should fail if the entry in symlink dir couldn't have been created f6cb8c7d79 udev: make algorithm that selects highest priority devlink less susceptible to race conditions (bsc#1084748) fc64e47291 basic/stat-util: make mtime check stricter and use entire timestamp ae91d45d3d test/sys-script.py: add missing DEVNAME entries to uevents 09e3473a7a test/udev_test.pl: add "expected good" count fc89379b5b test/udev-test.pl: suppress umount error message at startup d9e114f10d test/sd-script.py: new helper script for udev testing f2672eae66 test/udev-test.pl: generator for large list of block devices 42b68e43e2 test/udev-test.pl: add repeat count eec8ec375a tests/udev-test.pl: add multiple device test 73b8f3cf93 test/udev-test.pl: count "good" results ee04d70bb6 test/udev-test.pl: merge import parent tests into one 03942c8fbc test/udev-test.pl: merge "space and var with space" tests ec95546189 test/udev-test.pl: remove bogus rules from magic subsys test f704429217 test/udev-test.pl: Make some tests a little harder ce1a877dc0 test/udev-test.pl: last_rule is unsupported 913c72ff2d test/udev-test.pl: fix wrong test descriptions eeb25a1be6 test/udev-test.pl: allow checking multiple symlinks 00ab4292da test/udev-test.pl: test correctness of symlink targets 5b71ee2911 test/udev-test.pl: use computed devnode name 2e04bb9ae8 test/udev-test.pl: allow concurrent additions and removals 8816dd593c test/udev-test.pl: create rules only once 214418632d test/udev-test.pl: allow multiple devices per test 1eb6b23f27 udev-test: do not rely on "mail" group being defined 4a0a4dcf10 udev: Fix sound.target dependency (bsc#1179363) ++++ virt-manager: - bsc#1180062 - virt-install uses isoinfo. Include mkisofs in the spec file. virt-manager.spec ------------------------------------------------------------------ ------------------ 2020-12-17 - Dec 17 2020 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.66.4: + Fix some issues in parsing floating point seconds in `GDateTime` + Fix some issues in handling invalid UTF-8 when parsing for `GDate` + Bugs fixed: glgo#GNOME/GLib#2264, glgo#GNOME/GLib!1774, glgo#GNOME/GLib!1790, glgo#GNOME/GLib!1793, glgo#GNOME/GLib!1799, glgo#GNOME/GLib!1805. ++++ kernel-default: - crypto: qat - add capability detection logic in qat_4xxx (jsc#SLE-14454). - commit 83336e3 - crypto: qat - add AES-XTS support for QAT GEN4 devices (jsc#SLE-14454). - Refresh patches.suse/QAT-add-suse_kabi_padding.patch. - commit 3755a1e - crypto: qat - add AES-CTR support for QAT GEN4 devices (jsc#SLE-14454). - commit 5393983 - crypto: qat - fix excluded_middle.cocci warnings (jsc#SLE-14454). - commit a62bf18 - tracing: Fix race in trace_open and buffer resize call (CVE-2020-27825 bsc#1179960). - commit c590ed4 - ring-buffer: speed up buffer resets by avoiding synchronize_rcu for each CPU (CVE-2020-27825 bsc#1179960). - commit d308278 - ring-buffer: Make resize disable per cpu buffer instead of total buffer (CVE-2020-27825 bsc#1179960). - commit 95e9004 - crypto: qat - add gen4 firmware loader (jsc#SLE-14454). - commit 9d44e54 - Drop a backported uvcvideo patch that caused a regression (bsc#1180117) Also blacklisting the commit - commit b185b93 - blacklist.conf: Remove temporary drm path blacklist - commit f037d4c - crypto: qat - add qat_4xxx driver (jsc#SLE-14454). Update config files. - commit 8df8685 - crypto: s390/sha1 - prefix the "sha1_" functions (jsc#SLE-14454). - commit aad706f - crypto: qat - add hook to initialize vector routing table (jsc#SLE-14454). - commit 21c4c5c - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - commit b4996a1 - crypto: powerpc/sha1 - prefix the "sha1_" functions (jsc#SLE-14454). - commit 7a8e9d4 - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - commit 7fab8fc - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Don't check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - commit 298833c - crypto: qat - target fw images to specific AEs (jsc#SLE-14454). - commit e7e8777 - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). Replace patches.suse/qla2xxx-return-ebusy-on-fcport-deletion.patch with upstream version. - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - commit 3c29fc6 - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - commit 994c3ae - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). Refresh: - patches.suse/qla2xxx-return-ebusy-on-fcport-deletion.patch - commit cfc1ae5 - crypto: sha - split sha.h into sha1.h and sha2.h (jsc#SLE-14454). - Refresh patches.suse/add-product-identifying-information-to-vmcoreinfo.patch. - commit 8180f5f - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - commit 6c7ebde - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - commit 37de46f - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - Refresh patches.suse/platform-x86-intel-vbtn-Allow-switch-events-on-Acer-.patch. - commit b789099 - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - commit 3fd302b - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - commit d3789b9 - series.conf: refresh - update upstream references and resort: patches.suse/scsi-fnic-avoid-looping-in-trans-eth-on-unload patches.suse/scsi-fnic-change-shost_printk-to-fnic_fcs_dbg patches.suse/scsi-fnic-change-shost_printk-to-fnic_main_dbg patches.suse/scsi-fnic-set-scsi_set_resid-only-for-underflow patches.suse/scsi-fnic-validate-io_req-before-others - commit 3190615 - series.conf: refresh - update upstream reference and resort: patches.suse/ibmvnic-add-some-debugs.patch - commit 5542884 ++++ snapper: - added option to abbreviate columns in table (see gh#openSUSE/snapper#268) - version 0.8.15 ++++ libvirt: - qemu: Fix logic bug in inactive snapshot deletion 0ddebdb4-qemu-snapshot-deletion.patch boo#1180049 ++++ libxml2: - Security fix: [bsc#1161521, CVE-2019-20388] * Memory leak in xmlSchemaPreRun in xmlschemas.c - Add libxml2-CVE-2019-20388.patch ++++ zstd: - Update to version 1.4.7 * Improved --long mode * --long now automatically enabled for any window size >= 128MB * Faster decompression of small blocks * CLI improvements + accept parameter through environment variable ZSTD_NBTHREADS + new command --output-dir-mirror + more accurate warning and error messages * New experimental features + Shared Thread Pool + Faster Dictionary Compression + New Sequence Ingestion API * Drop upstream fix-lib-build.patch ++++ libxml2-python: - Security fix: [bsc#1161521, CVE-2019-20388] * Memory leak in xmlSchemaPreRun in xmlschemas.c - Add libxml2-CVE-2019-20388.patch ++++ python-urllib3: - Add CI variable, which makes timeouts in the test suite longer (gh#urllib3/urllib3#2109, bsc#1176389) and test_timeout_errors_cause_retries should not fail. ++++ yast2-trans: - Update to version 84.87.20201217.4c32b71e71: * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (German) * Translated using Weblate (Portuguese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'security'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * New POT for text domain 'security'. * New POT for text domain 'network'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) ------------------------------------------------------------------ ------------------ 2020-12-16 - Dec 16 2020 ------------------- ------------------------------------------------------------------ ++++ glibc: - aarch64-getauxval.patch: aarch64: Accept PLT calls to __getauxval within libc.so (bsc#1167939) - iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - printf-long-double-non-normal.patch: x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - get-nprocs-cpu-online-parsing.patch: Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ++++ kernel-default: - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - commit 775fe31 - crypto: qat - add support for broadcasting mode (jsc#SLE-14454). - commit 3eb975b - crypto: qat - add support for shared ustore (jsc#SLE-14454). - commit 8208824 - crypto: qat - allow to target specific AEs (jsc#SLE-14454). - commit 95c0bc6 - crypto: qat - add FCU CSRs to chip info (jsc#SLE-14454). - commit cced259 - crypto: qat - add CSS3K support (jsc#SLE-14454). - commit 5745db4 - crypto: qat - use ae_mask (jsc#SLE-14454). - commit 8f00dce - crypto: qat - add check for null pointer (jsc#SLE-14454). - crypto: qat - add misc control CSR to chip info (jsc#SLE-14454). - crypto: qat - add wake up event to chip info (jsc#SLE-14454). - commit 5b4f1a7 - crypto: qat - add clock enable CSR to chip info (jsc#SLE-14454). - commit 0a0ceac - crypto: qat - add reset CSR and mask to chip info (jsc#SLE-14454). - crypto: qat - add local memory size to chip info (jsc#SLE-14454). - commit 668485e - crypto: qat - add support for lm2 and lm3 (jsc#SLE-14454). - commit 7ae2a53 - crypto: qat - add next neighbor to chip_info (jsc#SLE-14454). - crypto: qat - replace check based on DID (jsc#SLE-14454). - commit 5d786df - crypto: qat - introduce chip info structure (jsc#SLE-14454). - crypto: qat - refactor long expressions (jsc#SLE-14454). - commit 417a900 - crypto: qat - refactor qat_uclo_set_ae_mode() (jsc#SLE-14454). - commit a769fdf - crypto: qat - move defines to header files (jsc#SLE-14454). - commit 316c7a5 - crypto: qat - remove global CSRs helpers (jsc#SLE-14454). - commit 4eedc22 - crypto: qat - refactor AE start (jsc#SLE-14454). - commit 20a1098 - crypto: qat - change micro word data mask (jsc#SLE-14454). - crypto: qat - change type for ctx_mask (jsc#SLE-14454). - crypto: qat - add support for relative FW ucode loading (jsc#SLE-14454). - commit d529f37 - crypto: qat - rename qat_uclo_del_uof_obj() (jsc#SLE-14454). - commit 67574e7 - crypto: qat - introduce additional parenthesis (jsc#SLE-14454). - commit 755a426 - crypto: qat - remove unnecessary parenthesis (jsc#SLE-14454). - commit 4966907 - crypto: qat - fix error message (jsc#SLE-14454). - crypto: qat - fix CSR access (jsc#SLE-14454). - commit 9206fc3 - crypto: qat - support for mof format in fw loader (jsc#SLE-14454). - crypto: qat - replace pci with PCI in comments (jsc#SLE-14454). - commit 9c9c3c5 - crypto: qat - remove cast for mailbox CSR (jsc#SLE-14454). - commit 62896ad - crypto: qat - remove unneeded semicolon (jsc#SLE-14454). - commit 9e0b68a - crypto: qat - extend ae_mask (jsc#SLE-14454). - commit e36c762 - crypto: qat - allow for instances in different banks (jsc#SLE-14454). - commit d74dd80 - crypto: qat - refactor qat_crypto_dev_config() (jsc#SLE-14454). - commit 7b787fc - crypto: qat - refactor qat_crypto_create_instances() (jsc#SLE-14454). - commit d0bcaed - crypto: qat - change return value in adf_cfg_key_val_get() (jsc#SLE-14454). - commit f698585 - crypto: qat - change return value in adf_cfg_add_key_value_param() (jsc#SLE-14454). - commit 707ca4a - crypto: qat - remove unnecessary void* casts (jsc#SLE-14454). - commit 428b2be - crypto: qat - call functions in adf_sriov if available (jsc#SLE-14454). - commit 56a083b - crypto: qat - remove hardcoded bank irq clear flag mask (jsc#SLE-14454). - commit 87975f0 - crypto: qat - abstract writes to arbiter enable (jsc#SLE-14454). - commit c2673fd - crypto: qat - use BIT_ULL() - 1 pattern for masks (jsc#SLE-14454). - commit 4e50301 - crypto: qat - replace constant masks with GENMASK (jsc#SLE-14454). - commit ace21f7 - crypto: qat - abstract build ring base (jsc#SLE-14454). - commit 45f06e6 - crypto: qat - enable ring after pair is programmed (jsc#SLE-14454). - commit 876666b - crypto: qat - register crypto instances based on capability (jsc#SLE-14454). - Refresh patches.suse/QAT-add-suse_kabi_padding.patch. - commit f62a6a6 - crypto: qat - add support for capability detection (jsc#SLE-14454). - commit f5cb13a - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - commit b808e1d - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - commit ad662c6 - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - commit c3cca6a - crypto: qat - abstract arbiter access (jsc#SLE-14454). - commit 8234ef6 - crypto: qat - remove unused macros in arbiter module (jsc#SLE-14454). - commit ace40aa - crypto: qat - remove writes into WQCFG (jsc#SLE-14454). - commit 1f08531 - crypto: qat - update constants table (jsc#SLE-14454). - commit 42213a3 - crypto: qat - use admin mask to send fw constants (jsc#SLE-14454). - commit 82fccc5 - crypto: qat - change admin sequence (jsc#SLE-14454). - crypto: qat - rename ME in AE (jsc#SLE-14454). - commit 3b63177 - do_epoll_ctl(): clean the failure exits up a bit (bsc#1180031,CVE-2020-0466). - epoll: Keep a reference on files added to the check list (bsc#1180031). - commit 5e9b787 - blacklist.conf: bcee52789588 ("tracing: Fix userstacktrace option for instances") The kernel is missing many prerequisities. It is not worth it as it is. - commit e39f16a - Update patch reference for wireless fix (CVE-2020-27068 bsc#1180086) - commit 170f743 - platform/x86: mlx-platform: Fix item counter assignment for MSN2700/ComEx system (git-fixes). - mmc: sdhci: tegra: fix wrong unit with busy_timeout (git-fixes). - spi: imx: fix reference leak in two imx operations (git-fixes). - driver: core: Fix list corruption after device_del() (git-fixes). - iwlwifi: dbg-tlv: fix old length in is_trig_data_contained() (git-fixes). - mt76: mt7615: fix rdd mcu cmd endianness (git-fixes). - mt76: mt7915: fix endian issues (git-fixes). - mt76: fix tkip configuration for mt7615/7663 devices (git-fixes). - mt76: fix memory leak if device probing fails (git-fixes). - mt76: mt7915: fix sparse warning cast from restricted __le16 (git-fixes). - mt76: set fops_tx_stats.owner to THIS_MODULE (git-fixes). - mt76: mt7915: set fops_sta_stats.owner to THIS_MODULE (git-fixes). - mt76: add back the SUPPORTS_REORDERING_BUFFER flag (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix: LL PRivacy BLE device fails to connect (git-fixes). - brcmfmac: fix error return code in brcmf_cfg80211_connect() (git-fixes). - brcmfmac: Fix memory leak for unpaired brcmf_{alloc/free} (git-fixes). - rtw88: remove extraneous 'const' qualifier (git-fixes). - drm/doc: Document that modifiers are always required for fb (git-fixes). - netdevsim: Add debugfs toggle to reject BPF programs in verifier (git-fixes). - commit 3b2d7b6 - platform/x86: mlx-platform: remove an unused variable (git-fixes). - USB: serial: option: add interface-number sanity check to flag handling (git-fixes). - commit bff4f99 - USB: serial: mos7720: fix parallel-port state restore (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). - commit f265436 - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - USB: serial: keyspan_pda: fix write unthrottling (git-fixes). - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - USB: serial: keyspan_pda: fix stalled writes (git-fixes). - USB: serial: keyspan_pda: fix write deadlock (git-fixes). - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - commit 7596d48 - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - commit 6c576b3 - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: pic32: Don't leak DMA channels in probe error path (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - commit 51e204b - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - commit 51236be - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - commit 8a400aa - crypto: qat - add packed to init admin structures (jsc#SLE-14454). - commit bffc702 - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - Revert "platform/x86: wmi: Destroy on cleanup rather than unregister" (git-fixes). - platform/chrome: cros_ec_spi: Don't overwrite spi::mode (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - commit 4690027 - crypto: qat - abstract admin interface (jsc#SLE-14454). - commit 10773c4 - PCI: brcmstb: Initialize "tmp" before use (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - orinoco: Move context allocation after processing the skb (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - commit e021aed - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - mac80211: don't set set TDLS STA bandwidth wider than possible (git-fixes). - commit 2fd9b35 - crypto: qat - relocate GEN2 CSR access code (jsc#SLE-14454). - commit aa3be04 - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - Revert "i2c: i2c-qcom-geni: Fix DMA transfer race" (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio: buffer: Fix demux update (git-fixes). - extcon: max77693: Fix modalias string (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - commit 59cf4f4 - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - commit 172d8d6 - drm/tegra: output: Don't leak OF node on error (jsc#SLE-15847). - commit 17189d0 - crypto: qat - split transport CSR access logic (jsc#SLE-14454). - commit a3a10f0 - phy: tegra: xusb: Fix usb_phy device driver field (jsc#SLE-15847). - clk: tegra: bpmp: Clamp clock rates on requests (jsc#SLE-15847). - cpufreq: tegra194: Rename tegra194_get_speed_common function (jsc#SLE-15847). - cpufreq: tegra194: Remove unnecessary frequency calculation (jsc#SLE-15847). - cpufreq: tegra186: Simplify cluster information lookup (jsc#SLE-15847). - cpufreq: tegra186: Fix sparse 'incorrect type in assignment' warning (jsc#SLE-15847). - cpufreq: tegra194: get consistent cpuinfo_cur_freq (jsc#SLE-15847). - phy: tegra: Don't warn on probe deferral (jsc#SLE-15847). - drm/tegra: output: Do not put OF node twice (jsc#SLE-15847). - drm/tegra: sor: Don't warn on probe deferral (jsc#SLE-15847). - cpufreq: tegra186: Fix get frequency callback (jsc#SLE-15847). - memory: tegra: Remove GPU from DRM IOMMU group (jsc#SLE-15847). - drm/tegra: Properly reference count the DDC I2C adapter (jsc#SLE-15847). - iommu/tegra-smmu: Prune IOMMU group when it is released (jsc#SLE-15847). - iommu/tegra-smmu: Balance IOMMU group reference count (jsc#SLE-15847). - iommu/tegra-smmu: Set IOMMU group name (jsc#SLE-15847). - cpufreq: tegra186: Fix initial frequency (jsc#SLE-15847). - commit 9e4289a - crypto: qat - fix configuration of iov threads (jsc#SLE-14454). - commit 4028436 - crypto: qat - num_rings_per_bank is device dependent (jsc#SLE-14454). - crypto: qat - mask device capabilities with soft straps (jsc#SLE-14454). - commit a55dc52 - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - commit 35aef63 - ath10k: Fix the parsing error in service available event (git-fixes). - commit ae02c89 - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" (git-fixes). - commit 2779aa4 - ASoC: qcom: common: Fix refcounting in qcom_snd_parse_of() (git-fixes). - commit 4c7929f - ASoC: max98390: Fix error codes in max98390_dsm_init() (git-fixes). - commit 9ec9be4 - soundwire: intel: fix another unused-function warning (jsc#SLE-16518). - soundwire: master: use pm_runtime_set_active() on add (jsc#SLE-16518). - soundwire: qcom: Fix build failure when slimbus is module (jsc#SLE-16518). - commit 5c4cbf1 - Move upstreamed soundwire patches into sorted section - commit 9be4676 - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - commit da75bee - soundwire: Fix DEBUG_LOCKS_WARN_ON for uninitialized attribute (jsc#SLE-16518). - commit d23ae0b - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - commit 4f3475b - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - commit c98a089 - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - commit baad43e - ASoC: SOF: Intel: hda: fix the condition passed to sof_dev_dbg_or_err (jsc#SLE-16518). - ASoC: SOF: modify the SOF_DBG flags (jsc#SLE-16518). - ASoC: SOF: Intel: hda: remove duplicated status dump (jsc#SLE-16518). - ASoC: SOF: imx: update kernel-doc description (jsc#SLE-16518). - ASoC: topology: Fix wrong size check (jsc#SLE-16518). - ASoC: topology: Add missing size check (jsc#SLE-16518). - ASoC: SOF: Intel: add SoundWire support for ADL-S (jsc#SLE-16518). - ASoC: Intel: common: add ACPI matching tables for Alder Lake (jsc#SLE-16518). - ASoC: Intel: cht_bsw_nau8824: Change SSP2-Codec DAI id to 0 (jsc#SLE-16518). - ASoC: Intel: cht_bsw_nau8824: Drop compress-cpu-dai bits (jsc#SLE-16518). - ASoC: intel: sof_rt5682: Add support for tgl_rt1011_rt5682 (jsc#SLE-16518). - commit df54797 - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - commit db44ceb - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - commit 1de4514 - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - commit 677c5ba - ASoC: SOF: trace: Add runtime trace filtering mechanism (jsc#SLE-16518). - ASoC: SOF: control: fix cppcheck warning in snd_sof_volume_info() (jsc#SLE-16518). - ASoC: SOF: Intel: hda: add sof_icl_ops for ICL platforms (jsc#SLE-16518). - ASoC: SOF: ops: modify the signature of stall op (jsc#SLE-16518). - ASoC: SOF: ext_manifest: parse cavs extra config data elem (jsc#SLE-16518). - ASoC: SOF: Intel: hda: define parse_platform_ext_manifest op (jsc#SLE-16518). - ASoC: SOF: ops: add parse_platform_ext_manifest() op (jsc#SLE-16518). - ASoC: SOF: Add `memory_info` file to debugfs (jsc#SLE-16518). - ASoC: SOF: Change section comment for SOF_IPC_TEST_ (jsc#SLE-16518). - ASoC: SOF: Improve code alignment in header.h (jsc#SLE-16518). - ASoC: SOF: ext_manifest: Parse firmware config dictionary (jsc#SLE-16518). - ASoC: SOF: nocodec: modify DAI link definitions (jsc#SLE-16518). - ASoC: SOF: IPC: fix implicit type overflow (jsc#SLE-16518). - commit 478e999 - ASoC: SOF: Intel: allow for coexistence between SOF and catpt drivers (jsc#SLE-16518). - Update config files. - commit f7947cd - ALSA: hda: intel-dsp-config: ignore dsp_driver parameter for PCI legacy devices (jsc#SLE-16518). - commit 63ddb05 - ASoC: Intel: broadwell: set card and driver name dynamically (jsc#SLE-16518). - ALSA: hda: intel-dsp-config: add Broadwell ACPI DSP driver selection (jsc#SLE-16518). - commit dbb4f88 - ASoC: SOF: Intel: allow for coexistence between SOF and Atom/SST drivers (jsc#SLE-16518). - Update config files. - commit 5c50712 - crypto: qat - update IV in software (jsc#SLE-14454). - Refresh patches.suse/QAT-add-suse_kabi_padding.patch. - commit 02c439a - crypto: qat - remove unused function (jsc#SLE-14454). - commit edc1305 - ASoC: Intel: Atom: add dynamic selection of DSP driver (jsc#SLE-16518). - commit 7c727eb - ASoC: SOF: acpi: add dynamic selection of DSP driver (jsc#SLE-16518). - commit 14933b4 - ASoC: Intel: byt/cht: set pm ops dynamically (jsc#SLE-16518). - commit 5bab293 - ASoC: Intel: boards: byt/cht: set card and driver name at run time (jsc#SLE-16518). - commit 8837dc6 - ALSA: hda: intel-dsp-config: add helper for ACPI DSP driver selection (jsc#SLE-16518). - commit 18cdfb4 - ASoC: Intel: bdw-rt5677: add missing pm_ops (jsc#SLE-16518). - commit 25029ef - ASoC: Intel: Boards: tgl_max98373: add dpcm_capture flag for speaker_smart_amp (jsc#SLE-16518). - commit d6b111c - ASoC: topology: Simplify remove_widget function (jsc#SLE-16518). - commit b057eed - ASoC: topology: Remove empty functions (jsc#SLE-16518). - commit 3f721cb - ASoC: topology: Change allocations to resource managed (jsc#SLE-16518). - commit ea837e4 - ASoC: topology: Unify all device references (jsc#SLE-16518). - commit 10328ad - ASoC: topology: Remove multistep topology loading (jsc#SLE-16518). - commit 364e86e - ASoC: topology: Remove unused functions from topology API (jsc#SLE-16518). - commit 0dc5676 - ASoC: soc-acpi: add helper to identify parent driver (jsc#SLE-16518). - commit d308530 - ASoC: Intel: broadwell: add missing pm_ops (jsc#SLE-16518). - commit bab05a6 - ASoC: SOF: control: override volume info callback (jsc#SLE-16518). - commit 67c8df2 - ASoC: SOF: Intel: add hw specific PCM constraints (jsc#SLE-16518). - commit 02c0e0b - ASoC: SOF: relax PCM period and buffer size constraints (jsc#SLE-16518). - commit ce00821 - ASoC: Fix 7/8 spaces indentation in Kconfig (jsc#SLE-16518). - commit 53e4ae3 - ASoC: intel: SND_SOC_INTEL_KEEMBAY should depend on ARCH_KEEMBAY (jsc#SLE-16518). - commit a961770 - ASoC: Intel: keembay: use inclusive language for bclk and fsync (jsc#SLE-16518). - commit 726a785 - ASoC: Intel: atom: use inclusive language for SSP bclk/fsync (jsc#SLE-16518). - commit 3078a9f - ASoC: SOF: use inclusive language for bclk and fsync (jsc#SLE-16518). - commit d738d67 - ASoC: topology: use inclusive language for bclk and fsync (jsc#SLE-16518). - commit 3e92b8e - ASoC: SOF: Intel: fix Kconfig dependency for SND_INTEL_DSP_CONFIG (jsc#SLE-16518). - commit 65bf32d - ASoC: SOF: Intel: fix Kconfig punctuation and wording (jsc#SLE-16518). - commit e2d566a - ASoC: SOF: Kconfig: fix Kconfig punctuation and wording (jsc#SLE-16518). - commit 32e6a72 - ASoC: SOF: imx: fix Kconfig punctuation (jsc#SLE-16518). - commit f4194f0 - ASoC: Intel: sof_sdw: add quirk for new TigerLake-SDCA device (jsc#SLE-16518). - commit 7aadcdd - ASoC: SOF: loader: do not warn about unknown firmware headers (jsc#SLE-16518). - commit 1bf0f28 - ASoC: intel: sof_rt5682: Add quirk for Dooly (jsc#SLE-16518). - commit 8100bff - ASoC: intel: sof_rt5682: Add support for cml_rt1015_rt5682 (jsc#SLE-16518). - commit bb5fa3d - ASoC: SOF: sof-audio: remove goto used for force-nocodec support (jsc#SLE-16518). - commit 81aeb29 - ASoC: SOF: topology: remove const in sizeof() (jsc#SLE-16518). - commit 66b10d3 - ASoC: SOF: control: remove const in sizeof() (jsc#SLE-16518). - commit 2b84b77 - ASoC: SOF: Intel: hda: use semicolons rather than commas to separate statements (jsc#SLE-16518). - commit 3f2432e - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - commit 492cf46 - ASoC: Intel: bytcr_rt5651: use semicolons rather than commas to separate statements (jsc#SLE-16518). - commit 6d8047e - ASoC: SOF: Intel: initial support for Alderlake-S (jsc#SLE-13489). - Update config files. - commit fac4baf - ASoC: amd: support other audio modes for raven (git-fixes). - ASoC: AMD Renoir - add DMI table to avoid the ACP mic probe (broken BIOS) (git-fixes). - ASoC: AMD Raven/Renoir - fix the PCI probe (PCI revision) (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: Boards: tgl_max98373: update TDM slot_width (git-fixes). - ASoC: amd: Return -ENODEV for non-existing ACPI call (git-fixes). - ASoC: amd: Downgrade print level for invalid ACP mode (git-fixes). - commit 7df7491 - ALSA: hda/ca0132 - Add ZxR surround DAC setup (git-fixes). - ALSA: hda/ca0132 - Add 8051 PLL write helper functions (git-fixes). - ALSA: hda/ca0132 - Remove now unnecessary DSP setup functions (git-fixes). - ALSA: hda/ca0132 - Ensure DSP is properly setup post-firmware download (git-fixes). - ALSA: hda/ca0132 - Add 8051 exram helper functions (git-fixes). - ALSA: hda/ca0132 - Add stream port remapping function (git-fixes). - ALSA: hda/ca0132 - Reset codec upon initialization (git-fixes). - ALSA: hda/hdmi: fix silent stream for first playback to DP (git-fixes). - ALSA: seq: Use bool for snd_seq_queue internal flags (git-fixes). - ALSA: hda/ca0132: Move unsol callback setups to parser (git-fixes). - ALSA: compress: allow pause and resume during draining (git-fixes). - ALSA: hdspm: Fix fall-through warnings for Clang (git-fixes). - ALSA: remove unneeded break (git-fixes). - commit 24cbc87 - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove "default m" (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - commit 8f99a8a - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - commit 4d4db90 - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - commit f6ae090 - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - commit 87f324b - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - commit b46aa44 - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - commit cbe79ef - Move upstreamed USB-audio patches into sorted section - commit 6078fcf - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - commit 140fd58 - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - commit aad16e5 - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - commit 323fa02 - sched/fair: Refill bandwidth before scaling (git-fixes) - commit 6f148d9 ++++ multipath-tools: - Update to version 0.8.5+12+suse.3b0e9ca * libmultipath: force map reload if udev incomplete (bsc#1178662, bsc#1172157, bsc#1175454, bsc#1176406) - Fixes from upstream 0.8.5 * multipath-tools: add MacroSAN arrays to hwtable * libmultipath: Allow discovery of USB devices (add configuration option "allow_usb_devices") ++++ systemd: - Enable support for zstd compression systemd-journald will now use zstd for compressing large fields in journal files. systemd-coredump will also use this algorithm to compress coredump files. Please note that systemd older than v246 won't be able to read new journal files as zstd algorithm is not supported by these versions. This incompatible change was actually not the only one introduced by v246 since the hash tables in journal files have been hardened against hash collisions too in an incompatible way with older versions. ++++ raspberrypi-firmware: - Update to 8a5549c (2020-12-15): * firmware: dmalib: Allow sdcard to borrow channel 6 See: #1511 See: Hexxeh/rpi-firmware#251 See: https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=294932 ++++ raspberrypi-firmware-config: - Update to 8a5549c (2020-12-15): * firmware: dmalib: Allow sdcard to borrow channel 6 See: #1511 See: Hexxeh/rpi-firmware#251 See: https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=294932 ++++ samba: - Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514); ------------------------------------------------------------------ ------------------ 2020-12-15 - Dec 15 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - sched/fair: Fix race between runtime distribution and (git-fixes) - commit 73cd7f5 - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - commit c4c367e - Update patches.suse/HID-Fix-slab-out-of-bounds-read-in-hid_field_extract.patch (bsc#1180052). Identified as security issue. bsc added. - commit 02607b9 - Update patches.suse/HID-Fix-slab-out-of-bounds-read-in-hid_field_extract.patch (bsc#1180052). Patch identified as security issue. bsc added. - commit 88ee41b - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - commit 3a73547 - crypto: caam - fix printing on xts fallback allocation error path (git-fixes). - commit fd68750 - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - commit e1943c2 - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - commit 9a7e1fb - iommu/hyper-v: Remove I/O-APIC ID check from hyperv_irq_remapping_select() (jsc#SLE-16823). - iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (jsc#SLE-16823). - iommu/amd: Fix union of bitfields in intcapxt support (jsc#SLE-16823). - x86/ioapic: Correct the PCI/ISA trigger type selection (jsc#SLE-16823). - commit 2f4c498 - x86/ioapic: Use I/O-APIC ID for finding irqdomain, not index (jsc#SLE-16823). - x86/hyperv: Enable 15-bit APIC ID if the hypervisor supports it (jsc#SLE-16823). - x86/kvm: Enable 15-bit extension when KVM_FEATURE_MSI_EXT_DEST_ID detected (jsc#SLE-16823). - iommu/hyper-v: Disable IRQ pseudo-remapping if 15 bit APIC IDs are available (jsc#SLE-16823). - x86/apic: Support 15 bits of APIC ID in MSI where available (jsc#SLE-16823). - x86/ioapic: Handle Extended Destination ID field in RTE (jsc#SLE-16823). - iommu/vt-d: Simplify intel_irq_remapping_select() (jsc#SLE-16823). - x86: Kill all traces of irq_remapping_get_irq_domain() (jsc#SLE-16823). - x86/ioapic: Use irq_find_matching_fwspec() to find remapping irqdomain (jsc#SLE-16823). - x86/hpet: Use irq_find_matching_fwspec() to find remapping irqdomain (jsc#SLE-16823). - iommu/hyper-v: Implement select() method on remapping irqdomain (jsc#SLE-16823). - iommu/vt-d: Implement select() method on remapping irqdomain (jsc#SLE-16823). - iommu/amd: Implement select() method on remapping irqdomain (jsc#SLE-16823). - x86/apic: Add select() method on vector irqdomain (jsc#SLE-16823). - genirq/irqdomain: Implement get_name() method on irqchip fwnodes (jsc#SLE-16823). - x86/ioapic: Generate RTE directly from parent irqchip's MSI message (jsc#SLE-16823). - x86/ioapic: Cleanup IO/APIC route entry structs (jsc#SLE-16823). - x86/io_apic: Cleanup trigger/polarity helpers (jsc#SLE-16823). - x86/msi: Remove msidef.h (jsc#SLE-16823). - x86/pci/xen: Use msi_msg shadow structs (jsc#SLE-16823). - x86/kvm: Use msi_msg shadow structs (jsc#SLE-16823). - PCI: vmd: Use msi_msg shadow structs (jsc#SLE-16823). - iommu/amd: Use msi_msg shadow structs (jsc#SLE-16823). - iommu/intel: Use msi_msg shadow structs (jsc#SLE-16823). - x86/msi: Provide msi message shadow structs (jsc#SLE-16823). - genirq/msi: Allow shadow declarations of msi_msg:: $member (jsc#SLE-16823). - x86/hpet: Move MSI support into hpet.c (jsc#SLE-16823). - x86/apic: Always provide irq_compose_msi_msg() method for vector domain (jsc#SLE-16823). - x86/apic: Cleanup destination mode (jsc#SLE-16823). - x86/apic: Get rid of apic:: Dest_logical (jsc#SLE-16823). - x86/apic: Replace pointless apic:: Dest_logical usage (jsc#SLE-16823). - x86/apic: Cleanup delivery mode defines (jsc#SLE-16823). - x86/devicetree: Fix the ioapic interrupt type table (jsc#SLE-16823). - x86/apic/uv: Fix inconsistent destination mode (jsc#SLE-16823). - x86/msi: Only use high bits of MSI address for DMAR unit (jsc#SLE-16823). - x86/apic: Fix x2apic enablement without interrupt remapping (jsc#SLE-16823). - commit e68f7b8 - Update patch reference for audit security fix (CVE-2020-0444 bsc#1180027) - commit 8236de7 - Update patch reference for HID security fix (CVE-2020-0465 bsc#1180029) - commit c0d38cb - Update patches.suse/SUNRPC-Fix-SUNRPC-Add-len-parameter-to-gss_unwrap.patch (git-fixes). - commit c1a6212 ++++ kernel-firmware: - add banana pi brcm wireless symlinks to extrawhence ++++ numactl: - Enable LTO (boo#1133098) as it works now. ++++ netcat-openbsd: - Build with hidden visibility since no symbols should be exported - enable-udp-ip_recverr.patch: Enable IP_RECVERR on UDP sockets to match *bsd behaviour and avoid long timeouts if an error ocurrs. ++++ raspberrypi-firmware: - Update to 8cd7665 (2020-12-14): * firmware: Use DMA40 for PWM audio * firmware: imx477: Replace existing 720p120 mode with a new 1332x990 120fps mode * firmware: arm_loader: Allow max_framebuffers=0 to disable framebuffers See: #1507 ++++ raspberrypi-firmware-config: - Update to 8cd7665 (2020-12-14): * firmware: Use DMA40 for PWM audio * firmware: imx477: Replace existing 720p120 mode with a new 1332x990 120fps mode * firmware: arm_loader: Allow max_framebuffers=0 to disable framebuffers See: #1507 ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#440 - add system-group-kvm explicitly - 16.28 ++++ yast2: - Removed SCR agent .etc.inittab which is obsolete because SysVinit is no longer supported (bsc#1175494). - 4.3.46 ------------------------------------------------------------------ ------------------ 2020-12-14 - Dec 14 2020 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.74.0 * Changes: hsts: add experimental support for Strict-Transport-Security * Bugfixes: - Inferior OCSP verification [bsc#1179593, CVE-2020-8286] - FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285] - trusting FTP PASV responses [bsc#1179398, CVE-2020-8284] - Revert "multi: implement wait using winsock events" - openssl: free mem_buf in error path - ntlm: avoid malloc(0) on zero length user and domain - ngtcp2: use the minimal version of QUIC supported by ngtcp2 - ngtcp2: advertise h3 ALPN unconditionally - file: avoid duplicated code sequence - openssl: guard against OOM on context creation - docs: document the 8MB input string limit for curl_easy_escape and curl_easy_setopt() - hsts: add read/write callbacks - hsts: add support for Strict-Transport-Security - alt-svc: enable by default - checksrc: warn on empty line before open brace - connect: repair build without ipv6 availability - curl.se: new home - ftp: retry getpeername for FTP with TCP_FASTOPEN - gnutls: fix memory leaks (certfields memory wasn't released) - http: pass correct header size to debug callback for chunked post - libssh2: fix transport over HTTPS proxy - openssl: guard against OOM on context creation - openssl: use OPENSSL_init_ssl() with >= 1.1.0 - Revert "multi: implement wait using winsock events" - socks: check for DNS entries with the right port number - tool_operate: --retry for HTTP 408 responses too - tool_operate: bail out proper on errors during parallel transfers - urlapi: don't accept blank port number field without scheme - urlapi: URL encode a '+' in the query part - vquic/ngtcp2.h: define local_addr as sockaddr_storage - Update check section: * runtests now supports dynamically base64 encoded sections in tests * Replace env interpreter for perl and python3 - Remove curl-use_OPENSSL_config.patch since the OpenSSL initialization has been updated to use OPENSSL_init_ssl() with >= 1.1.0 ++++ docker: - Enable fish-completion ++++ dracut: - Update to version 051 (051+suse.84.gc6bd70b8): * suse.spec: add 051 modules dbus, wicked * Update AUTHORS, NEWS * Drop 51-dracut-rescue-postinst.sh entirely * Revert "Retrieve service, rpc and protcol entries via getent in hostonly mode" * Adding stalebot file * Revert "Add --uefi-output for custom output filename" * Improve documentation of iso-scan/filename feature * multipathd: fix the comparison * 06dbus: consider dbus-broker * 06dbus: Add busctl as a more useful tool * 06dbus: Include dbus or messagebus group and user, depending on distro * 35network-wicked: openSUSE Factory has reintroduced libexec * 35network-wicked: install ip utility anyway * 35network-wicked: Run wicked early enough to unlock block devices * 06dbus: Do not install superfluous services * 40network: introduce wicked option * 35network-wicked: introduce wicked support module * 06dbus: introduce dbus support * Add --uefi-output for custom output filename * 95fcoe: don't install if there is no FCoE hostonly devices * 95fcoe: ensure needed modules are installed * dracut-install: Globbing support for resolving "firmware:" * dracut-bash-completion.sh: add positional argument completion * Prevent creating unexpected files on the host when running dracut (bsc#1176171) * configure: Find FTS library with --as-needed ++++ kernel-default: - btrfs: qgroup: don't try to wait flushing if we're already holding a transaction (bsc#1179575). - commit 7eae617 - supported.conf: Mark exfat as fully supported (bsc#1179882) Moves exfat from kernel-default-extra to kernel-default - commit 619a3f5 - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179611 LTC#190155). - commit 8805bd5 - s390/pci: adaptation of iommu to multifunction (bsc#1179611 LTC#190155). - Refresh patches.suse/s390-pci-create-zpci-bus. - Refresh patches.suse/s390-pci-handling-multifunctions. - commit 18ace9e - s390/purgatory: do not build purgatory with kcov, kasan and friends (bsc#1179603 LTC#190152). - commit 2fdc981 - s390/qeth: Remove pnso workaround (bsc#1179565 LTC#190112). - commit 3eaa0fe - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (bsc#1179205 LTC#189977). - net/smc: fix matching of existing link groups (bsc#1179205 LTC#189977). - commit 0e174e5 - Update config files. - Delete patches.suse/1842-xen-add-helpers-to-allocate-unpopulated-memory.patch. As discussed with Juergen Gross per email, the patch might break xen guests and is not strictly required for the DRM backport. v2. As mentioned by Jessica, remove CONFIG_XEN_UNPOPULATED_ALLOC as it also goes away. - commit 2d34f4b - hwmon: (amd_energy) modify the visibility of the counters (jsc#SLE-14262 bsc#1178760). - hwmon: (amd_energy) Improve the accumulation logic (jsc#SLE-14262). - hwmon: (amd_energy) optimize accumulation interval (jsc#SLE-14262). - hwmon: (amd_energy) Move label out of accumulation structure (jsc#SLE-14262). - commit 4692751 - PCI: tegra: Disable LTSSM during L2 entry (bsc#1179344). - PCI: tegra: Check return value of tegra_pcie_init_controller() (bsc#1179344). - PCI: tegra: Continue unconfig sequence even if parts fail (bsc#1179344). - PCI: tegra: Set DesignWare IP version (bsc#1179344). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (bsc#1179344). - commit 9846dd7 - Delete patches.suse/PCI-dwc-Move-dw_pcie_setup_rc-to-DWC-common-code.patch. References: bsc#1179344 - commit bdaf386 - blacklist.conf: correct the cherry-picked commit ID - commit 48385ea - Update patch reference tags for missing CVE entries - commit 24c7af3 - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390: add 3f program exception handler (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - commit 15840e9 - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - commit 1d3596d - ACPI: EC: PM: Flush EC work unconditionally after wakeup (jsc#SLE-16407). - ACPI: EC: PM: s2idle: Extend GPE dispatching debug message (jsc#SLE-16407). - commit a21778d - ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive (jsc#SLE-16407). - ACPI: PM: s2idle: Fix comment in acpi_s2idle_prepare_late() (jsc#SLE-16407). - commit eb134e5 - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - commit 108604c - genirq/PM: Always unlock IRQ descriptor in rearm_wake_irq() (jsc#SLE-16407). - ACPI: EC: PM: Avoid premature returns from acpi_s2idle_wake() (jsc#SLE-16407). - platform/x86: intel_int0002_vgpio: Use acpi_register_wakeup_handler() (jsc#SLE-16407). - ACPI: PM: Add acpi_register_wakeup_handler() (jsc#SLE-16407). - ACPI: PM: s2idle: Refine active GPEs check (jsc#SLE-16407). - ACPI: EC: Fix flushing of pending work (jsc#SLE-16407). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (jsc#SLE-16407). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (jsc#SLE-16407). - commit 7f8bb95 - SUNRPC: Revert 241b1f419f0e ("SUNRPC: Remove xdr_buf_trim()") (git-fixes). - blacklist.conf: Doesn't cause a regression once the previous two patches are included. - SUNRPC: Fix GSS privacy computation of auth->au_ralign (git-fixes). - SUNRPC: Add "@len" parameter to gss_unwrap() (git-fixes). - commit de10d89 - blacklist.conf: two git-fixes that break kabi too much - commit 7df1e74 - blacklist.conf: Add a duplicate - commit 5592171 - ACPICA: Preserve memory opregion mappings (jsc#SLE-16407). - ACPICA: Replace one-element array with flexible-array (jsc#SLE-16407). - ACPICA: iASL: add new OperationRegion subtype keyword PlatformRtMechanism (jsc#SLE-16407). - ACPICA: Fix required parameters for _NIG and _NIH (jsc#SLE-16407). - ACPICA: Disassembler: ignore AE_ALREADY_EXISTS status when parsing create operators (jsc#SLE-16407). - ACPICA: Move acpi_gbl_next_cmd_num definition to acglobal.h (jsc#SLE-16407). - ACPICA: Make acpi_protocol_lengths static (jsc#SLE-16407). - platform/x86: sony-laptop: Make resuming thermal profile safer (jsc#SLE-16407). - platform/x86: sony-laptop: SNC calls should handle BUFFER types (jsc#SLE-16407). - ACPICA: utilities: fix sprintf() (jsc#SLE-16407). - ACPICA: acpiexec: remove redeclaration of acpi_gbl_db_opt_no_region_support (jsc#SLE-16407). - ACPICA: Change PlatformCommChannel ASL keyword to PCC (jsc#SLE-16407). - ACPICA: Fix a couple of typos (jsc#SLE-16407). - ACPICA: use acpi_size instead of u32 for prefix_path_length (jsc#SLE-16407). - ACPICA: cast length arguement to acpi_ns_build_normalized_path() as u32 (jsc#SLE-16407). - ACPICA: cast the result of the pointer difference to u32 (jsc#SLE-16407). - ACPICA: Table Manager: Update comments in a function header (jsc#SLE-16407). - ACPICA: Enable sleep button on ACPI legacy wake (jsc#SLE-16407). - ACPICA: Fix a comment "enable" fixed events -> "disable" all fixed events (jsc#SLE-16407). - ACPICA: ASL-ASL+ converter: make root file a parameter for cv_init_file_tree (jsc#SLE-16407). - ACPICA: ASL-ASL+ converter: remove function parameters from cv_init_file_tree() (jsc#SLE-16407). - ACPICA: Allow acpi_any_gpe_status_set() to skip one GPE (jsc#SLE-16407). - ACPI: PM: s2idle: Check fixed wakeup events in acpi_s2idle_wake() (jsc#SLE-16407). - ACPI: PM: s2idle: Prevent spurious SCIs from waking up the system (jsc#SLE-16407). - ACPICA: Introduce acpi_any_gpe_status_set() (jsc#SLE-16407). - ACPI: PM: s2idle: Avoid possible race related to the EC GPE (jsc#SLE-16407). - ACPI/sleep: Convert acpi_wakeup_address into a function (jsc#SLE-16407). - ACPICA: All acpica: Update copyrights to 2020 Including tool signons (jsc#SLE-16407). - ACPICA: Dispatcher: always generate buffer objects for ASL create_field() operator (jsc#SLE-16407). - ACPICA: debugger: fix spelling mistake "adress" -> "address" (jsc#SLE-16407). - ACPI: PM: s2idle: Rework ACPI events synchronization (jsc#SLE-16407). - ACPI: EC: Rework flushing of pending work (jsc#SLE-16407). - ACPICA: debugger: remove leading whitespaces when converting a string to a buffer (jsc#SLE-16407). - ACPICA: acpiexec: initialize all simple types and field units from user input (jsc#SLE-16407). - ACPICA: debugger: add field unit support for acpi_db_get_next_token (jsc#SLE-16407). - ACPICA: debugger: surround field unit output with braces '{' (jsc#SLE-16407). - ACPICA: debugger: add command to dump all fields of particular subtype (jsc#SLE-16407). - ACPICA: utilities: add flag to only display data when dumping buffers (jsc#SLE-16407). - ACPICA: More Clang changes (jsc#SLE-16407). - ACPICA: Win OSL: Replace get_tick_count with get_tick_count64 (jsc#SLE-16407). - ACPICA: Results from Clang (jsc#SLE-16407). - ACPI: PM: Drop Dell XPS13 9360 from LPS0 Idle _DSM blacklist (jsc#SLE-16407). - ACPICA: Add "Windows 2019" string to _OSI support (jsc#SLE-16407). - ACPICA: Differentiate Windows 8.1 from Windows 8 (jsc#SLE-16407). - ACPICA: Fully deploy ACPI_PRINTF_LIKE macro (jsc#SLE-16407). - ACPICA: Fix issues with arg types within printf format strings (jsc#SLE-16407). - ACPICA: Increase total number of possible Owner IDs (jsc#SLE-16407). - ACPICA: Debugger: remove redundant assignment on obj_desc (jsc#SLE-16407). - ACPI: PM: s2idle: Always set up EC GPE for system wakeup (jsc#SLE-16407). - ACPI: PM: s2idle: Avoid rearming SCI for wakeup unnecessarily (jsc#SLE-16407). - PM: suspend: Fix platform_suspend_prepare_noirq() (jsc#SLE-16407). - intel-hid: intel-vbtn: Avoid leaking wakeup_mode set (jsc#SLE-16407). - ACPI: PM: s2idle: Execute LPS0 _DSM functions with suspended devices (jsc#SLE-16407). - ACPI: EC: PM: Make acpi_ec_dispatch_gpe() print debug message (jsc#SLE-16407). - ACPI: EC: PM: Consolidate some code depending on PM_SLEEP (jsc#SLE-16407). - ACPI: PM: s2idle: Eliminate acpi_sleep_no_ec_events() (jsc#SLE-16407). - ACPI: PM: s2idle: Switch EC over to polling during "noirq" suspend (jsc#SLE-16407). - ACPI: PM: s2idle: Add acpi.sleep_no_lps0 module parameter (jsc#SLE-16407). - ACPI: PM: s2idle: Rearrange lps0_device_attach() (jsc#SLE-16407). - ACPI: PM: Set up EC GPE for system wakeup from drivers that need it (jsc#SLE-16407). - PM: sleep: Simplify suspend-to-idle control flow (jsc#SLE-16407). - ACPI: PM: Set s2idle_wakeup earlier and clear it later (jsc#SLE-16407). - ACPI: EC: Return bool from acpi_ec_dispatch_gpe() (jsc#SLE-16407). - ACPICA: Return u32 from acpi_dispatch_gpe() (jsc#SLE-16407). - PCI: irq: Introduce rearm_wake_irq() (jsc#SLE-16407). - commit 632d617 - timers: Always keep track of next expiry (bsc#1179365) - commit ee6d011 ++++ libproxy: - Add 147.patch: python bindings: fix "TypeError: _argtypes_ must be a sequence of types". ++++ systemd: - Explicitly require group(kvm) by udev: the group used to be created by system-users-hardware, but has been split/moved to qemu/kvm, where it is more logical. The file /usr/lib/udev/rules.d/50-udev-default.rules references this group, thus we should make sure the group exists. Otherwise there are errors in the journal in the form of: /usr/lib/udev/rules.d/50-udev-default.rules:86 Unknown group 'kvm', ignoring ++++ linux-glibc-devel: - Update to kernel headers 5.10 ++++ strace: - Update to strace 5.10 * Improvements * libdw-based stack tracing is now enabled for non-native personalities. * Implemented decoding of process_madvise syscall introduced in Linux 5.10. * Updated decoding of pidfd_open syscall to match Linux 5.10. * Updated decoding of membarrier syscall to match Linux 5.10. * Updated lists of ALG_*, BPF_*, INET_DIAG_*, IORING_*, KEY_*, KVM_*, MDBA_*, MEMBARRIER_CMD_*, MS_*, NLMSGERR_*, NT_*, STATX_*, SEGV_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 5.10. * Bug fixes * Added clock_gettime64, clock_settime64, clock_adjtime64, and lock_getres_time64 syscalls to %clock trace class. ++++ yast2-trans: - Update to version 84.87.20201213.376c5d6d35: * Translated using Weblate (Chinese (China)) * New POT for text domain 'security'. * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Indonesian) * New POT for text domain 'registration'. * New POT for text domain 'firstboot'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese) * New POT for text domain 'firstboot'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese (Portugal)) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Added translation using Weblate (Portuguese (Portugal)) ------------------------------------------------------------------ ------------------ 2020-12-13 - Dec 13 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - pinctrl: intel: Actually disable Tx and Rx buffers on GPIO request (git-fixes). - pinctrl: jasperlake: Fix HOSTSW_OWN offset (git-fixes). - pinctrl: jasperlake: Unhide SPI group of pins (git-fixes). - commit 256e3b8 - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - commit 4121b01 - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - USB: serial: ch341: sort device-id entries (git-fixes). - USB: serial: ch341: add new Product ID for CH341A (git-fixes). - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - USB: serial: option: add Fibocom NL668 variants (git-fixes). - commit 4d00577 ------------------------------------------------------------------ ------------------ 2020-12-12 - Dec 12 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - timers: Recalculate next timer interrupt only when necessary (bsc#1179365) - commit 5f04bac - timers: Lower base clock forwarding threshold (bsc#1179365) - commit 72a03ba - timers: Remove must_forward_clk (bsc#1179365) - commit c3083a1 - timers: Spare timer softirq until next expiry (bsc#1179365) - commit 1eaa492 - timers: Expand clk forward logic beyond nohz (bsc#1179365) - commit c14e398 - timers: Reuse next expiry cache after nohz exit (bsc#1179365) - commit 8c6d890 - timers: Optimize _next_timer_interrupt() level iteration (bsc#1179365) - commit 74e8303 - timers: Add comments about calc_index() ceiling work (bsc#1179365) - commit 1709f40 - timers: Move trigger_dyntick_cpu() to enqueue_timer() (bsc#1179365) - commit 79e5013 - timers: Use only bucket expiry for base->next_expiry value (bsc#1179365) - commit dc787a8 - timers: Preserve higher bits of expiration on index (bsc#1179365) - commit 242bf50 - pstore: Fix linking when crypto API disabled (jsc#SLE-16304). - commit cf4291d - mtd: Support kmsg dumper based on pstore/blk (jsc#SLE-16304). - Update config files. - supported.conf: add mtdpstore - commit ffec888 - pstore/blk: Introduce "best_effort" mode (jsc#SLE-16304). - pstore/blk: Support non-block storage devices (jsc#SLE-16304). - pstore/blk: Provide way to query pstore configuration (jsc#SLE-16304). - pstore/zone: Provide way to skip "broken" zone for MTD devices (jsc#SLE-16304). - commit 278b9b6 - Documentation: Add details for pstore/blk (jsc#SLE-16304). - commit f35da88 - pstore/zone,blk: Add ftrace frontend support (jsc#SLE-16304). - Update config files. - commit e482e99 - pstore/zone,blk: Add console frontend support (jsc#SLE-16304). - Update config files. - commit 8e4487a - pstore/zone,blk: Add support for pmsg frontend (jsc#SLE-16304). - Update config files. - commit 03d39a5 - pstore/blk: Introduce backend for block devices (jsc#SLE-16304). - Update config files. - mark fs/pstore as supported - commit 587a2b4 - pstore/zone: Introduce common layer to manage storage zones (jsc#SLE-16304). - commit ba9c226 - ramoops: Add "max-reason" optional field to ramoops DT node (jsc#SLE-16304). - pstore/ram: Introduce max_reason and convert dump_oops (jsc#SLE-16304). - pstore/platform: Pass max_reason to kmesg dump (jsc#SLE-16304). - printk: Introduce kmsg_dump_reason_str() (jsc#SLE-16304). - printk: honor the max_reason field in kmsg_dumper (jsc#SLE-16304). - printk: Collapse shutdown types into a single dump reason (jsc#SLE-16304). - commit e8792b6 - pstore/ftrace: Provide ftrace log merging routine (jsc#SLE-16304). - pstore/ram: Refactor ftrace buffer merging (jsc#SLE-16304). - pstore/ram: Refactor DT size parsing (jsc#SLE-16304). - pstore/ram: Adjust module param permissions to reflect reality (jsc#SLE-16304). - pstore/platform: Move module params after declarations (jsc#SLE-16304). - pstore/platform: Use backend name for console registration (jsc#SLE-16304). - pstore/platform: Switch pstore_info::name to const (jsc#SLE-16304). - pstore: Make sure console capturing will restart (jsc#SLE-16304). - pstore: Remove filesystem records when backend is unregistered (jsc#SLE-16304). - pstore: Do not leave timer disabled for next backend (jsc#SLE-16304). - commit 8204cca - pstore: Add locking around superblock changes (jsc#SLE-16304). - commit 21099a7 - pstore: Refactor pstorefs record list removal (jsc#SLE-16304). - commit 989da98 - pstore: Add proper unregister lock checking (jsc#SLE-16304). - commit eed4072 - pstore: Convert "records_list" locking to mutex (jsc#SLE-16304). - commit 5292e89 - pstore: Rename "allpstore" to "records_list" (jsc#SLE-16304). - commit 70a8404 - pstore: Convert "psinfo" locking to mutex (jsc#SLE-16304). - commit df8a1eb - pstore: Rename "pstore_lock" to "psinfo_lock" (jsc#SLE-16304). - commit 5e29b75 - pstore: Drop useless try_module_get() for backend (jsc#SLE-16304). - Refresh patches.suse/pstore_disable_efi_backend_by_default.patch. - commit de00068 - pstore/ram: Replace zero-length array with flexible-array member (jsc#SLE-16304). - commit 992f876 - pstore/ram: remove unnecessary ramoops_unregister_dummy() (jsc#SLE-16304). - commit b76e837 ------------------------------------------------------------------ ------------------ 2020-12-11 - Dec 11 2020 ------------------- ------------------------------------------------------------------ ++++ cifs-utils: - Update to cifs-utils 6.11 * remove cifs-utils-6.9.tar.bz2 * remove cifs-utils-6.9.tar.bz2.asc * add cifs-utils-6.11.tar.bz2 * add cifs-utils-6.11.tar.bz2.asc - Remove backports already in 6.11 * remove 0001-smbinfo-Improve-help-usage-and-add-h-option.patch * remove 0002-smbinfo-Add-bash-completion-support-for-smbinfo.patch * remove 0003-getcifsacl-Add-support-to-accept-more-paths.patch * remove 0004-getcifsacl-Fix-usage-message-to-include-multiple-fil.patch * remove 0005-smbinfo-add-GETCOMPRESSION-support.patch * remove 0006-getcifsacl-Add-support-for-R-recursive-option.patch * remove 0007-smbinfo-add-bash-completion-support-for-getcompressi.patch * remove 0008-mount.cifs.c-fix-memory-leaks-in-main-func.patch * remove 0009-Zero-fill-the-allocated-memory-for-new-struct-cifs_n.patch * remove 0010-Zero-fill-the-allocated-memory-for-a-new-ACE.patch * remove 0011-fix-doublefree.patch * remove 0012-mount.cifs-Fix-invalid-free.patch * remove 0013-CVE-2020-14342-mount.cifs-fix-shell-command-injectio.patch - Add fixes for autoconf and make install issues * add fix-sbin-install-error.patch * add 0001-cifs-utils-Respect-DESTDIR-when-installing-smb3-stuf.patch * add 0002-cifs-utils-fix-probabilistic-compiling-error.patch - Hardcode python3 interpreter in shebang of smb2-quota instead of /usr/bin/env to let rpm runtime dependency detect it. ++++ kernel-default: - powerpc/perf: Exclude kernel samples while counting events in user space (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: MMCR0 control for PMU registers under PMCC=00 (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: Fix to update cache events with l2l3 events in power10 (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: Fix to update generic event codes for power10 (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: Add generic and cache event list for power10 DD1 (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: Fix the PMU group constraints for threshold events in power10 (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: Update the PMU group constraints for l2l3 events in power10 (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: Fix to update radix_scope_qual in power10 (jsc#SLE-13513 bsc#1179950 ltc#190285). - powerpc/perf: Invoke per-CPU variable access with disabled interrupts (jsc#SLE-13513 bsc#1179950 ltc#190285). - commit da98715 - supported.conf: enable pwm-fan Jetson AGX Xavier uses pwm-fan to contol fan speed. References: bsc#1179597 - commit 134e477 - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - commit 170193e - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - commit 1429b0b - series.conf: cleanup - update upstream repository URL: patches.suse/ibmvnic-add-some-debugs.patch - move unsortable patches out of sorted section: patches.suse/cifs-set_root_ses-ipc.patch patches.suse/powerpc-rtas-fix-typo-of-ibm-open-errinjct-in-rtas-f.patch - commit 059dfec - series.conf: cleanup - update upstream reference and move into "almost mainline" section: patches.suse/nvme-fc-avoid-calling-_nvme_fc_abort_outstanding_ios-from-interrupt-context.patch - commit e446234 - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - commit ffb1814 - ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC (jsc#SLE-16614 jsc#SLE-13640). - commit 66cc853 - Revert "geneve: pull IP header before ECN decapsulation" (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - commit dff69af - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - commit 68423a3 - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960). - commit 53d60d5 - IB/hfi1: Ensure correct mm is used at all times (bsc#1179878 CVE-2020-27835). - commit f84fcc4 - Update patches.suse/tty-Fix-pgrp-locking-in-tiocspgrp.patch (git-fixes bsc#1179745 CVE-2020-29661). - Update patches.suse/tty-Fix-session-locking.patch (bsc#1179745 CVE-2020-29660). Add CVE numbers. - commit 034f28b ++++ libzypp: - Fix lsof monitoring (bsc#1179909) - version 17.25.5 (22) ++++ python-dbus-python: - Support builds with more than one python3 flavor gh#openSUSE/python-rpm-macros#66 - Remove shebang from examples (rpmlint warning, is in common doc) - Clean duplicate python flavor variables for configure - Update the provides/obsoletes tags for old-style dbus-1-$python ++++ python-psutil: - Only require unittest2 for Leap. - Add missing BR for unittest2 ++++ python-pyOpenSSL: - According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also skip test_verify_with_time on %ix86. ++++ u-boot-rpiarm64: - Add bananapim2zero flavor ------------------------------------------------------------------ ------------------ 2020-12-10 - Dec 10 2020 ------------------- ------------------------------------------------------------------ ++++ dmidecode: 1 recommended fix from upstream: - dmidecode-missing-commas.patch: Two missing commas in data arrays cause off-by-one or mangling during index resolution (bsc#1174257). ++++ kernel-default: - fail_function: Remove a redundant mutex unlock (bsc#1149032). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - commit 7d88c68 - blacklist.conf: Blacklist some lockdep updates - commit 2f42c43 - kABI: genirq: add back irq_create_mapping (bsc#1065729). - commit 0788f47 - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - commit 1e1b021 - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - commit 8cba4ab - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - commit a63cfa4 - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (FATE#322021 bsc#1040855 ltc#155067 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - commit 00d731f - clocksource/drivers/arm_arch_timer: validate arch_timer_rate (jsc#SLE-16614 jsc#SLE-13640). - commit 4f4514c - arm64: use activity monitors for frequency invariance (jsc#SLE-16614 jsc#SLE-13640). - arm: Use common cpu_topology structure and functions (jsc#SLE-16614 jsc#SLE-13640). - cpu-topology: Move cpu topology code to common code (jsc#SLE-16614 jsc#SLE-13640). - commit 83df8e6 - powerpc/64s/exception: KVM Fix for host DSI being taken in HPT guest MMU context (jsc#SLE-9246 git-fixes). - powerpc/64s: Fix KVM system reset handling when CONFIG_PPC_PSERIES=y (jsc#SLE-9246 git-fixes). - commit 2b2f0ec - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - commit 87d1aa2 - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - commit be0ace4 - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - commit 0ec6de5 - powerpc/rtas: fix typo of ibm,open-errinjct in rtas filter (CVE-2020-27777 bsc#1179107 bsc#1179887 ltc#190092). - commit 8fcc087 - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - commit c6fa2f3 - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - commit e552615 - blacklist.conf: 310e3a4b5a4f ("tracing: Remove WARN_ON in start_thread()") Not really necessary. Just a WARN_ON(). We may reevaluate if someone reports it. - commit b62e034 - cpufreq: add function to get the hardware max frequency (jsc#SLE-16614 jsc#SLE-13640). - commit 4ef407e - Documentation: arm64: document support for the AMU extension (jsc#SLE-16614 jsc#SLE-13640). - commit 814a63c - arm64/kvm: disable access to AMU registers from kvm guests (jsc#SLE-16614 jsc#SLE-13640). - commit 23654f6 - arm64: trap to EL1 accesses to AMU counters from EL0 (jsc#SLE-16614 jsc#SLE-13640). - commit 1ffcffa - arm64: add support for the AMU extension v1 (jsc#SLE-16614 jsc#SLE-13640). - Update config files. - Refresh patches.suse/arm64-Detect-the-ARMv8.4-TTL-feature.patch. - Refresh patches.suse/arm64-tlb-Detect-the-ARMv8.4-TLBI-RANGE-feature.patch. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit db66333 - Update config files: drop CONFIG_IP_PNP again CONFIG_IP_PNP was enabled as a result of Leap config merge, but it makes little sense without the built-in network drivers. Drop it again. - commit 43358fd - Update config files to disable CONFIG_DEBUG_SECTION_MISMATCH (bsc#1177403) - commit 0b57f6d - fix patches metadata - fix Patch-mainline: patches.suse/0001-HMAT-Register-memory-side-cache-after-parsing.patch patches.suse/0001-HMAT-Skip-publishing-target-info-for-nodes-with-no-o.patch patches.suse/0001-mm-userfaultfd-do-not-access-vma-vm_mm-after-calling.patch - commit 35937c0 ++++ open-lldp: - Update to version v1.1+18.0e969d0edcc4: * event_iface: only set rcv buf size if too small (bsc#1175570) ++++ libusb-1_0: - Update to version 1.0.24 * Add new platform abstraction (#252). * Add Null POSIX backend. * Add support for eventfd. * New API libusb_hotplug_get_user_data(). * Linux: Drop support for kernel older than 2.6.32. * Linux: Provide an event thread name. (#689). * Linux: Wait until all USBs have been reaped before freeing them. (#607) * Documentation fixes and improvements. * Various other bug fixes and improvements. ------------------------------------------------------------------ ------------------ 2020-12-9 - Dec 9 2020 ------------------- ------------------------------------------------------------------ ++++ drbd: - bsc#1179708, compat to kernel v5.10 - Add patch compat_get_fs.patch Add patch remove_bdi_cap_stable_writes.patch ++++ gstreamer-plugins-base: - Update to version 1.18.2: + gl/eagl: internal view resize fixes for glimagesink + video-converter: increase the number of cache lines for resampling, fixes significant color issues and artefacts with "special" resizing parameters in compositor + compositor: Don't crash in prepare_frame() if the pad was just removed + decodebin3: Properly handle caps query with no filter + videoaggregator: - Guarantee that the output format is supported - Fix locking around vagg->info - Fix renegotiation when using convert pad - document and fix locking in convert pad + gluploadelement: - Avoid race condition of base class' context - Avoid race condition of inside upload creation + gl: Fix prototype of glGetSynciv() + tcpserversink: Don't assume g_socket_get_remote_address() succeeds + audiodecoder, videodecoder: Don't reset max-errors property value in reset() + audioencoder: Fix incorrect GST_LOG_OBJECT usage + pbutils: Fix segfault when using invalid encoding profile + g-i: videometa: gir annotate the size of plane array in new API + examples/gl/gtk: Add missing dependency on gstgl + video: fix doc warning. - Fix the _service file and spec to really use the tarball generated by service. ++++ kernel-default: - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - commit fc46361 - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-fc: cancel async events before freeing event struct (git-fixes). - commit bd7db2d - nvme: Revert: Fix controller creation races with teardown (git-fixes). - Delete patches.kabi/nvme-kABI-fixes-for-nvme_ctrl.patch. - commit 6f82fb0 - arm64: cpufreq: revert cppc to v5.10 level References: bsc#1179585 cppc_cpufreq is being initialized without checking if acpi_cppc_processor_probe() succeeded. Revert to v5.10 to keep the old behavior for now. - commit dc7e817 - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme: don't protect ns mutation with ns->head->lock (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - commit d1a90c1 - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-pci: properly print controller address (git-fixes). - commit 42e24bd - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - Refresh patches.suse/nvme-tcp-have-queue-prod-cons-send-list-become-a-lli.patch. - commit b1bde16 - nvme-tcp: fix possible leakage during error flow (git-fixes). - commit a68cfb4 - random: try to actively add entropy rather than passively wait for it (bsc#1178404). - commit f78131b - Update config files: enable CONFIG_TEST_HMM on x86_64 - supported.conf: add lib/test_hmm as kselftests-kmp (jsc#SLE-16387) - commit d44e369 - XArray: Add xa_for_each_range (jsc#SLE-16387). - commit 89eed0c - uapi: fix statx attribute value overlap for DAX & MOUNT_ROOT (bsc#1179819). - commit 75cd8a8 - ext4: handle dax mount option collision (bsc#1179815). - commit 2f4a2a2 - ext4: disallow modifying DAX inode flag if inline_data has been set (bsc#1179814). - commit d0f441a - Input: xpad - support Ardwiino Controllers (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - commit 8f84738 ++++ systemd: - Import commit d5e7958d35dc7758fe2e87e0a8193b93ce1a1b15 (merge of v246.7) 450792497e sd-event: fix delays assert brain-o (#17790) 1040a19d08 udevadm: rename option '--log-priority' into '--log-level' a7b41e19bd udev: rename kernel option 'log_priority' into 'log_level' For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/f6104ea5f554233e34b94ffd92da8332c3bd7d8f...d5e7958d35dc7758fe2e87e0a8193b93ce1a1b15 ++++ libvirt: - spec: Enable mdevctl support in the nodedev driver for SLE15 SP3 jsc#SLE-15861, bsc#1179770 ++++ python-cryptography: - update to 3.3.0 - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1i. - Python 2 support is deprecated in cryptography. This is the last release that will support Python 2. - Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. ++++ python-pyOpenSSL: - Update to v20.0.0 - Backward-incompatible changes: - The minimum cryptography version is now 3.2. - Remove deprecated OpenSSL.tsafe module. - Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. - Drop support for Python 3.4 - Drop support for OpenSSL 1.0.1 and 1.0.2 - Deprecations: - Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12. - Changes: - Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948 - Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. [#943] - Added Context.set_keylog_callback to log key material. #910 - Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894. - Make verification callback optional in Context.set_verify. If omitted, OpenSSL’s default verification is used. #933 - Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947 - drop patch fix-compilation-2020.patch: no longer needed - refreshed patch skip-networked-test.patch ++++ raspberrypi-firmware: - Update to 919aee0ed7 (2020-12-08): * firmware: Switch DA9121 PMIC to PWM mode when ARM > 600 MHz * firmware: xhci: Don't reset BCM2711 XHCI from filesys in start.elf * firmware: platform: Avoid vco issue with low arm_freq_min on Pi0-3 ++++ raspberrypi-firmware-config: - Update to 919aee0ed7 (2020-12-08): * firmware: Switch DA9121 PMIC to PWM mode when ARM > 600 MHz * firmware: xhci: Don't reset BCM2711 XHCI from filesys in start.elf * firmware: platform: Avoid vco issue with low arm_freq_min on Pi0-3 ++++ raspberrypi-firmware-dt: - Update to f77383ec0ed3 (2020-12-07) (jsc#SLE-16676): * Introduce RPi400 device-tree ++++ rpm: - Backport FA_TOUCH fixes from upsteam [bnc#1175025] [bnc#1177428] * new patch: touch_backport.diff - Backport read-only berkeley db support and enable it if we disable berkeley db [jsc#SLE-7272] * new patch: bdb_ro_backport.diff ++++ virt-manager: - Upstream bug fixes (bsc#1027942) e7222b50-addstorage-Dont-pass-None-to-widget.set_active.patch 4d0e3232-virtinst-Fix-TOCTOU-in-domain-enumeration.patch ------------------------------------------------------------------ ------------------ 2020-12-8 - Dec 8 2020 ------------------- ------------------------------------------------------------------ ++++ cryptsetup: - SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149 ++++ cyrus-sasl: - Remove Berkeley DB dependency (JIRA#SLE-12190) The packages cyrus-sasl and cyrus-sasl-saslauthd are built without Berkely DB support. gdbm will be used instead of BDB. The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built with Berkely DB support. - Update to 2.1.27 * Added support for OpenSSL 1.1 * Added support for lmdb * Lots of build fixes * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: Added support for SCRAM-SHA-256 * LOGIN plugin: Don’t prompt client for password until requested by server * NTLM plugin: Fixed crash due to uninitialized HMAC context - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - bsc#983938 `After=syslog.target` left-overs in several unit files - added patches: fix_libpq-fe_include.diff for fixing including libpq-fe.h - removed patches obsoleted by upstream changes: * shared_link_on_ppc.patch * cyrus-sasl-2.1.27-openssl-1.1.0.patch * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * 0003-Check-return-error-from-gss_wrap_size_limit.patch * 0004-Add-support-for-retrieving-the-mech_ssf.patch * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch * cyrus-sasl-fix-logging-in-gssapi.patch ++++ python-kiwi: - Fixed validation of bool value in dracut module The oem-multipath-scan setup results in a bool variable inside of the initrd code. The variable kiwi_oemmultipath_scan is therefore either set to "true" or "false". A check in code of the form [ -n ... ] is stupid since the variable always contains text. This commit fixes the validation to make use of the bool() method provided for these type of variables ++++ drbd: - Update to 9.0.26 * fix a case of a disk unexpectedly becoming Outdated by moving the exchange of the initial packets into the body of the two-phase-commit that happens at a connect * fix adding of new volumes to resources with a primary node * reliably detect split brain situation on both nodes * fix an unexpected occurrence of NetworkFailure state in a tight drbdsetup disconnect; drbdsetup connect sequence * fix online verify to return to Established from VerifyS if the VerifyT node was temporarily Inconsistent during the run * fix a corner case where a node ends up Outdated after the crash and rejoin of a primary node * implement 'blockdev --setro' in DRBD * following upstream changes to DRBD up to Linux 5.9 and ensure compatibility with Linux 5.8 and 5.9 * fix a crash if during resync a discard operation fails on the resync-target node * fix online verify to not clamp disk states to UpToDate * fix promoting resync-target nodes; the problem was that it could modify the bitmap of an ongoing resync; which leads to alarming log messages * pause a resync if the sync-source node becomes inconsistent; an example is a cascading resync where the upstream resync aborts and leaves the sync-source node for the downstream resync with an inconsistent disk; note, the node at the end of the chain could still have an outdated disk (better than inconsistent) * allow force primary on a sync-target node by breaking the resync * minor fixes to the compat tests * fix for writes not getting mirrored over a connection while the primary transitions through the WFBitMapS state * completed missing logic of the new two-phase-commit based connect process; avoid connecting partitions with a primary in each; ensure consistent decisions if the connect attempt will be retried - Add patch compat-test-header.patch Add patch submit-bio-private-date.patch Add patch compat_remove_kernel_setsockopt.patch Add patch compat_blk_queue_stack_limits.patch - Remove patch rely-on-sb-handlers.patch (187bddac0) Remove patch fix-err-of-wrong-return-type.patch (969310232) Remove patch compat_generic_make_request.patch (8615d6837) Remove patch blk_alloc_queue_make_request.patch (edaa9b0f/fb59b40e) Remove patch remove_congested_fn_congested_data.patch (34484003/9b80d46b) ++++ gdk-pixbuf: - Update to version 2.42.2: + Requre Meson 0.55.3. + Improve the PNG save operation. + Fix leak in the error path of the XPM loader. + Fix loading GIF without a GCE rendering color 0. + Fix invalid LZW codes in the GIF loader (CVE-2020-29385). ++++ gstreamer: - Update to version 1.18.2: + Highlighted bugfixes: - Fix MPEG-TS timestamping regression when playing DVB streams - compositor: fix artefacts in certain input scaling/conversion situations and make sure that the output format is actually supported, plus renegotiation fixes - Fix sftp:// URI playback in decodebin/playbin via giosrc - adaptivedemux/dashdemux/hlsdemux fixes - rtsp-server fixes - android media: fix crash when encoding AVC - fix races in various unit tests - lots of other bug fixes and memory leak fixes - various stability, performance and reliability improvements - g-i annotation fixes - build fixes + gstreamer changes: - bin: When removing a sink, check if the EOS status changed - info: colorize PIDs in log messages - aggregator: Include min-upstream-latency in buffering time, helps especially with performance issues on single core systems where there are a lot of threads running - typefind: copy seqnum to new segment event, fixing issues with oggdemux operating in push mode with typefind operating in pull mode - identity, clocksync: Also provide system clock if sync=false - queue2: Fix modes in scheduling query handling - harness: Handle element not being set cleanly - g-i: Add some missing nullable annotations, and fix some nullable annotations: - gst_test_clock_process_next_clock_id() returns nullable - gst_stream_type_get_name() is not nullable - build: fix build issue when compiling for 32-bit architectures with 64-bit time_t (e.g. riscv32) by increasing padding in GstClockEntryImpl in gst_private.h - Fix the _service file and spec to really use the tarball generated by service. ++++ kernel-default: - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - commit 73ffec0 - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - commit 0b28903 - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - commit d839ba5 - lib/test_hmm.c: remove unused dmirror_zero_page (jsc#SLE-16387). - commit 879f764 - mm: mmu_notifier: fix and extend kerneldoc (jsc#SLE-16387). - commit a65787b - mm/migrate: fix migrate_pgmap_owner w/o CONFIG_MMU_NOTIFIER (jsc#SLE-16387). - blacklist.conf: remove this commit - commit 3454164 - mm/hmm/test: use the new migration invalidation (jsc#SLE-16387). - commit b9703ba - Refresh patches.suse/0012-mm-migrate-add-a-flags-parameter-to-migrate_vma.patch. - add mm/hmm/test part now that prerequisities are not missing anymore. - commit 32a3dca - mm/hmm: add tests for hmm_pfn_to_map_order() (jsc#SLE-16387). - commit fea5fef - io_uring: grab ->fs as part of async offload (bsc#1179434 CVE-2020-29373). - commit b260e71 - x86/sev-es: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1178134). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1178134). - commit 25fe31b - blacklist.conf: Append 'drm/i915: Avoid mixing integer types during batch copies' - commit 7318e0c - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1178134). - commit 40a1a4a - x86/platform/uv: Fix UV4 hub revision adjustment (bsc#1178134). - commit ddbaba1 - blacklist.conf: Append 'drm/i915: Clear the repeater bit on HDCP disable' - commit c9b3793 - blacklist.conf: Append 'drm/i915: Fix sha_text population code' - commit 3c40ed1 - blacklist.conf: Append 'drm/i915/gem: Delay tracking the GEM context until it is registered' - commit 57a9af9 - blacklist.conf: Append 'drm/amd/powerplay: Fix hardmins not being sent to SMU for RV' - commit 3708b97 - iwlwifi: pcie: invert values of NO_160 device config entries (git-fixes). - commit aa2884c - Update patches.suse/media-xirlink_cit-add-missing-descriptor-sanity-chec.patch (bsc#1168952 CVE-2020-11668). Added CVE number - commit 15ca434 - blacklist.conf: Append 'drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()' - commit 13ab26a - Update patches.suse/media-xirlink_cit-add-missing-descriptor-sanity-chec.patch (bsc#1168952 CVE-2020-11668). Added CVE number - commit a0ec304 - blacklist.conf: Append 'drm/i915/gem: Delay tracking the GEM context until it is registered' - commit b9b8698 - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - commit ef93a79 - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - commit 507bd66 - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - commit c82949a - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - commit 56c13b8 - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - commit e8c9179 - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - commit 620be39 - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - commit fa753cd - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - commit 0dd9c60 - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - commit c088e37 - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - commit 7cf7f8b - drm: rcar-du: Put reference to VSP device (bsc#1152489) - commit 3aca956 - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - commit 7479884 - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - commit 7cc3993 - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - commit 7638845 - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - commit e0b3dc4 - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - commit aaeda6a - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - commit 84538b3 - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - commit 7b29584 - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - commit c09dba1 - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - commit afa801d - drm/mediatek: Add missing put_device() call in (bsc#1152472) - commit 2465a49 - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - commit 187e3d3 - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - commit 39014a3 - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - commit d501c26 - fbcon: Remove the superfluous break (bsc#1152472) - commit e00dc98 - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - commit 9657792 - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - commit d833a20 - Refresh patches.suse/ibmvnic-Ensure-that-SCRQ-entry-reads-are-correctly-o.patch. - Refresh patches.suse/ibmvnic-Fix-TX-completion-error-handling.patch. - Refresh patches.suse/ibmvnic-avoid-memset-null-scrq-msgs.patch. - Refresh patches.suse/ibmvnic-delay-next-reset-if-hard-reset-fails.patch. - Refresh patches.suse/ibmvnic-enhance-resetting-status-check-during-module.patch. - Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference-in-ibmvic_reset.patch. - Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference-in-reset_sub_cr.patch. - Refresh patches.suse/ibmvnic-fix-call_netdevice_notifiers-in-do_reset.patch. - Refresh patches.suse/ibmvnic-handle-inconsistent-login-with-reset.patch. - Refresh patches.suse/ibmvnic-no-reset-timeout-for-5-seconds-after-reset.patch. - Refresh patches.suse/ibmvnic-notify-peers-when-failover-and-migration-hap.patch. - Refresh patches.suse/ibmvnic-reduce-wait-for-completion-time.patch. - Refresh patches.suse/ibmvnic-restore-adapter-state-on-failed-reset.patch. - Refresh patches.suse/ibmvnic-send_login-should-check-for-crq-errors.patch. - Refresh patches.suse/ibmvnic-skip-tx-timeout-reset-while-in-resetting.patch. - Refresh patches.suse/ibmvnic-stop-free_all_rwi-on-failed-reset.patch. - Refresh patches.suse/ibmvnic-track-pending-login.patch. Update patch metadata - commit ec07814 - speakup: Reject setting the speakup line discipline outside of speakup (CVE-2020-27830 bsc#1179656). - commit ec50953 - tty: Fix ->session locking (bsc#1179745). - commit a9a2af9 - Update patches.suse/tty-Fix-pgrp-locking-in-tiocspgrp.patch (git-fixes bsc#1179745). - commit 556ded3 - udp: Don't discard reuseport selection when group has connections (bsc#1177028). - commit 7d84936 ++++ openssl-1_1: - Fix EDIPARTYNAME NULL pointer dereference (CVE-2020-1971, bsc#1179491) * add openssl-CVE-2020-1971.patch ++++ mdevctl: - Update to version 0.78: * Automatic version commit for tag 0.78 * use standard bash path * avoid other tags spilling into the .spec changelog * mdevctl: fix cleanup on error when creating and removing mdev * version support * Fix attributes getting applied via start-parent-mdevs * mdevctl: fix cleanup on error when writing to attribute * Remove never used 'available' option * Fix attribute validation jsc#SLE-15861, bsc#1179770 ++++ python-M2Crypto: - Update to 0.37.1: - Remove support for CentOS 6 and Python 2.6 (remove tests.vendor module). Python 2.7 is still fully supported. - Remodel CI: - on GitHub switched from Travis-CI to GH Actions - on GitLab-CI: stop testing 2.7 on Fedora, add centos7 - update appveyor.yml - Stop playing with swig in setup.py, we don't support swig 1.* anymore. - Fix dereferencing of pointers (gl#m2crypto/m2crypto#281) - Replace deprecated PyObject_AsReadBuffer with our own shim (thanks to Casey Deccio for saving my bacon there). - Use parametrized to create parametrized tests (new external dependency). - Only use DigestSign() and DigestUpdate() with OpenSSL >= 1.1.1 - Expose all the X509_V_FLAG - Add support for DigestSign* and DigestVerify* ++++ python-setuptools: - Add remove_mock.patch to remove dependency on the external mock package. ++++ qemu: - Update to v5.2.0: See http://wiki.qemu.org/ChangeLog/5.2 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in the deprecated.html file installed with the qemu package Some noteworthy changes: * Dropped system emulators: qemu-system-lm32, qemu-system-unicore32 * Dropped linux user emulator: qemu-ppc64abi32 * Added linux user emulator: qemu-extensaeb * Unicore32 and lm32 guest support dropped * New sub-packages (most due to ongoing modularization of QEMU): qemu-audio-spice, qemu-hw-chardev-spice, qemu-hw-display-virtio-vga, qemu-hw-display-virtio-gpu, qemu-hw-display-virtio-gpu-pci, qemu-ui-spice-core, qemu-ui-opengl, qemu-ivshmem-tools * x86: A new KVM feature which improves the handling of asynchronous page faults is available with -cpu ...,kvm-async-pf-int (requires Linux 5.8) * s390: More instructions emulated under TCG * PowerPC: nvdimm= machine option now functions correctly; misc improvements * ARM: new boards: mps2-an386 (Cortex-M4 based) and mps2-an500 (Cortex-M7 based), raspi3ap (the Pi 3 model A+), raspi0 (the Pi Zero) and raspi1ap (the Pi A+) * RISC-V: OpenSBI v0.8 included by default; Generic OpenSBI platform used when no -bios argument is supplied; Support for NUMA sockets on Virt and Spike Machines; Support for migrating machines; misc improvements * Misc NVMe improvements * The 'vhost-user-blk' export type has been added, allowing qemu-storage-daemon to act as a vhost-user-blk device backend * The SMBIOS OEM strings can now come from a file * 9pfs - misc performance related improvements * virtiofs - misc improvements * migration: The default migration bandwidth has been increased to 1Gbps (users are still encouraged to tune it to their own hardware); The new 'calc-dirty-rate' and 'query-dirty-rate' QMP commands can help determine the likelihood of precopy migration success; TLS+multifd now supported for higher bandwidth encrypted migration; misc minor features added * Misc minor block features added * Misc doc improvements * qemu-microvm subpackage change: the bios-microvm.bin is now SeaBIOS based, and the qboot based on is now qboot.rom * elf2dmp is no longer part of qemu-tools (it was never intended to be a packaged binary) * Some subpackages which were 'Requires' are now 'Recommends', allowing for a smaller qemu packaging footprint if needed * Patches dropped (included in release tarball, unless otherwise noted): docs-fix-trace-docs-build-with-sphinx-3..patch (fixed differently) hw-hyperv-vmbus-Fix-32bit-compilation.patch linux-user-properly-test-for-infinite-ti.patch Switch-order-of-libraries-for-mpath-supp.patch (fixed differently) Conditionalize-ui-bitmap-installation-be.patch (fixed differently) hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch (no longer using gcc9) hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch (no longer using gcc9) roms-Makefile-enable-cross-compile-for-b.patch (fixed with different patch) libvhost-user-handle-endianness-as-manda.patch virtio-add-vhost-user-fs-ccw-device.patch Fix-s-directive-argument-is-null-error.patch build-Workaround-compilation-error-with-.patch build-Be-explicit-about-fcommon-compiler.patch intel-Avoid-spurious-compiler-warning-on.patch golan-Add-explicit-type-casts-for-nodnic.patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch ensure-headers-included-are-compatible-w.patch Enable-cross-compile-prefix-for-C-compil.patch (fixed differently) hw-net-net_tx_pkt-fix-assertion-failure-.patch hw-net-xgmac-Fix-buffer-overflow-in-xgma.patch s390x-protvirt-allow-to-IPL-secure-guest.patch usb-fix-setup_len-init-CVE-2020-14364.patch * Patches added: meson-install-ivshmem-client-and-ivshmem.patch Revert-roms-efirom-tests-uefi-test-tools.patch Makefile-Don-t-check-pc-bios-as-pre-requ.patch roms-Makefile-add-cross-file-to-qboot-me.patch qboot-add-cross.ini-file-to-handle-aarch.patch usb-Help-compiler-out-to-avoid-a-warning.patch - In spec file, where reasonable, switch BuildRequires: XXX-devel to be pkgconfig(XXX') instead - No longer disable link time optimization for qemu for x86. It looks like either the build service, qemu code changes and/or the switch to meson have resolved issues previously seen there. We still see problems for other architectures however. - For the record, the following issues reported for SUSE SLE15-SP2 are either fixed in this current package, or are otherwise no longer an issue: bsc#1172384 bsc#1174386 bsc#1174641 bsc#1174863 bsc#1175370 bsc#1175441 bsc#1176494 CVE-2020-13361 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 and the following feature requests are satisfied by this package: jsc#SLE-13689 jsc#SEL-13780 jsc#SLE-13840 - To be more accurate, and to align with other qemu packaging practices, rename the qemu-s390 package to qemu-s390x. The old name (in the rpm namespace) is provided with a "Provides" directive, and an "Obsoletes" done against that name for prior qemu versions, as is standard practice (boo#1177764 jsc#SLE-17060) - Take this opportunity to remove some ancient Split-Provides mechanisms which can't conceivably be needed any more: qemu-block-curl provided: qemu:%_libdir/%name/block-curl.so qemu-guest-agent provided: qemu:%_bindir/qemu-ga qemu-tools provided: qemu:%_libexecdir/qemu-bridge-helper ++++ rpm: - Handle xz compressed kernels in find-provides.ksyms [bsc#1179251] * modified file: find-requires.ksyms ++++ rpm-config-SUSE: - Initial split of RPM vendor configuration from rpm package [jsc#SLE-17074] ++++ supportutils: - Additions to version 3.1.12 + btrfs_info: add -pce argument to qgroup show #80 + docker: add /etc/docker/daemon.json contents #81 ------------------------------------------------------------------ ------------------ 2020-12-7 - Dec 7 2020 ------------------- ------------------------------------------------------------------ ++++ chrony: - drop buildrequires on NSS. We need gnutls for NTS anyway and we can do all the other required crypto via nettle+gnutls. no need for another crypto library. ++++ curl: - Security fix: [bsc#1179593, CVE-2020-8286] * Inferior OCSP verification: libcurl offers "OCSP stapling" via the 'CURLOPT_SSL_VERIFYSTATUS' option that, when set, verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with '--cert-status' using the curl tool. * As part of the OCSP response verification, a client should verify that the response is indeed set out for the correct certificate. This step was not performed by libcurl when built or told to use OpenSSL as TLS backend. - Add curl-CVE-2020-8286.patch - Security fix: [bsc#1179399, CVE-2020-8285] * FTP wildcard stack overflow: The wc_statemach() internal function has been rewritten to use an ordinary loop instead of the recursive approach. - Add curl-CVE-2020-8285.patch - Security fix: [bsc#1179398, CVE-2020-8284] * Trusting FTP PASV responses: When curl performs a passive FTP transfer, it first tries the 'EPSV' command and if that is not supported, it falls back to using 'PASV'. A malicious server can use the 'PASV' response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed. * The IP address part of the response is now ignored by default, by making 'CURLOPT_FTP_SKIP_PASV_IP' default to '1L'. The same goes for the command line tool, which then might need '--no-ftp-skip-pasv-ip' set to prevent curl from ignoring the address in the server response. - Add curl-CVE-2020-8284.patch ++++ gtk3: - Update to version 3.24.24: + GtkColorChooser: Update the default color palette. + GtkFontChooser: Fix family-only mode to return regular style. + GtkTreeView: Don't set focus-on-click for header buttons. + Accessibility: - Implement scrollSubstringTo. - Add a11y support to GtkPlug/GtkSocket. + Printing: Allow the lpr backend to print pdf and ps files. + Theme: - Update gesture graphics. - Update HighContrast css. + Wayland: Support the primary-selection-unstable-v1 protocol. + X11: Fix a crash with parent-relative backgrounds. + Broadway: Set modifier state of scroll events. + Build: Fix pc file generation on NixOS. + Updated translations. ++++ hwdata: - Update to version 0.342: + Updated pci, usb and vendor ids. ++++ kernel-default: - Update patches.suse/mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch (CVE-2020-29370, bsc#1179435, bsc#1167657, VM functionality). - add reference to CVE and its bsc - commit cc58091 - patches.suse/iommu-amd-Increase-interrupt-remapping-table-limit-t.patch: (bsc#1179652). - commit 34c2dd2 - efi/x86: Move 32-bit code into efi_32.c (jsc#SLE-16407). - efi/libstub: Handle unterminated cmdline (jsc#SLE-16407). - efi/libstub: Handle NULL cmdline (jsc#SLE-16407). - efi/libstub: Stop parsing arguments at "--" (jsc#SLE-16407). - efi/x86: Mark kernel rodata non-executable for mixed mode (jsc#SLE-16407). - x86/efi: Remove unused EFI_UV1_MEMMAP code (jsc#SLE-16407). - x86/platform/uv: Remove uv bios and efi code related to EFI_UV1_MEMMAP (jsc#SLE-16407). - x86/efi: Remove references to no-longer-used efi_have_uv1_memmap() (jsc#SLE-16407). - x86/platform/uv: Remove efi=old_map command line option (jsc#SLE-16407). - efi: use sha256() instead of open coding (jsc#SLE-16407). - crypto: lib/sha256 - add sha256() function (jsc#SLE-16407). - crypto: lib/sha256 - return void (jsc#SLE-16407). - commit f5714a4 - blacklist.conf: Blacklist fdeb17c70c9e - commit 392d677 - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - commit c86f418 - reiserfs: Fix oops during mount (bsc#1179715). - commit 89f9917 - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - commit 20af897 - reiserfs: Initialize inode keys properly (bsc#1179713). - commit 2b68a22 - udf: Fix memory leak when mounting (bsc#1179712). - commit 816f9a3 - fs: Don't invalidate page buffers in block_write_full_page() (bsc#1179711). - commit 8f6f5ed - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - commit 2c7612f - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - commit 246e7d7 - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - commit 15002ce - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - commit 0185a1d - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - commit 32b7d27 - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - commit 950038e - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - commit 0b68da4 - ubifs: Don't parse authentication mount options in remount process (bsc#1179688). - commit 391f198 - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - commit 3c605f4 - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - commit 8e539c4 - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - commit d032f23 - iomap: Clear page error before beginning a write (bsc#1179683). - commit da58998 - blacklist.conf: Blacklist 50b7d8568008 - commit cc769c4 - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - commit 8289be8 - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - commit 0ea255e - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - commit 06199cf - fs/minix: set s_maxbytes correctly (bsc#1179679). - commit 69dd22c - fs/minix: reject too-large maximum file size (bsc#1179678). - commit c5b4a77 - fs/minix: don't allow getting deleted inodes (bsc#1179677). - commit cbd9376 - fs/minix: check return value of sb_getblk() (bsc#1179676). - commit 86706a5 - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - commit 7055a2f - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - commit d17d948 - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - commit ace06ac - ext4: limit entries returned when counting fsmap records (bsc#1179671). - commit 869362f - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - commit 2855c18 - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - commit 016650c - net/x25: prevent a couple of overflows (bsc#1178590). - commit 9618139 - Update patches.suse/xfrm-Fix-memleak-on-xfrm-state-destroy.patch references (add bsc#1158775). - commit f5ca88c - ethtool: fix error handling in ethtool_phys_id (git-fixes). - commit 62d5d56 - blacklist.conf: breaks kABI and is only needed on 32 bit - commit b613713 - blacklist.conf: cleanup, no functional change - commit f5a48eb - USB: serial: kl5kusb105: fix memleak on open (git-fixes). - commit 5939355 - x86/platform/uv: Unexport sn_coherency_id (jsc#SLE-16407). - x86/platform/uv: Mark uv_bios_call() and uv_bios_call_irqsave() static (jsc#SLE-16407). - efi/x86: Disallow efi=old_map in mixed mode (jsc#SLE-16407). - commit e8cfe8c - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - commit b293ffc - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - commit 2686c41 - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - commit e7b302f - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - commit 428c91c - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - commit 1cb3ce0 - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - commit 8c66138 - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - commit a38a25c - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - commit e06fae1 - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - commit d610dee - qede: Notify qedr when mtu has changed (bsc#1152489) - commit 98fc763 - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - commit bdb50f5 - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - commit 1a57d92 - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - commit 6926fdb - RDMA/qedr: Fix doorbell setting (bsc#1152489) - commit 7085d43 - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - commit 15f0227 - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - commit 6fda3ed - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - commit e3d4c09 - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - commit f007f05 - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - commit b4a4680 - IB/mlx4: Add support for MRA (bsc#1152489) - commit d8e693f - IB/mlx4: Add and improve logging (bsc#1152489) - commit d9fbac5 - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - commit ff723af - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - commit 3324f59 - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - commit 302adf9 - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - USB: serial: kl5kusb105: fix memleak on open (git-fixes). - USB: serial: option: fix Quectel BG96 matching (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - commit c18ac30 - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - commit 2ed3c82 - RDMA/core: Fix reported speed and width (bsc#1152489) - commit 8c599c6 - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - commit cc6aac8 - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - commit e9e9418 - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - commit 940898b - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - commit ccd3388 - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - commit 687bd9b - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - commit 4299c93 - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - commit 9e7f793 - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - Refresh patches.suse/0004-nvme-tcp-check-page-by-sendpage_ok-before-calling-ke.patch. - commit 32b2bc0 - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - commit 0a88b1e - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - commit 3d531e1 - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - commit d46a4c5 - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - commit 2094aae - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - commit 309f664 - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - commit 4c08b72 - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - commit 72cbdac - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - commit e2d95da - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - commit b8a964a - nvme-tcp: don't poll a non-live queue (bsc#1179519). - Refresh patches.suse/net-use-skb_queue_empty_lockless-in-busy-poll-contex.patch. - commit f682d57 - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - commit 3cc3811 - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - commit c56582a - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - commit e074cd4 - doc: Add link to bpf helpers man page (bsc#1177028). - udp, bpf: Ignore connections in reuseport group after BPF sk lookup (bsc#1177028). - Documentation/bpf: Document CGROUP_STORAGE map type (bsc#1177028). - udp6: Run SK_LOOKUP BPF program on socket lookup (bsc#1177028). - udp6: Extract helper for selecting socket from reuseport group (bsc#1177028). - udp: Run SK_LOOKUP BPF program on socket lookup (bsc#1177028). - udp: Extract helper for selecting socket from reuseport group (bsc#1177028). - inet6: Run SK_LOOKUP BPF program on socket lookup (bsc#1177028). - inet6: Extract helper for selecting socket from reuseport group (bsc#1177028). - bpf: Add info about .BTF_ids section to btf.rst (bsc#1177028). - docs: bpf/bpf_devel_QA.rst: fix reference to nonexistent document (bsc#1177028). - docs: bpf/index.rst: Add ringbuf.rst (bsc#1177028). - bpf: Allow skb_ancestor_cgroup_id helper in cgroup skb (bsc#1177028). - bpf: Avoid gcc-10 stringop-overflow warning in struct bpf_prog (bsc#1177028). - s390: enable bpf jit by default when not built as always-on (bsc#1177028). Update s390x config files - bpf: lsm: Add Documentation (bsc#1177028). - bpf: lsm: Initialize the BPF LSM hooks (bsc#1177028). Refresh patches.suse/0001-security-create-hidden-area-to-keep-sensitive-data.patch - bpf: Document bpf_inspect drgn tool (bsc#1177028). - bpf: inet_diag: Dump bpf_sk_storages in inet_diag_dump() (bsc#1177028). - inet_diag: Move the INET_DIAG_REQ_BYTECODE nlattr to cb->data (bsc#1177028). - inet_diag: Refactor inet_sk_diag_fill(), dump(), and dump_one() (bsc#1177028). - docs/bpf: Update bpf development Q/A file (bsc#1177028). - security: selinux: allow per-file labeling for bpffs (bsc#1177028). - bpf: Avoid setting bpf insns pages read-only when prog is jited (bsc#1177028). - bpf, doc: Change right arguments for JIT example code (bsc#1177028). - bpf, testing: Introduce 'gso_linear_no_head_frag' skb_segment test (bsc#1177028). - bpf, testing: Refactor test_skb_segment() for testing skb_segment() on different skbs (bsc#1177028). - bpf: Add s390 testing documentation (bsc#1177028). - bpf: clarify description for CONFIG_BPF_EVENTS (bsc#1177028). - test_bpf: Fix a new clang warning about xor-ing two numbers (bsc#1177028). - bpf/flow_dissector: document flags (bsc#1177028). - commit b8f0bd1 - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - commit 83d54ae - asm-generic: Make msi.h a mandatory include/asm header (jsc#SLE-16823). - Refresh patches.suse/powerpc-64s-Implement-queued-spinlocks-and-rwlocks.patch. - commit 23f23de - iommu/vt-d: Fix compile error with CONFIG_PCI_ATS not set (jsc#SLE-16823). - commit 6568a78 - iommu/vt-d: Cure VF irqdomain hickup (jsc#SLE-16823). - genirq/irqdomain: Make sure all irq domain flags are distinct (jsc#SLE-16823). - commit c29c85b - bpftool: Fix error return value in build_btf_type_table (bsc#1177028). - commit a2cdbec ++++ fuse3: - Update to release 3.10.1 * Unspecified "various minor fixes" ++++ Mesa: - update to 20.2.4 * fourth (second to last) bugfix release for the 20.2 branch ++++ python3-core: - Adjust sphinx-update-removed-function.patch ++++ libvirt: - apparmor: Allow lxc processes to receive signals from libvirt lxc: Set default security model in XML parser config 0d05d51b-apparmor-lxc-fix.patch, cf4e7e62-lxc-def-secmodel.patch bsc#1179735 ++++ netcat-openbsd: - Add port-select-on-connect.patch: if -s is given but not -p do not select port at bind() but at connect() time. ++++ patterns-microos: - include cockpit-ws in the cockpit pattern - typo in pattern provides ++++ python3: - Adjust sphinx-update-removed-function.patch ++++ yast2-trans: - Update to version 84.87.20201205.6b65f14502: * Translated using Weblate (Dutch) * Translated using Weblate (Slovak) * Translated using Weblate (German) * Translated using Weblate (Czech) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'update'. * New POT for text domain 'cluster'. * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * Translated using Weblate (Portuguese) * New POT for text domain 'users'. * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'control'. ------------------------------------------------------------------ ------------------ 2020-12-6 - Dec 6 2020 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Update to version 1.14.8: + Build: - Fixed distcheck with new gtk-doc releases. - ModemManager-names.h was being included in the dist tarball, but then removed on the 'clean' target. Fix that, by only removing it on the 'maintainer-clean' target. Therefore, 'xsltproc' is now only needed in git builds, not needed when building from a dist tarball. + QMI: - Fix daemon crash when the device is removed during the initialization sequence. + Several other minor improvements and fixes. - Drop libxslt-tools BuildRequires: No longer needed. ++++ NetworkManager: - Update to version 1.28.0: + Change the behavior of nm-initrd-generator so that the 'ip=off|none' kernel cmdline argument actually generates a connection which disables both ipv4 and ipv6. Previously the generated connection would disable ipv4 but ipv6 would be set to the 'auto' method. ++++ kernel-default: - fix patch metadata - fix Patch-mainline: patches.suse/ALSA-usb-audio-Use-ALC1220-VB-DT-mapping-for-ASUS-RO.patch - commit 2b35630 - fix patches metadata - fix Patch-mainline: patches.suse/cifs-allow-syscalls-to-be-restarted-in-__smb_send_rqst-.patch patches.suse/cifs-fix-potential-use-after-free-in-cifs_echo_request-.patch - commit f9b149a - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - commit 74aa114 ++++ python-cryptography: - Remove unnecessary dependency virtualenv. ------------------------------------------------------------------ ------------------ 2020-12-5 - Dec 5 2020 ------------------- ------------------------------------------------------------------ ++++ gpgme: - Use python-rpm-macros to provide python3X-gpg for all present python3 flavors -- gh#openSUSE/python-rpm-macros#66 ++++ pcre2: - pcre2 10.36: * add GNU grep's -m (aka --max-count) option to pcre2grep * unify the handling of substitution strings for both -O and callouts in pcre2grep, with the addition of $x{...} and $o{...} to allow for characters whose code points are greater than 255 in Unicode mode ++++ python3-core: - (bsc#1179630) Update sphinx-update-removed-function.patch to work with all versions of Sphinx (not binding the Python documentation build to the latest verison of Sphinx). Updated version mentioned on gh#python/cpython#13236. ++++ mdadm: - There are some important fixes merged in mdadm upstream which should go with jsc#SLE-13700. This is the update from upstream mdadm including the important fixes we should have. - Detail: show correct raid level when the array is inactive (jsc#SLE-13700) 0095-Detail-show-correct-raid-level-when-the-array-is-ina.patch - Don't create bitmap for raid5 with journal disk (jsc#SLE-13700) 0096-Don-t-create-bitmap-for-raid5-with-journal-disk.patch - Monitor: refresh mdstat fd after select (jsc#SLE-13700) 0097-Monitor-refresh-mdstat-fd-after-select.patch - Monitor: stop notifing about containers. (jsc#SLE-13700) 0098-Monitor-stop-notifing-about-containers.patch - mdmonitor: set small delay once (jsc#SLE-13700) 0099-mdmonitor-set-small-delay-once.patch - Check if other Monitor instance running before fork. (jsc#SLE-13700) 0100-Check-if-other-Monitor-instance-running-before-fork.patch - Super1: allow RAID0 layout setting to be removed. (jsc#SLE-13700) 0101-Super1-allow-RAID0-layout-setting-to-be-removed.patch - Detail: fix segfault during IMSM raid creation (jsc#SLE-13700) 0102-Detail-fix-segfault-during-IMSM-raid-creation.patch - Create.c: close mdfd and generate uevent (jsc#SLE-13700) 0103-Create.c-close-mdfd-and-generate-uevent.patch - imsm: update num_data_stripes according to dev_size (jsc#SLE-13700) 0104-imsm-update-num_data_stripes-according-to-dev_size.patch - imsm: remove redundant calls to imsm_get_map (jsc#SLE-13700) 0105-imsm-remove-redundant-calls-to-imsm_get_map.patch - Monitor: don't use default modes when creating a file (jsc#SLE-13700) 0106-Monitor-don-t-use-default-modes-when-creating-a-file.patch - imsm: limit support to first NVMe namespace (jsc#SLE-13700) 0107-imsm-limit-support-to-first-NVMe-namespace.patch - mdadm: Unify forks behaviour (jsc#SLE-13700) 0108-mdadm-Unify-forks-behaviour.patch - mdadm/Detail: show correct state for clustered array (jsc#SLE-13700) 0109-mdadm-Detail-show-correct-state-for-clustered-array.patch - Make target to install binaries only (jsc#SLE-13700) 0110-Make-target-to-install-binaries-only.patch - udev: start grow service automatically (jsc#SLE-13700) 0111-udev-start-grow-service-automatically.patch ++++ python3: - (bsc#1179630) Update sphinx-update-removed-function.patch to work with all versions of Sphinx (not binding the Python documentation build to the latest verison of Sphinx). Updated version mentioned on gh#python/cpython#13236. ++++ u-boot-rpiarm64: - Introduce odroid-c4 ------------------------------------------------------------------ ------------------ 2020-12-4 - Dec 4 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - PCI: tegra: Read "dbi" base address to program in application logic (bsc#1179344). - PCI: tegra: Move "dbi" accesses to post common DWC initialization (bsc#1179344). - commit 4c0696d - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - commit 5c596ff - blacklist.conf: 586b58cac8b4 exit: Move preemption fixup up, move blocking operations down - commit 280ad3c - exit: Move preemption fixup up, move blocking operations down (bsc#1174019). - commit 940f4a2 - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - commit c824489 - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - commit ff315b4 - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - commit e5a8cdb - cifs: document and cleanup dfs mount (bsc#1178270). - commit de6694e - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - commit 1f46cb8 - cifs: fix double free error on share and prefix (bsc#1178270). - commit bf4c8ab - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - commit 947bd74 - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - commit 846daee - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - commit 12d8cf3 - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - commit cc7ec21 - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - commit b6f05ac - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - commit a6a1916 - Update patch reference for rawmidi security fix (CVE-2020-27786 bsc#1179601) - commit 1c4c1fd - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - commit cd8e61d - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - commit 1099aff - cppc_cpufreq: optimise memory allocation for HW and NONE coordination (bsc#1179585). - commit 5c89e8a - cifs: fix leaked reference on requeued write (bsc#1178270). - commit f474970 - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - commit dbce315 - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - commit 5350fc5 - cifs: do not share tcons with DFS (bsc#1178270). - commit c8f7b47 - PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 (bsc#1179344). - PCI: tegra: No need to check return value of debugfs_create() functions (bsc#1179344). - commit e014876 - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - commit 26fc4d5 - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): don't count arbitration lose as an error (git-fixes). - can: sja1000: sja1000_err(): don't count arbitration lose as an error (git-fixes). - batman-adv: Don't always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - commit 5d0aad4 - arm64: efi: increase EFI PE/COFF header padding to 64 KB (jsc#SLE-16407). - commit b4b728e - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - commit 5ae286e - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - commit 1723321 ++++ multipath-tools: - Remove compatibility code for SLE <= 12-SP2 from spec file ++++ libproxy: - Update to version 0.4.16: + Port to, and require, SpiderMonkey 6. + Use closesocket() instead of close() on Windows. + Add symbol versions - be ready to introduce new APIs as needed. + Add public px_proxy_factory_free_proxies function. + Add PacRunner config backend (largely untested; feedback welcome!). + Small performance improvements. + pxgsettings: use the correct syntax to connect to the changed signal (silences annoying output on console). + Support python3 up to version 3.9. + Fix buffer overflow when PAC is enabled (CVE-2020-26154). + Rewrite url::recvline to be nonrecursive (CVE-2020-25219). + Remove nonfunctional and crashy pacrunner caching. + Never use system libmodman (no other consumers, not maintained). - Drop upstream merged patches: + libproxy-python3.7.patch + libproxy-pxgsettings.patch + libproxy-CVE-2020-25219.patch libproxy-fix-pac-buffer-overflow.patch - Create new sub-package libproxy1-config-pacrunner. ++++ snapper: - in systemd-helper continue with other configs if one config is broken (gh#openSUSE/snapper#495) ++++ system-users: - Remove kvm group from hardware subpackage, since kvm is in its own subpackage (jsc#SLE-11629). ++++ sysuser-tools: - useradd_or_adduser_dep must be PreReq so ordering makes sure it gets installed before. - suggest shadow where useradd_or_adduser_dep is actually required ------------------------------------------------------------------ ------------------ 2020-12-3 - Dec 3 2020 ------------------- ------------------------------------------------------------------ ++++ cockpit-wicked: - Version 2: * Fix routes handling (gh#94). * Display those interfaces that are not managed by Wicked in a separate list (gh#95). As part of this enhancement, several visual improvements were introduced. * Just write the changes to the ifcfg-* files (gh#98). * Avoid calling too many external tools to get the list of ESSIDs (gh#91). * Adjust the label of the button that allows deleting an interface configuration (gh#102). ++++ python-kiwi: - Reference commit for SUSE maintenance This commit adds a reference to Issue SUSE-Enceladus/azure-li-services#255 and the report in bugzilla bsc#1179562 - Omit multipath module by default The plain installation of the multipath toolkit activates the dracut multipath code. The setup if the target image runs in a multipath environment or not should however be decided explicitly in the image description via and not implicitly by the presence of tools ++++ kernel-default: - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) This patch causes a regression and while we are not 100% sure it does not just trigger a bug somewhere else, as it's only a performance optimization, dropping it for now is the safer option. - commit b48bf35 - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - commit 0e24399 - random: avoid warnings for !CONFIG_NUMA builds (jsc#SLE-16574 jsc#SLE-13718). - commit 707d14b - random: Make RANDOM_TRUST_CPU depend on ARCH_RANDOM (jsc#SLE-16574 jsc#SLE-13718). - arm64: Update config files. Enable RANDOM_TRUST_CPU - commit 1874f3a - arm64: add credited/trusted RNG support (jsc#SLE-16574 jsc#SLE-13718). - commit d313473 - random: add arch_get_random_*long_early() (jsc#SLE-16574 jsc#SLE-13718). - Refresh patches.suse/0008-random-move-FIPS-continuous-test-to-output-functions.patch. - Refresh patches.suse/random-fix-circular-include-dependency-on-arm64-afte.patch. - Refresh patches.suse/random32-move-the-pseudo-random-32-bit-definitions-t.patch. - Refresh patches.suse/random32-update-the-net-random-state-on-interrupt-an.patch. - commit f9d737f - random: split primary/secondary crng init paths (jsc#SLE-16574 jsc#SLE-13718). - Refresh patches.suse/0008-random-move-FIPS-continuous-test-to-output-functions.patch. - commit 95b7891 - PCI: rockchip: Fix bus checks in rockchip_pcie_valid_device(). - commit 1c9f6cd - arm64: Use v8.5-RNG entropy for KASLR seed (jsc#SLE-16574 jsc#SLE-13718). - commit d1f775c - arm64: Implement archrandom.h for ARMv8.5-RNG (jsc#SLE-16574 jsc#SLE-13718). - Refresh patches.suse/arm64-Detect-the-ARMv8.4-TTL-feature.patch. - Refresh patches.suse/arm64-cpufeature-Add-remaining-feature-bits-in-ID_AA.patch. - Refresh patches.suse/arm64-tlb-Detect-the-ARMv8.4-TLBI-RANGE-feature.patch. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - arm64: Update config files. Enable CONFIG_ARCH_RANDOM - commit 7a3c65d - PCI: cadence: Fix cdns_pcie_{host|ep}_setup() error path (bsc#1179344). Refresh: patches.suse/PCI-Set-bridge-map_irq-and-swizzle_irq-to-default-fu.patch. patches.suse/PCI-Set-default-bridge-parent-device.patch. patches.suse/PCI-cadence-Remove-private-bus-number-and-range-stor.patch. patches.suse/PCI-cadence-Use-struct-pci_host_bridge.windows-list-.patch. - commit d8fd281 - Revert "xfs: complain if anyone tries to create a too-large buffer" This reverts commit 293e483ad8434ee10a65f76743a0a654e34e76c6. References: bsc#1179425, bsc#1179550 - commit d88fa75 - arm64: kaslr: Check command line before looking for a seed (jsc#SLE-16574 jsc#SLE-13718). - commit 6895a97 - arm64: kaslr: Announce KASLR status on boot (jsc#SLE-16574 jsc#SLE-13718). - commit bdab3d9 - PCI: Move DT resource setup into devm_pci_alloc_host_bridge() (bsc#1179344). - PCI: rcar-gen2: Convert to use modern host bridge probe functions (bsc#1179344). - PCI: of: Reduce missing non-prefetchable memory region to a warning (bsc#1179344). - commit 10c6591 - PCI: cadence: Remove private bus number and range storage (bsc#1179344). - commit 9499504 - PCI: cadence: Use bridge resources for outbound window setup (bsc#1179344). - PCI: cadence: Remove "cdns,max-outbound-regions" DT property (bsc#1179344). - commit 569c1e5 - PCI: cadence: Use struct pci_host_bridge.windows list directly (bsc#1179344). - commit 946fb1a - PCI: cadence: Move all files to per-device cadence directory (bsc#1179344) Refresh: patches.suse/PCI-cadence-Fix-updating-Vendor-ID-and-Subsystem-Ven.patch. patches.suse/PCI-hip-Add-handling-of-HiSilicon-HIP-PCIe-controlle.patch. patches.suse/PCI-mobiveil-Modularize-the-Mobiveil-PCIe-Host-Bridg.patch. patches.suse/pci-of-add-inbound-resource-parsing-to-helpers.patch. - commit 52cc93a - Refresh patches.suse/ftrace-Fix-DYNAMIC_FTRACE_WITH_DIRECT_CALLS-dependen.patch. - commit c268ddc - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - commit bc73dfb - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - commit 506cd70 - PCI: cadence: Refactor driver to use as a core library (bsc#1179344). - commit cb4f70b - PCI: dwc: Detect number of iATU windows (bsc#1179344). - PCI: dwc: Move inbound and outbound windows to common struct (bsc#1179344). - PCI: dwc: Remove unnecessary wrappers around dw_pcie_host_init() (bsc#1179344). - PCI: dwc: Move dw_pcie_setup_rc() to DWC common code (bsc#1179344). - PCI: dwc: Move dw_pcie_msi_init() into core (bsc#1179344). - PCI: dwc: Move link handling into common code (bsc#1179344). - PCI: dwc: Rework MSI initialization (bsc#1179344). - PCI: dwc: Move MSI interrupt setup into DWC common code (bsc#1179344). - PCI: dwc: Drop the .set_num_vectors() host op (bsc#1179344). - PCI: dwc/dra7xx: Use the common MSI irq_chip (bsc#1179344). - PCI: dwc: Ensure all outbound ATU windows are reset (bsc#1179344). - PCI: dwc/intel-gw: Remove some unneeded function wrappers (bsc#1179344). - PCI: dwc: Move "dbi", "dbi2", and "addr_space" resource setup into common code (bsc#1179344). - PCI: dwc/intel-gw: Move ATU offset out of driver match data (bsc#1179344). - PCI: keystone: Enable compile-testing on !ARM (bsc#1179344). - PCI: dwc: Support multiple ATU memory regions (bsc#1179344). - PCI: dwc: Add support to program ATU for >4GB memory (bsc#1179344). - PCI: of: Warn if non-prefetchable memory aperture size is > 32-bit (bsc#1179344). - PCI: dwc: Restore ATU memory resource setup to use last entry (bsc#1179344). - commit 6e5443d - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - commit 5e0ddcd - iwlwifi: mvm: properly cancel a session protection for P2P (git-fixes). - iwlwifi: mvm: use the HOT_SPOT_CMD to cancel an AUX ROC (git-fixes). - dmaengine: fix error codes in channel_register() (git-fixes). - commit 2ca6174 - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - commit 79be581 - ASoC: rt5682: change SAR voltage threshold (git-fixes). - commit 792c88a - kABI workaround for HD-audio generic parser (git-fixes). - commit 233e3cc - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - commit c480457 - mm/init-mm.c: include for vm_committed_as_batch (jsc#SLE-16407). - commit ec88d4f - perf/x86: Fix n_metric for cancelled txn (jsc#SLE-13346). - perf/x86/intel: Check perf metrics feature for each CPU (jsc#SLE-13346). - commit 3ed7afb ++++ kernel-firmware: - Update to version 20201130 (git commit 7455a3606674): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * i915: Add GuC firmware v49.0.1 for all platforms * i915: Remove duplicate KBL DMC entry * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2018 ++++ snapper: - fixed compilation with --disable-btrfs (gh#openSUSE/snapper#505) ++++ libzypp: - Prevent librpmDb iterator from accidentally creating an empty rpmdb in / (repoened bsc#1178910) - Fix update of gpg keys with elongated expire date (bsc#1179222) - needreboot: remove udev from the list (bsc#1179083) - Prefer /run over /var/run. - version 17.25.4 (22) ------------------------------------------------------------------ ------------------ 2020-12-2 - Dec 2 2020 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog - removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff - Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires ++++ audit-secondary: - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) ++++ python-kiwi: - Fixed multipath disk device assignment in kiwi lib The former lookup of the multipath mapped disk device contained a race condition. If the lookup of the device mapper files happened before multipathd has finished the initialization, kiwi continues with the unix node name and fails when the device mapper keeps a busy state on it. This commit changes the code such that in case of an explicit request to use multipath the lookup of the mapped device becomes a mandatory process that runs until the DEVICE_TIMEOUT is reached. Default timeout is set to 60 sec. This references Issue SUSE-Enceladus/azure-li-services#255 ++++ kernel-default: - cxgb4: Fix build failure when CONFIG_TLS=m (jsc#SLE-15129). - commit a2fe676 - crypto/chcr: move nic TLS functionality to drivers/net (jsc#SLE-15129). - Update config files. - supported.conf: Added ch_ktls (Chelsio TLS offload module) - commit 04b52e4 - crypto/chcr: Moving chelsio's inline ipsec functionality to /drivers/net (jsc#SLE-15129). - Update config files. - supported.conf: added ch_ipsec (Chelsio ipsec offload module) - commit 813c7b5 - PCI: Use devm_add_action_or_reset() (bsc#1179344). - commit 2e95630 - chelsio/chtls: separate chelsio tls driver from crypto driver (jsc#SLE-15129). - Update config files. - commit 3a32580 - ch_ktls: lock is not freed (jsc#SLE-15129). - cxgb4: fix the panic caused by non smac rewrite (jsc#SLE-15131). - ch_ktls: stop the txq if reaches threshold (jsc#SLE-15129). - ch_ktls: tcb update fails sometimes (jsc#SLE-15129). - ch_ktls/cxgb4: handle partial tag alone SKBs (jsc#SLE-15129). - ch_ktls: don't free skb before sending FIN (jsc#SLE-15129). - ch_ktls: packet handling prior to start marker (jsc#SLE-15129). - ch_ktls: Correction in middle record handling (jsc#SLE-15129). - ch_ktls: missing handling of header alone (jsc#SLE-15129). - ch_ktls: Correction in trimmed_len calculation (jsc#SLE-15129). - cxgb4/ch_ktls: creating skbs causes panic (jsc#SLE-15129). - ch_ktls: Update cheksum information (jsc#SLE-15129). - ch_ktls: Correction in finding correct length (jsc#SLE-15129). - cxgb4/ch_ktls: decrypted bit is not enough (jsc#SLE-15129). - chelsio/chtls: fix always leaking ctrl_skb (jsc#SLE-15129). - chelsio/chtls: fix memory leaks caused by a race (jsc#SLE-15129). - chelsio/chtls: fix memory leaks in CPL handlers (jsc#SLE-15129). - chelsio/chtls: fix deadlock issue (jsc#SLE-15129). - cxgb4: set up filter action after rewrites (jsc#SLE-15131). - chelsio/chtls: fix tls record info to user (jsc#SLE-15129). - net: chelsio: inline_crypto: fix Kconfig and build errors (jsc#SLE-15129). - chelsio/chtls: fix writing freed memory (jsc#SLE-15129). - chelsio/chtls: correct function return and return type (jsc#SLE-15129). - chelsio/chtls: Fix panic when listen on multiadapter (jsc#SLE-15129). - chelsio/chtls: fix panic when server is on ipv6 (jsc#SLE-15129). - chelsio/chtls: correct netdevice for vlan interface (jsc#SLE-15129). - chelsio/chtls: fix socket lock (jsc#SLE-15129). - cxgb4: handle 4-tuple PEDIT to NAT mode translation (jsc#SLE-15131). - cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (jsc#SLE-15129). - net: cxbg4: Remove pointless in_interrupt() check (jsc#SLE-15131). - cxgb4/ch_ktls: ktls stats are added at port level (jsc#SLE-15129). - cxgb4: Avoid log flood (jsc#SLE-15131). - ch_ktls: Issue if connection offload fails (jsc#SLE-15129). - cxgb4vf: convert to use DEFINE_SEQ_ATTRIBUTE macro (jsc#SLE-15131). - chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (jsc#SLE-15129). - cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (jsc#SLE-15129). - chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (jsc#SLE-15129). - cxgb4: add error handlers to LE intr_handler (jsc#SLE-15131). - cxgb4: insert IPv6 filter rules in next free region (jsc#SLE-15131). - crypto: chelsio - fix minor indentation issue (jsc#SLE-15129). - commit 9264232 - PCI: mvebu: Fix duplicate resource requests (bsc#1179344). - PCI: meson: Build as module by default (bsc#1179344). - PCI: kirin: Return -EPROBE_DEFER in case the gpio isn't ready (bsc#1179344). - PCI: imx6: Do not output error message when devm_clk_get() failed with -EPROBE_DEFER (bsc#1179344). - PCI: imx6: Use fallthrough pseudo-keyword (bsc#1179344). - PCI: dwc: Add link up check in dw_child_pcie_ops.map_bus() (bsc#1179344). - PCI: dwc: Fix MSI page leakage in suspend/resume (bsc#1179344). - PCI: dwc: Skip PCIE_MSI_INTR0* programming if MSI is disabled (bsc#1179344). - PCI: keystone: Remove iATU register mapping (bsc#1179344). - PCI: dwc: Add common iATU register support (bsc#1179344). - PCI: dwc: Fix 'cast truncates bits from constant value' (bsc#1179344). - misc: pci_endpoint_test: Add LS1088a in pci_device_id table (bsc#1179344). - PCI: layerscape: Add EP mode support for ls1088a and ls2088a (bsc#1179344). - PCI: layerscape: Modify the MSIX to the doorbell mode (bsc#1179344). - PCI: layerscape: Modify the way of getting capability with different PEX (bsc#1179344). - PCI: layerscape: Fix some format issue of the code (bsc#1179344). - PCI: designware-ep: Modify MSI and MSIX CAP way of finding (bsc#1179344). - PCI: designware-ep: Move the function of getting MSI capability forward (bsc#1179344). - PCI: designware-ep: Add the doorbell mode of MSI-X in EP mode (bsc#1179344). - PCI: designware-ep: Add multiple PFs support for DWC (bsc#1179344). - PCI: dwc: Use DBI accessors (bsc#1179344). - PCI: dwc: Move N_FTS setup to common setup (bsc#1179344). - PCI: dwc/intel-gw: Drop unused max_width (bsc#1179344). - PCI: dwc/intel-gw: Move getting PCI_CAP_ID_EXP offset to intel_pcie_link_setup() (bsc#1179344). - PCI: dwc/intel-gw: Drop unnecessary checking of DT 'device_type' property (bsc#1179344). - PCI: dwc: Set PORT_LINK_DLL_LINK_EN in common setup code (bsc#1179344). - PCI: dwc: Centralize link gen setting (bsc#1179344). - PCI: dwc: Make ATU accessors private (bsc#1179344). - PCI: dwc: Remove read_dbi2 code (bsc#1179344). - PCI: dwc/tegra: Use common Designware port logic register definitions (bsc#1179344). Refresh: patches.suse/PCI-tegra-No-need-to-check-return-value-of-debugfs_c.patch - PCI: dwc: Remove hardcoded PCI_CAP_ID_EXP offset (bsc#1179344). - PCI: dwc/qcom: Use common PCI register definitions (bsc#1179344). - PCI: dwc/imx6: Use common PCI register definitions (bsc#1179344). - PCI: dwc/meson: Rework PCI config and DW port logic register accesses (bsc#1179344). - PCI: dwc/meson: Drop unnecessary RC config space initialization (bsc#1179344). - PCI: dwc/meson: Drop the duplicate number of lanes setup (bsc#1179344). - PCI: dwc: Ensure FAST_LINK_MODE is cleared (bsc#1179344). - PCI: dwc: Add a 'num_lanes' field to struct dw_pcie (bsc#1179344). - PCI: dwc/imx6: Remove duplicate define PCIE_LINK_WIDTH_SPEED_CONTROL (bsc#1179344). - PCI: dwc: Check CONFIG_PCI_MSI inside dw_pcie_msi_init() (bsc#1179344). - PCI: dwc: Simplify config space handling (bsc#1179344). - PCI: dwc: Remove storing of PCI resources (bsc#1179344). - PCI: dwc: Remove root_bus pointer (bsc#1179344). - PCI: dwc: Convert to use pci_host_probe() (bsc#1179344). - PCI: dwc: keystone: Convert .scan_bus() callback to use add_bus (bsc#1179344). - PCI: Also call .add_bus() callback for root bus (bsc#1179344). - PCI: dwc: Use generic config accessors (bsc#1179344). - PCI: dwc: Remove dwc specific config accessor ops (bsc#1179344). - PCI: dwc: histb: Use pci_ops for root config space accessors (bsc#1179344). - PCI: dwc: exynos: Use pci_ops for root config space accessors (bsc#1179344). - PCI: dwc: kirin: Use pci_ops for root config space accessors (bsc#1179344). - PCI: dwc: meson: Use pci_ops for root config space accessors (bsc#1179344). - PCI: dwc: tegra: Use pci_ops for root config space accessors (bsc#1179344). - PCI: dwc: keystone: Use pci_ops for config space accessors (bsc#1179344). - PCI: dwc: al: Use pci_ops for child config space accessors (bsc#1179344). - PCI: dwc: Add a default pci_ops.map_bus for root port (bsc#1179344). - PCI: dwc: Allow overriding bridge pci_ops (bsc#1179344). - PCI: dwc: Use DBI accessors instead of own config accessors (bsc#1179344). - PCI: Allow root and child buses to have different pci_ops (bsc#1179344). - PCI: designware-ep: Fix the Header Type check (bsc#1179344). - PCI: Remove dev_err() when handing an error from platform_get_irq() (bsc#1179344). - PCI: Fix kerneldoc warnings (bsc#1179344). - PCI: Set bridge map_irq and swizzle_irq to default functions (bsc#1179344). - PCI: Move setting pci_host_bridge.busnr out of host drivers (bsc#1179344). - PCI: rockchip: Use pci_is_root_bus() to check if bus is root bus (bsc#1179344). - PCI: xilinx: Use pci_is_root_bus() to check if bus is root bus (bsc#1179344). - PCI: xilinx-nwl: Use pci_is_root_bus() to check if bus is root bus (bsc#1179344). - PCI: mobiveil: Use pci_is_root_bus() to check if bus is root bus (bsc#1179344). Refresh: patches.suse/PCI-mobiveil-ls_pcie_g4-add-Workaround-for-A-011577.patch - PCI: designware: Use pci_is_root_bus() to check if bus is root bus (bsc#1179344). - PCI: aardvark: Use pci_is_root_bus() to check if bus is root bus (bsc#1179344). - PCI: Drop unnecessary zeroing of bridge fields (bsc#1179344). - PCI: Set default bridge parent device (bsc#1179344). - PCI: versatile: Drop flag PCI_ENABLE_PROC_DOMAINS (bsc#1179344). - PCI: xilinx: Use pci_host_probe() to register host (bsc#1179344). - PCI: xilinx-nwl: Use pci_host_probe() to register host (bsc#1179344). - PCI: rockchip: Use pci_host_probe() to register host (bsc#1179344). - PCI: iproc: Use pci_host_probe() to register host (bsc#1179344). - PCI: altera: Use pci_host_probe() to register host (bsc#1179344). - PCI: xgene: Use pci_host_probe() to register host (bsc#1179344). - PCI: versatile: Use pci_host_probe() to register host (bsc#1179344). - PCI: v3: Use pci_host_probe() to register host (bsc#1179344). - PCI: mobiveil: Use pci_host_probe() to register host (bsc#1179344). - PCI: brcmstb: Use pci_host_probe() to register host (bsc#1179344). Refresh: patches.suse/PCI-controller-Convert-to-devm_platform_ioremap_reso.patch - PCI: host-common: Use struct pci_host_bridge.windows list directly (bsc#1179344). - PCI: mvebu: Use struct pci_host_bridge.windows list directly (bsc#1179344). - PCI: Use of_node_name_eq() for node name comparisons (bsc#1179344). - PCI: Fix pci_host_bridge struct device release/free handling (bsc#1179344). - PCI: Make devm_of_pci_get_host_bridge_resources() static (bsc#1179344). - commit 1cc12ed - efi: Revert "efi/x86: Fix build with gcc 4" (jsc#SLE-16407). - efi/libstub: Move the function prototypes to header file (jsc#SLE-16407). - efi/libstub: Fix gcc error around __umoddi3 for 32 bit builds (jsc#SLE-16407). - efi/x86: Only copy upto the end of setup_header (jsc#SLE-16407). - efi/x86: Remove unused variables (jsc#SLE-16407). - efi/libstub/arm64: Retain 2MB kernel Image alignment if !KASLR (jsc#SLE-16407). - efi/libstub: arm: Print CPU boot mode and MMU state at boot (jsc#SLE-16407). - efi/libstub: arm: Omit arch specific config table matching array on arm64 (jsc#SLE-16407). - efi: Make it possible to disable efivar_ssdt entirely (jsc#SLE-16407). - Refresh patches.suse/efi-EFI_EARLYCON-should-depend-on-EFI.patch - Update config files. Add CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y to x86_64/default, arm64/default - efi/libstub: Descriptions for stub helper functions (jsc#SLE-16407). - efi/libstub: Fix missing-prototype warning for skip_spaces() (jsc#SLE-16407). - efi: Replace zero-length array and use struct_size() helper (jsc#SLE-16407). - efivarfs: Don't return -EINTR when rate-limiting reads (jsc#SLE-16407). - efivarfs: Update inode modification time for successful writes (jsc#SLE-16407). - efi/x86: Fix build with gcc 4 (jsc#SLE-16407). - build, kcsan: Add KCSAN build exceptions (jsc#SLE-16407). - mmap locking API: add MMAP_LOCK_INITIALIZER (jsc#SLE-16407). - efi_test: get rid of pointless access_ok() (jsc#SLE-16407). - efi/libstub: Disable Shadow Call Stack (jsc#SLE-16407). - arm64: efi: Restore register x18 if it was corrupted (jsc#SLE-16407). - arm64: kernel: Convert to modern annotations for assembly functions (jsc#SLE-16407). - efi/libstub/arm64: align PE/COFF sections to segment alignment (jsc#SLE-16407). - arm64: rename stext to primary_entry (jsc#SLE-16407). - efi/x86: Don't blow away existing initrd (jsc#SLE-16407). - efi/x86: Drop the special GDT for the EFI thunk (jsc#SLE-16407). - efi/libstub: Add missing prototype for PE/COFF entry point (jsc#SLE-16407). - efi/libstub: Use pool allocation for the command line (jsc#SLE-16407). - efi/libstub: Don't parse overlong command lines (jsc#SLE-16407). - efi/libstub: Use snprintf with %ls to convert the command line (jsc#SLE-16407). - efi/libstub: Get the exact UTF-8 length (jsc#SLE-16407). - efi/libstub: Use %ls for filename (jsc#SLE-16407). - efi/libstub: Add UTF-8 decoding to efi_puts (jsc#SLE-16407). - efi/printf: Add support for wchar_t (UTF-16) (jsc#SLE-16407). - efi/gop: Add an option to list out the available GOP modes (jsc#SLE-16407). - efi/libstub: Add definitions for console input and events (jsc#SLE-16407). - efi/libstub: Implement printk-style logging (jsc#SLE-16407). - efi/printf: Turn vsprintf into vsnprintf (jsc#SLE-16407). - efi/printf: Abort on invalid format (jsc#SLE-16407). - efi/printf: Refactor code to consolidate padding and output (jsc#SLE-16407). - efi/printf: Handle null string input (jsc#SLE-16407). - efi/printf: Factor out integer argument retrieval (jsc#SLE-16407). - efi/printf: Factor out width/precision parsing (jsc#SLE-16407). - efi/printf: Merge 'p' with the integer formats (jsc#SLE-16407). - efi/printf: Fix minor bug in precision handling (jsc#SLE-16407). - efi/printf: Factor out flags parsing and handle '%' earlier (jsc#SLE-16407). - efi/printf: Add 64-bit and 8-bit integer support (jsc#SLE-16407). - efi/printf: Drop %n format and L qualifier (jsc#SLE-16407). - efi/libstub: Optimize for size instead of speed (jsc#SLE-16407). - efi/libstub: Add a basic printf implementation (jsc#SLE-16407). - efi/libstub: Buffer output of efi_puts (jsc#SLE-16407). - efi/libstub: Rename efi_[char16_]printk to efi_[char16_]puts (jsc#SLE-16407). - efi/libstub: Include dependencies of efistub.h (jsc#SLE-16407). - efi/libstub: Correct comment typos (jsc#SLE-16407). - efi/libstub: Make efi_printk() input argument const char* (jsc#SLE-16407). - efi/libstub: Fix mixed mode boot issue after macro refactor (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/libstub: Check return value of efi_parse_options (jsc#SLE-16407). - efi/x86: Support builtin command line (jsc#SLE-16407). - efi/libstub: Unify initrd loading across architectures (jsc#SLE-16407). - efi/x86: Move command-line initrd loading to efi_main (jsc#SLE-16407). - efi/libstub: Upgrade ignored dtb= argument message to error (jsc#SLE-16407). - efi/tpm: Use efi_err for error messages (jsc#SLE-16407). - efi/gop: Use efi_err for error messages (jsc#SLE-16407). - efi/x86: Use efi_err for error messages (jsc#SLE-16407). - efi/libstub: Move pr_efi/pr_efi_err into efi namespace (jsc#SLE-16407). Refresh patches.suse/0001-efi-generalize-efi_get_secureboot.patch - efi/libstub: Add a helper function to split 64-bit values (jsc#SLE-16407). - efi/x86: Use correct size for boot_params (jsc#SLE-16407). - efi/libstub: Re-enable command line initrd loading for x86 (jsc#SLE-16407). - efi: Move arch_tables check to caller (jsc#SLE-16407). - efi: Clean up config table description arrays (jsc#SLE-16407). - efi/libstub/x86: Avoid getter function for efi_is64 (jsc#SLE-16407). - efi/libstub: Drop __pure getters for EFI stub options (jsc#SLE-16407). - efi/libstub: Drop __pure getter for efi_system_table (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi: Kill __efistub_global (jsc#SLE-16407). - efi/x86: Remove __efistub_global and add relocation check (jsc#SLE-16407). - efi/arm: Remove __efistub_global annotation (jsc#SLE-16407). - efi/libstub: Move efi_relocate_kernel() into separate source file (jsc#SLE-16407). - efi/libstub/arm64: Switch to ordinary page allocator for kernel image (jsc#SLE-16407). - efi/libstub: Add API function to allocate aligned memory (jsc#SLE-16407). - efi/libstub/arm64: Simplify randomized loading of kernel image (jsc#SLE-16407). - efi/libstub/arm64: Replace 'preferred' offset with alignment check (jsc#SLE-16407). - efi/libstub/random: Increase random alloc granularity (jsc#SLE-16407). - efi/libstub/random: Align allocate size to EFI_ALLOC_ALIGN (jsc#SLE-16407). - efi/gop: Allow automatically choosing the best mode (jsc#SLE-16407). - efi/gop: Allow specifying depth as well as resolution (jsc#SLE-16407). - efi/gop: Allow specifying mode by x (jsc#SLE-16407). - efi/gop: Allow specifying mode number on command line (jsc#SLE-16407). - efi/gop: Add prototypes for query_mode and set_mode (jsc#SLE-16407). - efi/gop: Remove unreachable code from setup_pixel_info (jsc#SLE-16407). - efi/gop: Use helper macros for find_bits (jsc#SLE-16407). - efi/gop: Use helper macros for populating lfb_base (jsc#SLE-16407). - efi/gop: Move variable declarations into loop block (jsc#SLE-16407). - efi/gop: Slightly re-arrange logic of find_gop (jsc#SLE-16407). - efi/gop: Factor out locating the gop into a function (jsc#SLE-16407). - efi/gop: Get mode information outside the loop (jsc#SLE-16407). - efi/gop: Move check for framebuffer before con_out (jsc#SLE-16407). - efi/gop: Remove redundant current_fb_base (jsc#SLE-16407). - efi/libstub/arm: Make install_memreserve_table static (jsc#SLE-16407). - efi/libstub: unify EFI call wrappers for non-x86 (jsc#SLE-16407). - efi/libstub: Make initrd file loader configurable (jsc#SLE-16407). Update config files. Add CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y to x86_64/default, arm64/default - efi/libstub: Move arm-stub to a common file (jsc#SLE-16407). - Refresh patches.suse/0003-arm64-ima-add-ima_arch-support.patch - Update config files. - arm64: head: Annotate stext and preserve_boot_args as code (jsc#SLE-16407). - commit dad69fe - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290). - Refresh patches.suse/ibmvnic-Correctly-re-enable-interrupts-in-NAPI-polli.patch - Refresh patches.suse/ibmvnic-Introduce-xmit_more-support-using-batched-su.patch - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290). - Refresh patches.suse/ibmvnic-Correctly-re-enable-interrupts-in-NAPI-polli.patch - Refresh patches.suse/ibmvnic-Introduce-xmit_more-support-using-batched-su.patch - commit 02ce2a8 - PCI: controller: Remove duplicate error message (bsc#1179344). - PCI: controller: Convert to devm_platform_ioremap_resource() (bsc#1179344). - PCI: qcom: Fix runtime PM imbalance on error (bsc#1179344). - PCI: dwc: pci-dra7xx: Fix runtime PM imbalance on error (bsc#1179344). - PCI: dwc: hisi: Remove non-ECAM HiSilicon hip05/hip06 driver (bsc#1179344). - PCI: dwc: Convert to devm_platform_ioremap_resource_byname() (bsc#1179344). - PCI: qcom: Replace define with standard value (bsc#1179344). - PCI: qcom: Support pci speed set for ipq806x (bsc#1179344). - PCI: qcom: Add ipq8064 rev2 variant (bsc#1179344). - PCI: qcom: Use bulk clk api and assert on error (bsc#1179344). - PCI: qcom: Change duplicate PCI reset to phy reset (bsc#1179344). Refresh: patches.suse/PCI-qcom-Add-missing-reset-for-ipq806x.patch - PCI: endpoint: Add support to handle multiple base for mapping outbound memory (bsc#1179344). - PCI: endpoint: Pass page size as argument to pci_epc_mem_init() (bsc#1179344). - PCI: host-generic: Eliminate pci_host_common_probe wrappers (bsc#1179344). - PCI: host-generic: Support building as modules (bsc#1179344). - PCI: Constify struct pci_ecam_ops (bsc#1179344). - PCI: uniphier: Add Socionext UniPhier Pro5 PCIe endpoint controller driver (bsc#1179344). - PCI: dwc: Use private data pointer of "struct irq_domain" to get pcie_port (bsc#1179344). - PCI: dwc: pci-dra7xx: Use devm_platform_ioremap_resource_byname() (bsc#1179344). - PCI: dwc: intel: Make intel_pcie_cpu_addr() static (bsc#1179344). - PCI: dwc: Make hisi_pcie_platform_ops static (bsc#1179344). - PCI: dwc: Clean up computing of msix_tbl (bsc#1179344). - PCI: keystone: Don't select CONFIG_PCI_KEYSTONE_HOST by default (bsc#1179344). - PCI: dra7xx: Don't select CONFIG_PCI_DRA7XX_HOST by default (bsc#1179344). - PCI: keystone: Allow AM654 PCIe Endpoint to raise MSI-X interrupt (bsc#1179344). - PCI: endpoint: Protect concurrent access to pci_epf_ops with mutex (bsc#1179344). Refresh: patches.suse/PCI-dwc-Fix-dw_pcie_ep_raise_msix_irq-to-get-correct.patch - PCI: dwc: pci-dra7xx: Fix MSI IRQ handling (bsc#1179344). - PCI: amlogic: Use AXG PCIE (bsc#1179344). - PCI: uniphier: remove module code from built-in driver (bsc#1179344). - PCI: qcom: Add support for SDM845 PCIe controller (bsc#1179344). - PCI: artpec6: Configure FTS with dwc helper function (bsc#1179344). - PCI: dwc: intel: PCIe RC controller driver (bsc#1179344). - PCI: uniphier: Set mode register to host mode (bsc#1179344). - PCI: amlogic: meson: Add support for G12A (bsc#1179344). - PCI: amlogic: Fix reset assertion via gpio descriptor (bsc#1179344). - PCI: armada8x: Propagate errors for optional PHYs (bsc#1179344). - PCI: imx6: Limit DBI register length (bsc#1179344). - PCI: kirin: Make structure kirin_dw_pcie_ops constant (bsc#1179344). - PCI: dwc: al: Add Amazon Annapurna Labs PCIe controller driver (bsc#1179344). - dt-bindings: PCI: Add Amazon's Annapurna Labs PCIe host bridge binding (bsc#1179344). - commit 5b3f6b7 - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - commit 6bb3d8f - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - commit efe059b - Update kabi files. - update to December 2020 maintenance update submission (commit 1069cd144905) - commit 7054e5b - supported.conf: Enable ledtrig-netdev (jsc#SLE-16874) - commit ae02c2f - i2c: brcmstb: Fix handling of optional interrupt (jsc#SLE-15318). - i2c: brcmstb: Allow to compile it on BCM2835 (jsc#SLE-15318). - supported.conf: Enable i2c-brcmstb - i2c: brcmstb: Support BCM2711 HDMI BSC controllers (jsc#SLE-15318). - commit 90fb88d - arm64: mask PAC bits of __builtin_return_address (jsc#SLE-15188 SLE-16566). - arm64: Update config files. Enable HAVE_ARCH_COMPILER_H - commit 3d9d4d8 - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (jsc#SLE-16823). - PCI: MSI: Fix Kconfig dependencies for PCI_MSI_ARCH_FALLBACKS (jsc#SLE-16823). - x86/apic/msi: Unbreak DMAR and HPET MSI (jsc#SLE-16823). - iommu/amd: Remove domain search for PCI/MSI (jsc#SLE-16823). - iommu/vt-d: Remove domain search for PCI/MSI (jsc#SLE-16823). - x86/irq: Make most MSI ops XEN private (jsc#SLE-16823). - x86/irq: Cleanup the arch_*_msi_irqs() leftovers (jsc#SLE-16823). - PCI/MSI: Make arch_.*_msi_irq fallbacks selectable (jsc#SLE-16823). - Update config files. PCI_MSI_ARCH_FALLBACKS is now auto-selected. - x86/pci: Set default irq domain in pcibios_add_device() (jsc#SLE-16823). - iommm/amd: Store irq domain in struct device (jsc#SLE-16823). - iommm/vt-d: Store irq domain in struct device (jsc#SLE-16823). - x86/xen: Wrap XEN MSI management into irqdomain (jsc#SLE-16823). - irqdomain/msi: Allow to override msi_domain_alloc/free_irqs() (jsc#SLE-16823). - x86/xen: Consolidate XEN-MSI init (jsc#SLE-16823). - x86/xen: Rework MSI teardown (jsc#SLE-16823). - x86/xen: Make xen_msi_init() static and rename it to xen_hvm_msi_init() (jsc#SLE-16823). - PCI/MSI: Provide pci_dev_has_special_msi_domain() helper (jsc#SLE-16823). - PCI_vmd_Mark_VMD_irqdomain_with_DOMAIN_BUS_VMD_MSI (jsc#SLE-16823). - irqdomain/msi: Provide DOMAIN_BUS_VMD_MSI (jsc#SLE-16823). - x86/irq: Initialize PCI/MSI domain at PCI init time (jsc#SLE-16823). - Refresh patches.suse/x86-paravirt-allow-hypervisor-specific-vmmcall-handling-under-sev-es. - x86/pci: Reducde #ifdeffery in PCI init code (jsc#SLE-16823). - x86/irq: Move apic_post_init() invocation to one place (jsc#SLE-16823). - x86/msi: Use generic MSI domain ops (jsc#SLE-16823). - x86/msi: Consolidate MSI allocation (jsc#SLE-16823). - PCI/MSI: Rework pci_msi_domain_calc_hwirq() (jsc#SLE-16823). - x86/irq: Consolidate UV domain allocation (jsc#SLE-16823). - x86/irq: Consolidate DMAR irq allocation (jsc#SLE-16823). - x86_ioapic_Consolidate_IOAPIC_allocation (jsc#SLE-16823). - x86/msi: Consolidate HPET allocation (jsc#SLE-16823). - x86/irq: Prepare consolidation of irq_alloc_info (jsc#SLE-16823). - iommu/irq_remapping: Consolidate irq domain lookup (jsc#SLE-16823). - iommu/amd: Consolidate irq domain getter (jsc#SLE-16823). - iommu/vt-d: Consolidate irq domain getter (jsc#SLE-16823). - x86/irq: Add allocation type for parent domain retrieval (jsc#SLE-16823). - x86_irq_Rename_X86_IRQ_ALLOC_TYPE_MSI_to_reflect_PCI_dependency (jsc#SLE-16823). - x86/msi: Remove pointless vcpu_affinity callback (jsc#SLE-16823). - x86/msi: Move compose message callback where it belongs (jsc#SLE-16823). - genirq/chip: Use the first chip in irq_chip_compose_msi_msg() (jsc#SLE-16823). - PCI: vmd: Dont abuse vector irqomain as parent (jsc#SLE-16823). - x86/init: Remove unused init ops (jsc#SLE-16823). - iommu/amd: Prevent NULL pointer dereference (jsc#SLE-16823). - irqdomain: Export irq_domain_update_bus_token (jsc#SLE-16823). - KVM: x86: Fixes posted interrupt check for IRQs delivery modes (jsc#SLE-16823). - x86/apic/msi: Plug non-maskable MSI affinity race (jsc#SLE-16823). - Refresh patches.suse/genirq-Add-protection-against-unsafe-usage-of-generi.patch. - Refresh patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch. - KVM: X86: Use APIC_DEST_* macros properly in kvm_lapic_irq.dest_mode (jsc#SLE-16823). - commit 3ea20e1 - gro_cells: reduce number of synchronize_net() calls (jsc#SLE-15075). - net/mlx5e: Fix check if netdev is bond slave (jsc#SLE-15172). - net/mlx5e: Fix refcount leak on kTLS RX resync (jsc#SLE-15172). - mlxsw: Fix firmware flashing (bsc#1176447). - qed: fix ILT configuration of SRC block (jsc#SLE-15143). - net/tls: Fix wrong record sn in async mode of device resync (bsc#1176447). - bnxt_en: Avoid unnecessary NVM_GET_DEV_INFO cmd error log on VFs (jsc#SLE-16649). - bnxt_en: Fix counter overflow logic (jsc#SLE-15075). - bnxt_en: Free port stats during firmware reset (jsc#SLE-15075). - IB/hfi1: Fix error return code in hfi1_init_dd() (jsc#SLE-13208). - RDMA/cm: Make the local_id_table xarray non-irq (jsc#SLE-15176). - devlink: Avoid overwriting port attributes of registered port (bsc#1176447). - ethtool: netlink: add missing netdev_features_change() call (bsc#1176447). - tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies (jsc#SLE-15172). - net/mlx5e: Fix incorrect access of RCU-protected xdp_prog (jsc#SLE-15172). - net/mlx5e: Fix VXLAN synchronization after function reload (jsc#SLE-15172). - net/mlx5: E-switch, Avoid extack error log for disabled vport (jsc#SLE-15172). - net/mlx5e: Use spin_lock_bh for async_icosq_lock (jsc#SLE-15172). - xfrm: interface: fix the priorities for ipip and ipv6 tunnels (bsc#1176447). - IB/srpt: docs: add a description for cq_size member (jsc#SLE-15176). - net: protect tcf_block_unbind with block lock (bsc#1176447). - sfc: move initialisation of efx->filter_sem to efx_init_struct() (jsc#SLE-16683). - net/sched: act_gate: Unlock ->tcfa_lock in tc_setup_flow_action() (bsc#1176447). - net/sched: act_ct: Fix adding udp port mangle operation (jsc#SLE-15172). - nexthop: Fix performance regression in nexthop deletion (bsc#1176447). - net: core: use list_del_init() instead of list_del() in netdev_run_todo() (bsc#1176447). - ixgbe: fix probing of multi-port devices with one MDIO (jsc#SLE-13706). - RDMA/qedr: Endianness warnings cleanup (jsc#SLE-15146). - RDMA/hns: Fix configuration of ack_req_freq in QPC (jsc#SLE-14777). - RDMA/hns: Add interception for resizing SRQs (jsc#SLE-14777). - RDMA/mlx5: Remove dead check for EAGAIN after alloc_mr_from_cache() (jsc#SLE-15175). - RDMA: Change XRCD destroy return value (jsc#SLE-15176). - RDMA/rtrs-srv: Incorporate ib_register_client into rtrs server init (jsc#SLE-15176). - mm/mmu_notifier: fix mmget() assert in __mmu_interval_notifier_insert (jsc#SLE-15176, jsc#SLE-16387). - net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info (jsc#SLE-15075). - xsk: Fix a documentation mistake in xsk_queue.h (jsc#SLE-13706). - net/mlx5e: IPsec: Use kvfree() for memory allocated with kvzalloc() (jsc#SLE-15172). - net/mlx5e: TC: Remove unused parameter from mlx5_tc_ct_add_no_trk_match() (jsc#SLE-15172). - net/mlx5: E-Switch, Use vport metadata matching by default (jsc#SLE-15172). - net/mlx5: E-Switch, Setup all vports' metadata to support peer miss rule (jsc#SLE-15172). - net/mlx5: E-Switch, Dedicated metadata for uplink vport (jsc#SLE-15172). - net/mlx5: E-Switch, Check and enable metadata support flag before using (jsc#SLE-15172). - net/mlx5: Fix uninitialized variable warning (jsc#SLE-15172). - sfc: don't double-down() filters in ef100_reset() (jsc#SLE-16683). - commit e4545a1 - btrfs: qgroup: don't commit transaction when we already hold the handle (bsc#1178634). - commit a88c82a - ftrace: Fix DYNAMIC_FTRACE_WITH_DIRECT_CALLS dependency (bsc#1177028). - selftests/bpf: Fix error return code in run_getsockopt_test() (bsc#1177028). - selftests/bpf: Add selftest for multi-prog sections and bpf-to-bpf calls (bsc#1177028). - commit f0d11f0 - Delete patches.suse/1239-media-cec-gpio-handle-gpiod_get_value-errors-correct.patch. - commit 7b24ba3 ++++ libapparmor: - update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog - removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff - Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires ++++ audit: - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) ++++ podman: - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. ++++ python-libvirt-python: - Update to 6.10.0 - Add all new APIs and constants in libvirt 6.10.0 - jsc#SLE-13688 ------------------------------------------------------------------ ------------------ 2020-12-1 - Dec 1 2020 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Add patch git-33-d12420cc66e6d26a9dff6c0e86e00de232151c82.patch * Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ++++ kernel-default: - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - commit e04335b - patches.suse/nvme-force-complete-cancelled-requests.patch: (bsc#1175995,bsc#1178756,jsc#SLE-15608). Without this we can end up with a series of nvme QID timeouts, regardless of filesystem when fstests is used or any error injection mechanism is used. Without this fix, we end up with 9 failures on xfs, but due to its generic nature, will likely end up with other failures on other filesystems. This does not allow a clean slate reliable fstests run. This fixes that issue. Through code inspection I found these changes were already present on SLE15-SP3 but not on SLE15-SP2. - commit 9b6b1bb - patches.suse/blk-mq-blk-mq-provide-forced-completion-method.patch: (bsc#1175995,jsc#SLE-15608,bsc#1178756). - commit 88f0b07 - drm/vc4: kms: Don't disable the muxing of an active CRTC (jsc#SLE-15318). - commit 39c97fe - drm/vc4: kms: Store the unassigned channel list in the state (jsc#SLE-15318). - drm/vc4: hdmi: Disable Wifi Frequencies (jsc#SLE-15318). - drm/vc4: kms: Document the muxing corner cases (jsc#SLE-15318). - drm/vc4: kms: Split the HVS muxing check in a separate function (jsc#SLE-15318). - drm/vc4: kms: Rename NUM_CHANNELS (jsc#SLE-15318). - drm/vc4: kms: Remove useless define (jsc#SLE-15318). - drm/vc4: kms: Switch to drmm_add_action_or_reset (jsc#SLE-15318). - drm/vc4: hdmi: Block odd horizontal timings (jsc#SLE-15318). - drm/vc4: hdmi: Make sure our clock rate is within limits (jsc#SLE-15318). - commit c55f585 - Documentation: x86: fix boot.rst warning and format (jsc#SLE-16407). - x86/boot: Mark global variables as static (jsc#SLE-16407). - commit f3aa594 - drm/vc4: drv: Remove unused variable (jsc#SLE-15318). - drm/vc4: kms: Add functions to create the state objects (jsc#SLE-15318). - drm/vc4: Use devm_drm_dev_alloc (jsc#SLE-15318). - drm/vc4: Use the helper to retrieve vc4_dev when needed (jsc#SLE-15318). - drm/vc4: gem: Add a managed action to cleanup the job queue (jsc#SLE-15318). - drm/vc4: drv: Use managed drm_mode_config_init (jsc#SLE-15318). - drm/vc4: bo: Add a managed action to cleanup the cache (jsc#SLE-15318). - drm/vc4: Rework the structure conversion functions (jsc#SLE-15318). - drm/vc4: hdmi: Add a name to the codec DAI component (jsc#SLE-15318). - drm/vc4: hdmi: Avoid sleeping in atomic context (jsc#SLE-15318). - drm/vc4: drv: Add error handding for bind (jsc#SLE-15318). - drm/vc4: crtc: Keep the previously assigned HVS FIFO (jsc#SLE-15318). - drm/vc4: crtc: Rework a bit the CRTC state code (jsc#SLE-15318). - drm/vc4: kms: Assign a FIFO to enabled CRTCs instead of active (jsc#SLE-15318). - drm/vc4: hvs: Pull the state of all the CRTCs prior to PV muxing (jsc#SLE-15318). - drm/vc4: Handing the return value of drm_universal_plane_init (jsc#SLE-15318). - drm/vc4: Fix bitwise OR versus ternary operator in vc4_plane_mode_set (jsc#SLE-15318). - drm/vc4: Update type of reg parameter in vc4_hdmi_{read,write} (jsc#SLE-15318). - drm/vc4: hdmi: Fix NULL vs IS_ERR() checks in (jsc#SLE-15318). - drm/vc4: hdmi: Fix off by ones in vc4_hdmi_read/write() (jsc#SLE-15318). - drm/vc4: drv: Support BCM2711 (jsc#SLE-15318). - drm/vc4: hdmi: Support the BCM2711 HDMI controllers (jsc#SLE-15318). - drm/vc4: hdmi: Add pixel BVB clock control (jsc#SLE-15318). - drm/vc4: hdmi: Switch to blank pixels when disabled (jsc#SLE-15318). - drm/vc4: hdmi: Do the VID_CTL configuration at once (jsc#SLE-15318). - drm/vc4: hdmi: Implement finer-grained hooks (jsc#SLE-15318). - drm/vc4: hdmi: Always recenter the HDMI FIFO (jsc#SLE-15318). - drm/vc4: hdmi: Remove register dumps in enable (jsc#SLE-15318). - drm/vc4: hdmi: Deal with multiple ALSA cards (jsc#SLE-15318). - drm/vc4: hdmi: Add audio-related callbacks (jsc#SLE-15318). - drm/vc4: hdmi: Set the b-frame marker to the match ALSA's default (jsc#SLE-15318). - drm/vc4: hdmi: Reset audio infoframe on encoder_enable if previously (jsc#SLE-15318). - drm/vc4: hdmi: Use reg-names to retrieve the HDMI audio registers (jsc#SLE-15318). - drm/vc4: hdmi: Use clk_set_min_rate instead (jsc#SLE-15318). - drm/vc4: hdmi: Adjust HSM clock rate depending on pixel rate (jsc#SLE-15318). - drm/vc4: hdmi: Rename drm_encoder pointer in mode_valid (jsc#SLE-15318). - drm/vc4: hdmi: Remove unused CEC_CLOCK_DIV define (jsc#SLE-15318). - drm/vc4: hdmi: Add CEC support flag (jsc#SLE-15318). - drm/vc4: hdmi: Move CEC init to its own function (jsc#SLE-15318). - drm/vc4: hdmi: Deal with multiple debugfs files (jsc#SLE-15318). - drm/vc4: hdmi: Store the encoder type in the variant structure (jsc#SLE-15318). - drm/vc4: hdmi: Add a set_timings callback (jsc#SLE-15318). - drm/vc4: hdmi: Add a CSC setup callback (jsc#SLE-15318). - drm/vc4: hdmi: Add PHY RNG enable / disable function (jsc#SLE-15318). - drm/vc4: hdmi: Add PHY init and disable function (jsc#SLE-15318). - drm/vc4: hdmi: Add reset callback (jsc#SLE-15318). - drm/vc4: hdmi: Implement a register layout abstraction (jsc#SLE-15318). - drm/vc4: hdmi: Introduce resource init and variant (jsc#SLE-15318). - drm/vc4: hdmi: Remove vc4_hdmi_connector (jsc#SLE-15318). - drm/vc4: hdmi: Remove vc4_dev hdmi pointer (jsc#SLE-15318). - drm/vc4: hdmi: Retrieve the vc4_hdmi at unbind using our device (jsc#SLE-15318). - drm/vc4: hdmi: Pass vc4_hdmi to CEC code (jsc#SLE-15318). - drm/vc4: hdmi: Add container_of macros for encoders and connectors (jsc#SLE-15318). - drm/vc4: hdmi: Use local vc4_hdmi directly (jsc#SLE-15318). - drm/vc4: hdmi: Move accessors to vc4_hdmi (jsc#SLE-15318). - drm/vc4: hdmi: Rename hdmi to vc4_hdmi (jsc#SLE-15318). - drm/vc4: hdmi: Remove DDC argument to connector_init (jsc#SLE-15318). - drm/vc4: hdmi: rework connectors and encoders (jsc#SLE-15318). - drm/vc4: hdmi: Move structure to header (jsc#SLE-15318). - drm/vc4: hdmi: Use debugfs private field (jsc#SLE-15318). - drm/vc4: crtc: Add BCM2711 pixelvalves (jsc#SLE-15318). - drm/vc4: drv: Disable the CRTC at boot time (jsc#SLE-15318). - drm/vc4: crtc: Move the CRTC disable out (jsc#SLE-15318). - drm/vc4: hvs: Introduce a function to get the assigned FIFO (jsc#SLE-15318). - drm/vc4: hvs: Make the stop_channel function public (jsc#SLE-15318). - drm/vc4: crtc: Clear the PixelValve FIFO during configuration (jsc#SLE-15318). - drm/vc4: crtc: Clear the PixelValve FIFO on disable (jsc#SLE-15318). - drm/vc4: crtc: Add a delay after disabling the PixelValve output (jsc#SLE-15318). - drm/vc4: encoder: Add finer-grained encoder callbacks (jsc#SLE-15318). - drm/vc4: crtc: Move HVS channel init before the PV initialisation (jsc#SLE-15318). - drm/vc4: crtc: Remove redundant pixelvalve reset (jsc#SLE-15318). - drm/vc4: crtc: Remove mode_set_nofb (jsc#SLE-15318). - drm/vc4: hvs: Make sure our channel is reset (jsc#SLE-15318). - drm/vc4: crtc: Move the HVS gamma LUT setup to our init function (jsc#SLE-15318). - drm/vc4: crtc: Move HVS init and close to a function (jsc#SLE-15318). - drm/vc4: crtc: Move PV dump to config_pv (jsc#SLE-15318). - drm/vc4: crtc: Turn pixelvalve reset into a function (jsc#SLE-15318). - drm/vc4: crtc: Disable color management for HVS5 (jsc#SLE-15318). - drm/vc4: crtc: Add HDMI1 encoder type (jsc#SLE-15318). - drm/vc4: crtc: Rename HDMI encoder type to HDMI0 (jsc#SLE-15318). - drm/vc4: crtc: Add function to compute FIFO level bits (jsc#SLE-15318). - drm/vc4: crtc: Add FIFO depth to vc4_crtc_data (jsc#SLE-15318). - drm/vc4: crtc: Assign output to channel automatically (jsc#SLE-15318). - drm/vc4: kms: Convert to for_each_new_crtc_state (jsc#SLE-15318). - drm/vc4: crtc: Enable and disable the PV in atomic_enable / disable (jsc#SLE-15318). - drm/vc4: crtc: Use local chan variable (jsc#SLE-15318). - drm/vc4: crtc: Rename HVS channel to output (jsc#SLE-15318). - drm/vc4: crtc: Move the cob allocation outside of bind (jsc#SLE-15318). - drm/vc4: crtc: Use a shared interrupt (jsc#SLE-15318). - drm/vc4: crtc: Deal with different number of pixel per clock (jsc#SLE-15318). - drm/vc4: plane: Create more planes (jsc#SLE-15318). - drm/vc4: plane: Optimize the LBM allocation size (jsc#SLE-15318). - drm/vc4: plane: Change LBM alignment constraint on LBM (jsc#SLE-15318). - drm/vc4: hvs: Boost the core clock during modeset (jsc#SLE-15318). - drm/vc4: Add support for the BCM2711 HVS5 (jsc#SLE-15318). - commit 1c47402 - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HMAT: Register memory-side cache after parsing (bsc#1178660). - commit c10070c - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - commit 9a9387d - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - commit 76a9256 - PCI: hip: Add handling of HiSilicon HIP PCIe controller errors (jsc#SLE-16612 jsc#SLE-14766). - Update config files. Enable PCIE_HISI_ERR. - commit f5b42fa - tpm: of: Handle IBM,vtpm20 case when getting log parameters (jsc#SLE-13630 bsc#1179446 ltc#190030). - commit 96f9f02 - ACPI / APEI: Add a notifier chain for unknown (vendor) CPER records (jsc#SLE-16612 jsc#SLE-14766). - commit 993ea8f - config.conf: Remove vanilla config (jsc#SLE-17122). - Delete config/arm64/vanilla. - Delete config/ppc64le/vanilla. - Delete config/s390x/vanilla. - Delete config/x86_64/vanilla. - commit 508c5d7 - blacklist.conf: Remove duplicate entry (git-fixes) - commit 9169068 - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - commit e8d7cf3 - fix patches metadata - fix Patch-mainline: patches.suse/mm-gup-allow-FOLL_FORCE-for-get_user_pages_fast.patch patches.suse/mm-ksm-fix-NULL-pointer-dereference-when-KSM-zero-page-is-enabled.patch patches.suse/mm-mempolicy-require-at-least-one-nodeid-for-MPOL_PREFERRED.patch patches.suse/mm-swap-make-page_evictable-inline.patch patches.suse/mm-swap-use-smp_mb__after_atomic-to-order-LRU-bit-set.patch - commit 6289c65 - efi/x86: Use symbolic constants in PE header instead of bare numbers (jsc#SLE-16407). - commit 1efd668 - Update patches.suse/mm-mmap-c-close-race-between-munmap-and-expand_upwards-downwards.patch (bsc#1174527, bsc#1179432, CVE-2020-29369). - commit f55babe - efi/x86: Setup stack correctly for efi_pe_entry (jsc#SLE-16407). - tpm: check event log version before reading final events (jsc#SLE-16407). - efi: Pull up arch-specific prototype efi_systab_show_arch() (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi: cper: Add support for printing Firmware Error Record Reference (jsc#SLE-16407). - efi/libstub/x86: Avoid EFI map buffer alloc in allocate_e820() (jsc#SLE-16407). - efi/earlycon: Fix early printk for wider fonts (jsc#SLE-16407). - efi/libstub: Avoid returning uninitialized data from setup_graphics() (jsc#SLE-16407). - gcc-10: mark more functions __init to avoid section mismatch warnings (jsc#SLE-16407). - efi/x86: Revert struct layout change to fix kexec boot regression (jsc#SLE-16407). - efi/libstub/file: Merge file name buffers to reduce stack usage (jsc#SLE-16407). - efi/x86: Always relocate the kernel for EFI handover entry (jsc#SLE-16407). - efi/x86: Move efi stub globals from .bss to .data (jsc#SLE-16407). - efi/libstub/x86: Remove redundant assignment to pointer hdr (jsc#SLE-16407). - efi/cper: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-16407). - arm64: remove CONFIG_DEBUG_ALIGN_RODATA feature (jsc#SLE-16407). - x86/efi: Add a prototype for efi_arch_mem_reserve() (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - x86/*/Makefile: Use -fno-asynchronous-unwind-tables to suppress .eh_frame sections (jsc#SLE-16407). Refresh patches.suse/0001-efi-generalize-efi_get_secureboot.patch patches.suse/x86-boot-compressed-64-setup-a-ghcb-based-vc-exception-handler - efi/libstub/arm: Fix spurious message that an initrd was loaded (jsc#SLE-16407). - efi/libstub/arm64: Avoid image_base value from efi_loaded_image (jsc#SLE-16407). - efi/x86: Fix cast of image argument (jsc#SLE-16407). - efi/libstub/x86: Use ULONG_MAX as upper bound for all allocations (jsc#SLE-16407). - efi: Fix a mistype in comments mentioning efivar_entry_iter_begin() (jsc#SLE-16407). - efi/libstub: Avoid linking libstub/lib-ksyms.o into vmlinux (jsc#SLE-16407). - efi/x86: Preserve %ebx correctly in efi_set_virtual_address_map() (jsc#SLE-16407). - efi/x86: Don't relocate the kernel unless necessary (jsc#SLE-16407). - efi/x86: Remove extra headroom for setup block (jsc#SLE-16407). Refresh patches.suse/efi-x86-Remove-extra-headroom-for-setup-block.patch - efi/x86: Add kernel preferred address to PE header (jsc#SLE-16407). - efi/x86: Decompress at start of PE image load address (jsc#SLE-16407). Refresh patches.suse/x86-boot-compressed-64-add-idt-infrastructure - x86/boot/compressed/32: Save the output address instead of recalculating it (jsc#SLE-16407). - efi/libstub/x86: Deal with exit() boot service returning (jsc#SLE-16407). - x86/boot: Use unsigned comparison for addresses (jsc#SLE-16407). - efi/x86: Avoid using code32_start (jsc#SLE-16407). - efi/x86: Make efi32_pe_entry() more readable (jsc#SLE-16407). - efi/x86: Respect 32-bit ABI in efi32_pe_entry() (jsc#SLE-16407). - efi/x86: Annotate the LOADED_IMAGE_PROTOCOL_GUID with SYM_DATA (jsc#SLE-16407). - efi/arm64: Clean EFI stub exit code from cache instead of avoiding it (jsc#SLE-16407). - efi: Don't shadow 'i' in efi_config_parse_tables() (jsc#SLE-16407). - efi/x86: Add RNG seed EFI table to unencrypted mapping check (jsc#SLE-16407). - efi/libstub: Introduce symbolic constants for the stub major/minor version (jsc#SLE-16407). - efi/x86: Add true mixed mode entry point into .compat section (jsc#SLE-16407). - efi/x86: Drop redundant .bss section (jsc#SLE-16407). - efi/x86: add headroom to decompressor BSS to account for setup block (jsc#SLE-16407). - ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use (jsc#SLE-16407). - x86/boot: Simplify calculation of output address (jsc#SLE-16407). - x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld (jsc#SLE-16407). - arch/x86/boot: Use prefix map to avoid embedded paths (jsc#SLE-16407). Refresh modified: patches.suse/0001-efi-generalize-efi_get_secureboot.patch modified: patches.suse/x86-boot-compressed-64-setup-a-ghcb-based-vc-exception-handler - x86/boot: Introduce kernel_info (jsc#SLE-16407). - commit 62d114b ++++ libarchive: - Update to version 3.5.0 New features: * mtree digest reader support (#1347) * completed support for UTF-8 encoding conversion (#1389) * minor API enhancements (#1258, #1405) * support for system extended attributes (#1409) * support for decompression of symbolic links in zipx archives (#1435) Important bugfixes * fixed extraction of archives with hard links pointing to itself (#1381) * cpio fixes (#1387, #1388) * fixed uninitialized size in rar5_read_data (#1408) * fixed memory leaks in error case of archive_write_open() functions (#1456) - Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream. ++++ mozilla-nss: - update to NSS 3.59 Notable changes * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. ++++ Mesa: - require llvm-devel *without* any explicit version number for factory/TW to imply 'distro default llvm version', which we usually bump up when a new stable llvm comes out ++++ python3-core: - Add CVE-2020-27619-no-eval-http-content.patch fixing CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Add patch sphinx-update-removed-function.patch to no longer call a now removed function (gh#python/cpython#13236). As a consequence, no longer pin Sphinx version. ++++ systemd: - Import commit f6104ea5f554233e34b94ffd92da8332c3bd7d8f 617aed9236 scope: on unified, make sure to unwatch all PIDs once they've been moved to the cgroup scope ++++ libvirt: - Update to libvirt 6.10.0 - jsc#SLE-13688 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: f035f53b-virt-guest-shutdown.patch ++++ perl-Cairo: - Add some files to skip_doc ++++ python3: - Add CVE-2020-27619-no-eval-http-content.patch fixing CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Add patch sphinx-update-removed-function.patch to no longer call a now removed function (gh#python/cpython#13236). As a consequence, no longer pin Sphinx version. ++++ python-psutil: - update to 5.7.3: - 809_: [FreeBSD] add support for `Process.rlimit()`. - 893_: [BSD] add support for `Process.environ()` (patch by Armin Gruner) - 1830_: [UNIX] `net_if_stats()`'s `isup` also checks whether the NIC is running (meaning Wi-Fi or ethernet cable is connected). - 1837_: [Linux] improved battery detection and charge "secsleft" calculation - 1620_: [Linux] physical cpu_count() result is incorrect on systems with more than one CPU socket. - 1738_: [macOS] Process.exe() may raise FileNotFoundError if process is still alive but the exe file which launched it got deleted. - 1791_: [macOS] fix missing include for getpagesize(). - 1823_: [Windows] Process.open_files() may cause a segfault due to a NULL pointer. - 1838_: [Linux] sensors_battery(): if `percent` can be determined but not the remaining values, still return a result instead of None. - skip-obs.patch, skip_failing_tests.patch: rediff ------------------------------------------------------------------ ------------------ 2020-11-30 - Nov 30 2020 ------------------- ------------------------------------------------------------------ ++++ bcm43xx-firmware: - Introduce firmware file for RPi Compute Module 4 - Update BCM4345C0.hcd - Update brcmfmac43456-sdio.clm_blob ++++ canutils: - Add "can-utils" provides, add documentation. ++++ elfutils: - Mention elfutils-rpmlintrc as a Source. ++++ haproxy: - Update to version 2.3.2+git0.d522db763: * [RELEASE] Released version 2.3.2 * BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check * DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section * BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool * MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main * BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check * DOC: Clarify %HP description in log-format * DOC: better document the config file format and escaping/quoting rules * BUG/MAJOR: peers: fix partial message decoding * BUG/MEDIUM: http_act: Restore init of log-format list * BUILD: Show the value of DEBUG= in haproxy -vv * BUILD: Make DEBUG part of .build_opts * MINOR: http_act: Add -m flag for del-header name matching method * REGTESTS: converter: add url_dec test * REGTESTS: Add sample_fetches/cook.vtc * DOC: cache: Add new caching limitation information * MEDIUM: cache: Change caching conditions * BUG/MAJOR: filters: Always keep all offsets up to date during data filtering * DOC: better describes how to configure a fallback crt * BUG/MINOR: http_htx: Fix searching headers by substring * BUG/MAJOR: connection: reset conn->owner when detaching from session list * CLEANUP: connection: do not use conn->owner when the session is known * DOC: clarify how to create a fallback crt * BUILD: makefile: enable crypt(3) for OpenBSD * BUG/MEDIUM: ssl/crt-list: fix error when no file found * BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated * BUG/MEDIUM: ssl: error when no certificate are found * BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list * BUG/MEDIUM: http-ana: Don't eval http-after-response ruleset on empty messages * BUG/MINOR: ssl: segv on startup when AKID but no keyid * DOC: add missing 3.10 in the summary * BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests * BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering * CLEANUP: cfgparse: remove duplicate registration for transparent build options * BUILD: http-htx: fix build warning regarding long type in printf ++++ open-iscsi: - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str * libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440), updating: * open-iscsi-SUSE-latest.diff.bz2 ++++ kernel-default: - romfs: fix uninitialized memory leak in romfs_dev_read() (CVE-2020-29371 bsc#1179429). - commit aaf36e7 - patches.suse/block-Fix-use-after-free-in-blkdev_get.patch: Update tags (bsc#1173834 bsc#1179141 CVE-2020-15436). - commit 6c1fbdb - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - commit b7a0fce - Convert trailing spaces and periods in path components (bsc#1179424). - commit 88891c3 - cifs: remove bogus debug code (bsc#1179427). - commit 8a0ced9 - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - Refresh patches.suse/ibmvnic-restore-adapter-state-on-failed-reset.patch. - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: delay next reset if hard reset fails (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: restore adapter state on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: avoid memset null scrq msgs (jsc#SLE-17043 bsc#1179243 ltc#189290). - Refresh patches.suse/ibmvnic-Introduce-indirect-subordinate-Command-Respo.patch - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - commit ce6d916 - blacklist.conf: printk: cosmetic; documentation - commit 609fe64 - blacklist.conf: printk: just a preparation step for lockless ringbuffer. - commit 8515274 - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - commit 965157e - efi/arm: Rewrite FDT param discovery routines (jsc#SLE-16407). - efi/arm: Move FDT specific definitions into fdtparams.c (jsc#SLE-16407). - efi/arm: Move FDT param discovery code out of efi.c (jsc#SLE-16407). Refresh patches.suse/efi-Use-more-granular-check-for-availability-for-var.patch - efi/x86: Implement mixed mode boot without the handover protocol (jsc#SLE-16407). Refresh patches.suse/x86-boot-compressed-64-add-idt-infrastructure - efi/libstub/x86: Use Exit() boot service to exit the stub on errors (jsc#SLE-16407). - efi/libstub/x86: Make loaded_image protocol handling mixed mode safe (jsc#SLE-16407). - efi/x86: Drop 'systab' member from struct efi (jsc#SLE-16407). Refresh patches.suse/efi-Store-mask-of-supported-runtime-services-in-stru.patch - efi/arm: Drop unnecessary references to efi.systab (jsc#SLE-16407). - efi: Add 'runtime' pointer to struct efi (jsc#SLE-16407). Refresh patches.suse/efi-Store-mask-of-supported-runtime-services-in-stru.patch - efi/x86: Merge assignments of efi.runtime_version (jsc#SLE-16407). - efi/x86: Make fw_vendor, config_table and runtime sysfs nodes x86 specific (jsc#SLE-16407). - efi/x86: Remove runtime table address from kexec EFI setup data (jsc#SLE-16407). - efi: Clean up config_parse_tables() (jsc#SLE-16407). - efi: Make efi_config_init() x86 only (jsc#SLE-16407). - efi/ia64: Switch to efi_config_parse_tables() (jsc#SLE-16407). - efi/ia64: Use existing helpers to locate ESI table (jsc#SLE-16407). - efi: Merge EFI system table revision and vendor checks (jsc#SLE-16407). Refresh patches.suse/efi-Add-support-for-EFI_RT_PROPERTIES-table-fe4db90a.patch - efi: Make memreserve table handling local to efi.c (jsc#SLE-16407). Refresh patches.suse/efi-Add-support-for-EFI_RT_PROPERTIES-table-fe4db90a.patch - efi: Move mem_attr_table out of struct efi (jsc#SLE-16407). - efi: Make rng_seed table handling local to efi.c (jsc#SLE-16407). Refresh patches.suse/efi-Add-support-for-EFI_RT_PROPERTIES-table-fe4db90a.patch - efi: Move UGA and PROP table handling to x86 code (jsc#SLE-16407). - efi/ia64: Move HCDP and MPS table handling into IA64 arch code (jsc#SLE-16407). Refresh patches.suse/efi-Store-mask-of-supported-runtime-services-in-stru.patch - efi: Drop handling of 'boot_info' configuration table (jsc#SLE-16407). - efi/libstub: Take noinitrd cmdline argument into account for devpath initrd (jsc#SLE-16407). - efi/libstub: Add support for loading the initrd from a device path (jsc#SLE-16407). - efi/dev-path-parser: Add struct definition for vendor type device path nodes (jsc#SLE-16407). - efi/x86: Replace #ifdefs with IS_ENABLED() checks (jsc#SLE-16407). - efi/x86: Reindent struct initializer for legibility (jsc#SLE-16407). - efi/capsule-loader: Drop superfluous assignment (jsc#SLE-16407). - efi/esrt: Clean up efi_esrt_init (jsc#SLE-16407). - efi/libstub: Fix error message in handle_cmdline_files() (jsc#SLE-16407). - efi/libstub: Describe RNG functions (jsc#SLE-16407). - efi/libstub: Describe efi_relocate_kernel() (jsc#SLE-16407). - efi/libstub: Describe memory functions (jsc#SLE-16407). - efi/libstub: Simplify efi_get_memory_map() (jsc#SLE-16407). - efi/libstub: Add function description of efi_allocate_pages() (jsc#SLE-16407). - efi/libstub: Make the LoadFile EFI protocol accessible (jsc#SLE-16407). Refresh patches.suse/efi-Add-support-for-EFI_RT_PROPERTIES-table-fe4db90a.patch - efi/libstub: Expose LocateDevicePath boot service (jsc#SLE-16407). - efi/libstub: Clean up command line parsing routine (jsc#SLE-16407). - efi/libstub: Take soft and hard memory limits into account for initrd loading (jsc#SLE-16407). - efi: ia64: move SAL systab handling out of generic EFI code (jsc#SLE-16407). - commit 2edf905 - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - commit 21b1eaa - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - commit 5bb1399 - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - commit 1b3b221 - hv_balloon: disable warning when floor reached (git-fixes). - commit 09540b9 - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - commit d498a49 - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - commit 82f5309 - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - commit b3e8c49 - drivers: provide devm_platform_ioremap_resource_byname() (bsc#1179344). - drivers: platform: provide devm_platform_ioremap_resource_wc() (bsc#1179344). Refresh: patches.suse/drivers-provide-devm_platform_get_and_ioremap_resource.patch - lib: devres: provide devm_ioremap_resource_wc() (bsc#1179344). - lib: devres: prepare devm_ioremap_resource() for more variants (bsc#1179344). - commit 114fca9 - blacklist.conf: KASAN is not enabled - commit b3c7026 - spi: imx: fix the unbalanced spi runtime pm management (git-fixes). - commit 1856d10 - blacklist.conf: Supported arches enable SPARSEMEM_VMEMMAP - commit 928fb30 - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - commit b4797b5 - blacklist.conf: GUP benchmark not enabled in Kconfig - commit d60c94e - mm/truncate.c: make __invalidate_mapping_pages() static (git fixes (mm/truncate)). - commit 94f313f - powerpc/test_emulate_step: Move extern declaration to sstep.h (jsc#SLE-13830 bsc#1179396 ltc#185738). - powerpc/sstep: Introduce macros to retrieve Prefix instruction operands (jsc#SLE-13830 bsc#1179396 ltc#185738). - powerpc/test_emulate_step: Add negative tests for prefixed addi (jsc#SLE-13830 bsc#1179396 ltc#185738). - powerpc/test_emulate_step: Enhancement to test negative scenarios (jsc#SLE-13830 bsc#1179396 ltc#185738). - commit ad5913e - efi/libstub: Fix path separator regression (jsc#SLE-16407). - lib/string: Make memzero_explicit() inline instead of external (jsc#SLE-16407). - commit 6fa3e5e - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - commit dd05038 - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Don't panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - commit aaf9d90 - Refresh patches.suse/loop-fix-occasional-uevent-drop.patch (bsc#1177971) Add Git-commit: and Patch-mainline: tags (patch got into mainline). - commit a78af51 - Refresh patches.suse/block-add-a-return-value-to-set_capacity_revalidate_and_notify.patch. (bsc#1177971) Add Git-commit: and Patch-mainline: tags (patch got into mainline). - commit cf636f0 - crypto: n2 - Rename arrays to avoid conflict with crypto/sha256.h (jsc#SLE-16407). - crypto: ccree - Rename arrays to avoid conflict with crypto/sha256.h (jsc#SLE-16407). - crypto: s390 - Rename functions to avoid conflict with crypto/sha256.h (jsc#SLE-16407). - crypto: arm64 - Rename functions to avoid conflict with crypto/sha256.h (jsc#SLE-16407). - crypto: arm - Rename functions to avoid conflict with crypto/sha256.h (jsc#SLE-16407). - commit c1688be ++++ Mesa: - use llvm11 on factory/TW and sle15-sp3/Leap 15.3 ++++ qemu: - Disable linux-user 'ls' test on 32 bit arm. It's failing with "Allocating guest commpage: Cannot allocate memory" error, which we should hunt down, but for now we don't want it to prevent the package from being built ++++ sudo: - Update to 1.9.4 * The sudoers parser will now detect when an upper-case reserved word is used when declaring an alias. Now instead of "syntax error, unexpected CHROOT, expecting ALIAS" the message will be "syntax error, reserved word CHROOT used as an alias name". Bug #941. * Better handling of sudoers files without a final newline. The parser now adds a newline at end-of-file automatically which removes the need for special cases in the parser. * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end where an uninitialized pointer could be freed on an error path. GitHub issue #67. * The core logging code is now shared between sudo_logsrvd and the sudoers plugin. * JSON log entries sent to syslog now use "minimal" JSON which skips all non-essential whitespace. * The sudoers plugin can now produce JSON-formatted logs. The "log_format" sudoers option can be used to select sudo or json format logs. The default is sudo format logs. * The sudoers plugin and visudo now display the column number in syntax error messages in addition to the line number. Bug #841. * If I/O logging is not enabled but "log_servers" is set, the sudoers plugin will now log accept events to sudo_logsrvd. Previously, the accept event was only sent when I/O logging was enabled. The sudoers plugin now sends reject and alert events too. * The sudo logsrv protocol has been extended to allow an AlertMessage to contain an optional array of InfoMessage, as AcceptMessage and RejectMessage already do. * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result in duplicate entries in the debug log when debugging was enabled. * The visudo utility now supports EDITOR environment variables that use single or double quotes in the command arguments. Bug #942. * The PAM session modules now run when sudo is set-user-ID root, which allows a module to determine the original user-ID. Bug #944. * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end where sudoNotBefore and sudoNotAfter were applied even when the SUDOERS_TIMED setting was not present in ldap.conf. Bug #945. * Sudo packages for macOS 11 now contain universal binaries that support both Intel and Apple Silicon CPUs. * For sudo_logsrvd, an empty value for the "pid_file" setting in sudo_logsrvd.conf will now disable the process ID file. - Remove sudo-1.9.3p1-pam_xauth.patch (upstreamed) ++++ virt-manager: - bsc#1179236 - L3: virt-install: "Error validating install location: invalid literal for int() with base 10" reported by virt-install ref:_00D1igLOd._5001iTe00n:ref virtinst-sap-detection.patch ++++ yast2: - Yast::Arch add support to know if code is running in a PV Xen guest (related to bsc#952253, bsc#1172742, and bsc#1179197). - 4.3.45 ++++ yast2-trans: - Update to version 84.87.20201130.b140fdb5f7: * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * New POT for text domain 'registration'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Indonesian) * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) ------------------------------------------------------------------ ------------------ 2020-11-29 - Nov 29 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fix patches metadata - fix Patch-mainline: patches.suse/s390-cpum_sf-c-fix-file-permission-for-cpum_sfb_size patches.suse/s390-dasd-fix-null-pointer-dereference-for-erp-requests patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build - commit c3e5681 - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - commit ae495c3 - crypto: x86 - Rename functions to avoid conflict with crypto/sha256.h (jsc#SLE-16407). - commit 2c4f35b - crypto: sha256 - Fix some coding style issues (jsc#SLE-16407). - commit 07ac84d - crypto: sha256 - Remove sha256/224_init code duplication (jsc#SLE-16407). - crypto: sha256 - Merge crypto/sha256.h into crypto/sha.h (jsc#SLE-16407). - crypto: sha256 - Add missing MODULE_LICENSE() to lib/crypto/sha256.c (jsc#SLE-16407). - crypto: sha256_generic - Switch to the generic lib/crypto/sha256.c lib code (jsc#SLE-16407). - crypto: sha256 - Add sha224 support to sha256 library code (jsc#SLE-16407). - crypto: sha256 - Make lib/crypto/sha256.c suitable for generic use (jsc#SLE-16407). - Refresh patches.suse/crypto-blake2s-generic-c-library-implementation-and-selftest.patch patches.suse/crypto-poly1305-move-core-routines-into-a-separate-library.patch - Update config files. x86_64/default, arm64/default, ppc64le/default, s390x/default - crypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit (jsc#SLE-16407). - crypto: sha256 - Move lib/sha256.c to lib/crypto (jsc#SLE-16407). Refresh patches.suse/crypto-sha256-Move-lib-sha256.c-to-lib-crypto.patch - crypto: sha256_generic - Fix some coding style issues (jsc#SLE-16407). - commit 6bb9a87 ++++ Mesa: - enabled build of radeonsi DRI and VDPAU driver on aarch64 (boo#1179376) ------------------------------------------------------------------ ------------------ 2020-11-28 - Nov 28 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: Blacklist dups from DRM backport v5.9 - commit 712b901 - blacklist.conf: Temporary blacklist for DRM backport v5.9 - commit 7fca26d - Update config files. (for DRM backport v5.9) - commit edca411 - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - commit 767fda0 ------------------------------------------------------------------ ------------------ 2020-11-27 - Nov 27 2020 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Provide service(network) and sysvinit(network) to be an alternative to wicked-service ++++ bcm43xx-firmware: - Introduce firmware files for RPi400: * brcmfmac43456-sdio.bin * brcmfmac43456-sdio.clm_blob * brcmfmac43456-sdio.txt ++++ cockpit: - new version 232 https://cockpit-project.org/blog/cockpit-232.html https://cockpit-project.org/blog/cockpit-231.html ++++ kernel-default: - scatterlist: add generic wrappers for iterating over sgtable objects (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - commit c162a26 - powerpc/perf: Use regs->nip when SIAR is zero (jsc#SLE-13513 bsc#1176919 ltc#186162). - powerpc/perf: Use the address from SIAR register to set cpumode flags (jsc#SLE-13513 bsc#1176919 ltc#186162). - powerpc/perf: Drop the check for SIAR_VALID (jsc#SLE-13513 bsc#1176919 ltc#186162). - powerpc/perf: Add new power PMU flag "PPMU_P10_DD1" for power10 DD1 (jsc#SLE-13513 bsc#1176919 ltc#186162). - powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints (jsc#SLE-13513 bsc#1176919 ltc#186162). - commit 6df36f6 - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - commit 308ebc7 - config: arm64: enable rtc-max77686 driver References: jsc#SLE-15847 - commit 15655cf - supported.conf: clk-max77686: enable for Jetson AGX Xavier References: jsc#SLE-15847 - commit a667bc6 - efi/libstub: Rewrite file I/O routine (jsc#SLE-16407). - Refresh patches.rpmify/powerpc-Blacklist-GCC-5.4-6.1-and-6.2.patch - Refresh patches.suse/efi-libstub-Move-file-I-O-support-code-into-separate.patch. - efi/libstub: Move get_dram_base() into arm-stub.c (jsc#SLE-16407). Refresh patches.rpmify/powerpc-Blacklist-GCC-5.4-6.1-and-6.2.patch patches.suse/efi-libstub-Move-file-I-O-support-code-into-separate.patch - efi/libstub/arm64: Use 1:1 mapping of RT services if property table exists (jsc#SLE-16407). - efi/libstub/arm: Make efi_entry() an ordinary PE/COFF entrypoint (jsc#SLE-16407). Refresh patches.suse/efi-libstub-x86-Permit-cmdline-data-to-be-allocated-.patch - efi/arm: Pass start and end addresses to cache_clean_flush() (jsc#SLE-16407). Refresh patches.suse/efi-arm-Pass-start-and-end-addresses-to-cache_clean_.patch - efi/arm: Work around missing cache maintenance in decompressor handover (jsc#SLE-16407). - ARM: 8942/1: Revert "8857/1: efi: enable CP15 DMB instructions before cleaning the cache" (jsc#SLE-16407). - commit c31bfae - efi/libstub: Move file I/O support code into separate file (jsc#SLE-16407). - efi/libstub: Move efi_random_alloc() into separate source file (jsc#SLE-16407). - efi/libstub/x86: Permit cmdline data to be allocated above 4 GB (jsc#SLE-16407). - efi/libstub: Move stub specific declarations into efistub.h (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/libstub/x86: Permit bootparams struct to be allocated above 4 GB (jsc#SLE-16407). - efi/libstub: Use consistent type names for file I/O protocols (jsc#SLE-16407). - efi/libstub/x86: Incorporate eboot.c into libstub (jsc#SLE-16407). - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - Update config files. The x86_64 eboot.c be moved to libstub, so the patches of EFI securet key should be refactory. I disabled CONFIG_EFI_SECRET_KEY and CONFIG_HIBERNATE_VERIFICATION here, and will refactory patches after EFI backporting then enable the function again. - efi/libstub: Simplify efi_high_alloc() and rename to efi_allocate_pages() (jsc#SLE-16407). - efi/libstub: Move memory map handling and allocation routines to mem.c (jsc#SLE-16407). - efi/libstub/arm: Relax FDT alignment requirement (jsc#SLE-16407). - efi/libstub: Use hidden visibility for all source files (jsc#SLE-16407). - efi/libstub/x86: Avoid overflowing code32_start on PE entry (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/libstub/x86: Remove pointless zeroing of apm_bios_info (jsc#SLE-16407). - efi/apple-properties: Replace zero-length array with flexible-array member (jsc#SLE-16407). - efi/bgrt: Accept BGRT tables with a version of 0 (jsc#SLE-16407). - efi/x86: Mark setup_graphics static (jsc#SLE-16407). - efi/x86: Remove GDT setup from efi_main (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/x86: Don't depend on firmware GDT layout (jsc#SLE-16407). - platform/x86: touchscreen_dmi: Add EFI embedded firmware info support (jsc#SLE-16407). - efi: Add embedded peripheral firmware support (jsc#SLE-16407). - Refresh patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - Update config files. x86_64/default - efi: Export boot-services code and data as debugfs-blobs (jsc#SLE-16407). Refresh patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch - commit 3dd5b5c - drm/amd/display: Change ABM config init interface (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - blacklist.conf: unblacklist patches included in drm v5.9 - drm/amdgpu/swsmu: fix ARC build errors (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix NULL pointer dereference for Renoir (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/mem: guard against NULL pointer access in mem_del (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/device: return error for unknown chipsets (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_dsc.h: fix a kernel-doc markup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Partially revert "video: fbdev: amba-clcd: Retire elder CLCD driver" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: disable gfxoff temporarily for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: setup APU dpm clock table in SMU HW initialization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: remove duplicate call to (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/swsmu/smu12: fix force clock handling for mclk (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: restore proper ref count in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/display: fix CFLAGS setup for DCN30 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix return value check for hdcp_work (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove gpu_info fw support for sienna_cichlid etc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: Removed fixed clock in auto mode DPM (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove experimental flag from navi12 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add device ID for sienna_cichlid (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use the AV1 defines for VCN 3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add VCN 3.0 AV1 registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add the GC 10.3 VRS registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: prevent double kfree ttm->sg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: Fix error handling in get_node (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dmabuf: fix NULL pointer dereference in dma_buf_release() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gvt: Fix port number for BDW on EDID region setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sun4i: mixer: Extend regmap max_register (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sun4i: sun8i-csc: Secondary CSC register correction (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4/vc4_hdmi: fill ASoC card owner (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbcon: Fix user font detection test at fbcon_resize() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: Add missing put_device() call in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: Add exception handing in mtk_drm_probe() if component (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: Add missing put_device() call in mtk_ddp_comp_init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: Use CPU when fail to get cmdq event (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: dsi: Fix scrolling of panel with small hfp or hbp (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Filter wake_flags passed to default_wake_function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Be wary of data races when reading the active execlists (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Reduce context termination list iteration guard to RCU (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Delay tracking the GEM context until it is registered (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Don't log hdcp module warnings in dmesg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: declare ta firmware for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Include sienna_cichlid in USBC PD FW support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: update nv1x stutter latencies (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Don't use DRM_ERROR() for DTM add topology (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: support runtime pptable update for sienna_cichlid etc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: fix a memory leak issue (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/kfd: fix a system crash issue during GPU recovery (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - vgacon: remove software scrollback support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbcon: remove now unusued 'softback_lines' cursor() argument (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: fix OOB read in vga_8planes_imageblit() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: drop virtio_gpu_output->enabled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sun4i: backend: Support alpha property on lowest plane (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sun4i: Fix DE2 YVU handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tve200: Stabilize enable/disable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-buf: fence-chain: Document missing dma_fence_chain_init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-buf: Fix kerneldoc of dma_buf_set_name() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: fix unblank (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sun4i: Fix dsi dcs long write function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Fix driver not probing when IPU port is missing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Fix leak of device_node pointer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sun4i: add missing put_device() call in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: Revert "drm/virtio: Call the right shmem helpers" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: fix regression leading to display audio probe failure on GLK (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: xlnx: dpsub: Fix DMADEVICES Kconfig dependency (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/i915/gem: Delete unused code" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/i915/gem: Async GPU relocations only" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/i915: Remove i915_gem_object_get_dirty_page()" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Disable the RPTR shadow (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Disable preemption on all 5xx targets (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Enable expanded apriv support for a650 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Split the a5xx preemption record (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - xen: add helpers to allocate unpopulated memory (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - memremap: rename MEMORY_DEVICE_DEVDAX to MEMORY_DEVICE_GENERIC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-gp1xx: add WAR for EVO push buffer HW bug (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-gp1xx: disable notifies again after core update (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: add some whitespace before debug message (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/gv100-: Include correct push header in crcc37d.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Clear the repeater bit on HDCP disable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix sha_text population code (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: Ensure that ret is always initialized in icl_combo_phy_verify_state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Fix bug in reporting voltage for CIK (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Specify get_argument function for ci_smu_funcs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: enable MP0 DPM for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: fix is_dpm_running() run error on 32bit system (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - mm/gup: Remove enfornced COW mechanism (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: controlfb: Fix build for COMPILE_TEST=y && PPC_PMAC=n (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix cmd parser desc matching with masks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/omap: fix incorrect lock state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/modeset-lock: Take the modeset BKL for legacy drivers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp_mst: Don't return error code when crtc is null (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: disable runtime pm for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Retry AUX write when fail occurs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Fix buffer overflow in INFO ioctl (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use MODE1 reset for navy_flounder by default (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: correct the thermal alert temperature limit settings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add asd fw check before loading asd (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Keep current gain when ABM disable immediately (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix passive dongle mistaken as active dongle in EDID (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Revert HDCP disable sequence change (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Send DISPLAY_OFF after power down on boot (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: refine mgcg setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: correct Vega20 swctf limit setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: correct Vega12 swctf limit setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: correct Vega10 swctf limit setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: set VCN pg per instances (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/pm: enable run_btc callback for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Reject overlay plane configurations in multi-display (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: use correct scale for actual_brightness (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: should check error using DC_OK (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: fix frequency not always being restored on GMU resume (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: add module param to enable debugbus snapshot (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: fix crashdec section name typo (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: fix gmu start on newer firmware (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: enable vblank during atomic commits (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: add shutdown support for display platform_driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: msm: a6xx: use dev_pm_opp_set_bw to scale DDR (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/gpu: make ringbuffer readonly (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/adreno: fix updating ring fence (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: fix unitialized variable error (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: Fix scale params in plane validation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: Fix reservation failures in modeset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/etnaviv: always start/stop scheduler in timeout processing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/etnaviv: fix external abort seen on GC600 rev 0x19 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/exynos: gem: Fix sparse warning (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbcon: prevent user font height or width change from causing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - treewide: Use fallthrough pseudo-keyword (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - efi: avoid error message when booting under Xen (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl: Make sure TC-cold is blocked before enabling TC AUX power wells (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Avoid passing a random 0 into ilog2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix wrong return value in intel_atomic_check() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Update bw_buddy pagemask table (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: Check for an LPSP encoder before dereferencing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Copy default modparams to mock i915_device (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Provide the perf pmu.module (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gvt: Do not reset pv_notified when vGPU transit from D3->D0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gvt: Do not destroy ppgtt_mm during vGPU D3->D0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/amdgpu: disable gfxoff for navy_flounder" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix pow() crashing when given base 0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Reset scrambling on Test Pattern (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix dcn3 wide timing dsc validation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix DFPstate hang due to view port changed (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Assign correct left shift (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Call DMUB for eDP power control (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: fix the wrong sdma instance query for renoir (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: parse ta firmware for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix NULL pointer access issue when unloading driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix uninit-value in arcturus_log_thermal_throttling_event() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: disable gfxoff for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/display: use GFP_ATOMIC in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Blank stream before destroying HDCP session (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix EDID parsing after resume from suspend (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Switch to immediate mode for updating infopackets (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix LFC multiplier changing erratically (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix incorrect backlight register offset for DCN (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update gc golden register for arcturus (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct Vega20 cached smu feature state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Skip some registers config for SRIOV (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: amdgpu: Use the correct size when allocating memory (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: fix memory leak in virtio_gpu_cleanup_object() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: fix missing dma_fence_put() in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: pwm_bl: Use 64-bit division function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Use 64-bit division macro (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/xen-front: Pass dumb buffer data offset to the backend (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - xen: Sync up with the canonical protocol definition in Xen (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/xen-front: Add YUYV to supported formats (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: revert "drm/ttm: make TT creation purely optional v3" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: fix spelling mistake "Cant" -> "Can't" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: fix spelling mistake "Cound" -> "Could" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx/ldu: Use drm_mode_config_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx/sou: Use drm_mode_config_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx/stdu: Use drm_mode_config_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: Fix two list_for_each loop exit tests (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: Use struct_size() helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: put VCN/JPEG into PG ungate state before dpm table (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update swSMU VCN/JPEG PG logics (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use mode1 reset by default for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/smu: rework i2c adpater registration (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Display goes blank after inst (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Change null plane state swizzle mode to 4kb_s (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use helper function to check for HDMI signal (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: AMD OUI (DPCD 0x00300) skipped on some sink (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix logger context (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: populate new dml variable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Read VBIOS Golden Settings Tbl (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use parameter for call to set output mux (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable GFXOFF for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: Skip tmr load for SRIOV (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix PSP autoload twice in FLR (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update GC golden setting for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update driver if version for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: skip crit temperature values on APU (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix DP Compliance tests 4.3.2.1 and 4.3.2.2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use hw lock mgr (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: dchubbub p-state warning during surface planes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Allow asic specific FSFT timing optimization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Disable idle optimizations before programming DCN (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix dmesg warning from setting abm level (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use proper abm/backlight functions for DCN3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use seperate dmcub firmware for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Check lane status again after link training done (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Don't compare dppclk before updating DTO (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix naming of DSC Debugfs entry (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Rename bytes_pp to the correct bits_pp (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Clean up global sync param retrieval (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/swsmu: allow asic to handle sensor type by itself (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: off by one bugs in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update driver if file for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary message support check(v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update dec ring test for VCN 3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/jpeg3.0: remove extra asic type check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update golden setting for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct smu message for vf mode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add msg map for mode1 reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: skip invalid msg when smu set mp1 state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: remove the dpm checking in the boot sequence (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/amd/powerplay: drop unnecessary message support check" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add printing after executing page reservation to eeprom (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: expand sienna chichlid reg access support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Added orientation quirk for ASUS tablet model T103HAF (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/omap: force runtime PM suspend on system suspend (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tidss: fix modeset init for DPI panels (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: re-add deleted doc for drm_gem_open_ioctl (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: fix offset in VMAs with a pg_offs in ttm_bo_vm_access (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbmem: pull fbcon_update_vcs() out of fb_set_var() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - vgaarb: mark vga_tryget static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: xlnx: zynqmp: Use switch - case for link rate downshift (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: xlnx: Fix typo in parameter description (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: xlnx: fix spelling mistake "failes" -> "failed" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Remove redundant NULL check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/fourcc: fix Amlogic Video Framebuffer Compression macro (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/omap: Use {} to zero initialize the mode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: convert to LE accessors (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - virtio_config: LE config space accessors (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: backlight: cr_bllcd: Remove unused variable 'intensity' (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Make of_find_backlight static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Drop backlight_put() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: Use backlight_get_brightness() throughout (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: jornada720_bl: Introduce backlight_is_blank() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: gpio_backlight: Simplify update_status() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: cr_bllcd: Introduce gpio-backlight semantics (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: as3711_bl: Simplify update_status (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Introduce backlight_get_brightness() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - doc-rst: Wire-up Backlight kernel-doc documentation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Add overview and update existing doc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Drop extern from prototypes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: generic_bl: Remove this driver as it is unused (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Add backlight_is_blank() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Refactor fb_notifier_callback() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: backlight: sky81452-backlight: Fix some kerneldoc issues (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: qcom-wled: Remove unused configs for LED3 and LED4 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: lm3630a_bl: Remove invalid checks for unsigned int < 0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: backlight: Supply description for function args in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: ili922x: Add missing kerneldoc description for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: ili922x: Remove invalid use of kerneldoc syntax (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: ili922x: Add missing kerneldoc descriptions for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: lcd: Add missing kerneldoc entry for 'struct device (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: lms501kf03: Remove unused const variables (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: lms501kf03: Drop unused include (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: Delete the OT200 backlight driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: sky81452: Privatize platform data (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: sky81452: Convert to GPIO descriptors (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - backlight: lm3533_bl: Use kobj_to_dev() instead (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-buf: Remove custom seqcount lockdep class key (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - PCI: Move PCI_VENDOR_ID_REDHAT definition to pci_ids.h (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - vgacon: Fix for missing check in scrollback handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - ASoC: hdmi-codec: merge .digital_mute() into .mute_stream() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - sched: Remove sched_set_*() return value (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - sched,drm/scheduler: Convert to sched_set_fifo*() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - sched,msm: Convert to sched_set_fifo*() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - sched: Provide sched_set_fifo() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: use kthread_create_worker instead of kthread_run (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/mdp5: Add MDP5 configuration for SDM636/660 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dsi: Add DSI configuration for SDM660 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/mdp5: Add MDP5 configuration for SDM630 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dsi: Add phy configuration for SDM630/636/660 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: add A640/A650 hwcg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: hwcg tables in gpulist (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: add SM8250 to hw catalog (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: add SM8150 to hw catalog (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: intf timing path for displayport (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: set missing flush bits for INTF_2 and INTF_3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: don't use INTF_INPUT_CTRL feature on sdm845 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: move some sspp caps to dpu_caps (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: update UBWC config for sm8150 and sm8250 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: use right setup_blend_config for sm8150 and sm8250 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: set ubwc config for A640 and A650 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/adreno: un-open-code some packets (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: sync generated headers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: add build_bw_table for A640/A650 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/a6xx: fix crashstate capture for A650 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Quiet error during failure in optional resource mappings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Garbage collect unused resource _len fields (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: fix/enable 6bpc dither with split-lm (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: msm: a6xx: fix gpu failure after system resume (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: dsi: Use OPP API to set clk/perf state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: Use OPP API to set clk/perf state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: ratelimit crtc event overflow error (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: msm: a6xx: send opp instead of a frequency (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Fix a null pointer access in msm_gem_shrinker_count() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: add support for dither block in display (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/adreno: fix gpu probe if no interconnect-names (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: enumerate second cursor pipe for external interface (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: ensure device suspend happens during PM sleep (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: handle for EPROBE_DEFER for of_icc_get (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: reset devfreq freq_table/max_state before devfreq_add_device (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: fix unbalanced pm_runtime_enable in adreno_gpu_{init, (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Update DRIVER_DATE to 20200715 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Assert the kernel context is using the HWSP (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Trace placement of timeline HWSP (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Remove unused inline function drain_delayed_work() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftest: Fix an error code in live_noa_gpr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dg1: Add fake PCH (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dg1: Remove SHPD_FILTER_CNT register programming (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dg1: add support for the master unit interrupt (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dg1: Add DG1 PCI IDs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dg1: add initial DG-1 definitions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Add has_master_unit_irq flag (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: WARN if max vswing/pre-emphasis violates the DP spec (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/mst: filter out the display mode exceed sink's capability (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/probe_helper: Add drm_connector_helper_funcs.mode_valid_ctx (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Skip signaling a signaled request (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftest: fix an error return path where err is not being (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Always reset the engine, even if inactive, on execlists (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Pull printing GT capabilities on error to err_print_gt (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Be defensive in the face of false CS events (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftest: Check that GPR are restored across noa_wait (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Optimise aliasing-ppgtt allocations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/bios: Parse HOBL parameter (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: Remove port and phy from voltage swing functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: Replace drm_i915_private in voltage swing functions by intel_encoder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl: Implement WAs 18011464164 and 22010931296 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Document FBC related w/as more thoroughly (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Limit WaFbcHighMemBwCorruptionAvoidance to skl and bxt (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Don't do WaFbcTurnOffFbcWatermark for glk (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Move all FBC w/as to .init_clock_gating() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dvo: Make .get_modes() return the number of modes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/sdvo: Make .get_modes() return the number of modes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/sdvo: Make SDVO deal with HDMI pixel repeat (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Reject DRM_MODE_FLAG_DBLCLK with DVI sinks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/sdvo: Implement limited color range for SDVO HDMI properly (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/sdvo: Fix SDVO colorimetry bit defines (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Remove i915_gem_object_get_dirty_page() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Release shortlived maps of longlived objects (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Replace opencoded i915_gem_object_pin_map() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Unpin idle contexts from kswapd reclaim (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Move sseu debugfs under gt/ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: gt-fy sseu debugfs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/sseu: Move sseu_info under gt_info (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/sseu: Move sseu detection and dump to intel_sseu (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Introduce gt_init_mmio (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Move the engine mask to intel_gt_info (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Move engine-related mmio init to engines_init_mmio (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Use the gt in HAS_ENGINE (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Convert device_info to uncore/de_read (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp: Helper to check for DDI BUF status to get active (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp: Helper for checking DDI_BUF_CTL Idle status (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/huc: Adjust HuC state accordingly after GuC fetch error (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/uc: Extract uc usage details into separate debugfs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/hdcp: Fix the return handling of drm_hdcp_check_ksvs_revoked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/hdcp: Update CP as per the kernel internal state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/ehl: Add new PCI ids (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: Implement new combo phy initialization step (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Update dma-attributes for our sg DMA (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix spelling mistake in i915_reg.h (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Don't taint when using fault injection (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Print caller when tainting for CI (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Reboot CI if we get wedged during driver init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/i915/dp: Correctly advertise HBR3 for GEN11+" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Export ppgtt_bind_vma (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Allow FBC to recompress after a 3D workload on i85x/i865 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Enable fbc on i865 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Fix nuke for pre-snb platforms (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Use the correct plane stride (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl: Clamp min_cdclk to max_cdclk_freq to unblock 8K (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/guc: Expand guc_info debugfs with more information (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: do not read swizzle info if unavailable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Split the context's obj:vma lut into its own mutex (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Drop forced struct_mutex from shrinker_taints_mutex (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Only revoke mmap handlers if active (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Only revoke the GGTT mmappings on aperture detiling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: prefer dig_port to reference intel_digital_port (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm/nouveau: don't call tt destroy callback on alloc failure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: ttm_bo_swapout_all doesn't use it's argument (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: drop unusued function declaration (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: make ttm_tt unbind function return void (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/amd/display: Expose connector VRR range via debugfs" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sienna_cichlid: add SMU i2c support (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/navi1x: add SMU i2c support (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/swSMU: remove eeprom from the smu i2c handlers (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/vega20: enable the smu i2c bus for all boards (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove eeprom from the smu i2c handlers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: move i2c bus lock out of ras structure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: retrieve VCN dpm table per instances (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update driver if version for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: fix typos for clk map (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/vcn: merge shared memory into vcpu (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/amdgpu/vcn: add shared memory restore after wake up from (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.95 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: interface to obtain minimum plane size caps (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add additional config guards for DCN (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Call dsc related functions indirectly via dc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Improve compatibility by re-ordering info-packets (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 0.0.25 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Make new dc interface for adding dsc resource (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: rename dsc extended caps as dsc branch decoder caps (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Decouple ABM init from dmcu (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Implement AMD VSIF V3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DSC parameters logging to debugfs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: remove unhelpful 5ms delay (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: do not disable SMU on vm reboot (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add timeout flush mechanism to update wptr for self (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable xgmi support for sienna cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: load asd for sienna cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: tag swSMU code layers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: revise the calling flow on OD table update (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary message support check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move SMC message issuing APIs to smu_cmn.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update the tables init related (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move table setting common code to smu_cmn.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: maximum code sharing around watermarks setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move more APIs to smu_cmn.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: common API for disabling all features with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move ppfeature mask setting to smu_cmn.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: implement smu_cmn_get_enabled_mask() for all ASICs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move dpm feature enablement checking to smu_cmn.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move dpm feature support checking to smu_cmn.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move clock dpm enablement check to smu_v11/v12 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unused code (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: unify swSMU index to asic specific index mapping (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: widely share the API for data table retrieving (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add read amdgpu_gfxoff status in debugfs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: load ta firmware for sienna cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: suppress compile error around BUG_ON (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: Fix CRC-related compile errors with debugfs disabled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fence: use NVIDIA's headers for read() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fence: use NVIDIA's headers for sync() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fence: use NVIDIA's headers for emit() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/svm: use NVIDIA's headers for migrate_clear() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/svm: use NVIDIA's headers for migrate_copy() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/bo: use NVIDIA's headers for move move() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/bo: use NVIDIA's headers for move init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon/nv50-: use NVIDIA's headers for fillrect() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon/nv50-: use NVIDIA's headers for copyarea() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon/nv50-: use NVIDIA's headers for imageblit() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon/nv50-: use NVIDIA's headers for accel_init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core crc_set_ctx() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core crc_set_src() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_or() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_procamp() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_dither() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_ovly() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_base() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_curs_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_curs_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_core_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_core_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_olut_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_olut_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_mode() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core head_view() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core or_get_caps() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core or_ctrl() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core wndw_owner() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core update() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core ntfy_wait_done() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core caps_init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core ntfy_init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for core init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw update() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw blend_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw scale_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw image_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw image_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw xlut_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw xlut_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw csc_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw csc_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw ntfy_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw ntfy_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw ntfy_reset() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw sema_clr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wndw sema_set() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wimm update() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wimm point() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: use NVIDIA's headers for wimm space() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fence: convert sync() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fence: convert emit() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/gem: convert indirect pushbufs to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/chan: convert nvsw init to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: convert nvsw init to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv04-: no need for multiple nvsw objects (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv04: convert page_flip() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv04: convert page_flip_emit() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/svm: convert migrate_clear to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/svm: convert migrate_copy to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/bo: convert move move() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/bo: convert move init() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/bo: split buffer move functions into their own source (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon: convert copyarea() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon: convert fillrect() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon: convert imageblit() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/fbcon: convert accel_init() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: interop with new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: implement proper push buffer control logic (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core crc_set_ctx() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core crc_set_src() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_or() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_procamp() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_dither() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_ovly() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_base() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_curs_clr() to new push (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_curs_set() to new push (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_core_clr() to new push (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_core_set() to new push (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_olut_clr() to new push (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_olut_set() to new push (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_mode() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core head_view() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core or_ctrl() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core wndw_owner() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core update() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core caps_init() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert core init() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw update() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw blend_set() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw scale_set() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw image_clr() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw image_set() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw xlut_clr() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw xlut_set() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw csc_clr() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw csc_set() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw ntfy_clr() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw ntfy_set() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw sema_clr() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wndw sema_set() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wimm update() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: convert wimm point() to new push macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: wrap existing command submission in nvif_push (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: add support for object-level debug output (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every notify object a human-readable name (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every disp object a human-readable identifier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every usermode object a human-readable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every vmm object a human-readable identifier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every mem object a human-readable identifier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every mmu object a human-readable identifier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every device object a human-readable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: give every object a human-readable identifier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvif: rename client ctor/dtor (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/tu102: set (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: Use fallthrough pseudo-keyword (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/mmu: make nvkm_vmm_ctor() static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: fix multiple instances of reference count leaks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/drm/noveau: fix reference count leak in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/sec2/gp102: allow module to load when LSFW is missing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/gr/gm200-: explicitly handle nofw (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/pmu/gm200-: explicitly handle nofw (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/pmu/gm20x: don't pretend we support loading with our (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/acr: store a mask of LS falcons the controlling LSFW can (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/acr: store a mask of LS falcons the HSFW can bootstrap (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/acr: allow module to load when HSFW(s) are missing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/acr: refuse to load LSFW if HSFW is missing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/core: drop error message when no compatible FW found (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/mmu/gp100-: enable mmu invalidate depth optimisation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvfw: firmware structures should begin with nvfw_ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/tmr: fix nvkm_usec/nvkm_msec definitions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/therm/gt215: make gt215_therm_init static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/mmu: make a couple of functions static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/mc/gp10b: make gp10b_mc_init static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/nvfw/acr: make lsb_header_tail_dump static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/gr/gf100-: make some functions static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/disp/gm200-: remove 'head' parameter from (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: mtk_dsi: Create connector for bridges (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: mtk_dsi: Use the drm_panel_bridge API (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: mtk_dsi: Use simple encoder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: mtk_dsi: Convert to bridge driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: mtk_dsi: Rename bridge to next_bridge (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - =?UTF-8?q?drm/tegra:=20plane:=20Support=20180=C2=B0=20rotation?= (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tegra: plane: Support horizontal reflection (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tegra: plane: Rename bottom_up to reflect_y (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tegra: dc: Omit superfluous error message in tegra_dc_probe() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tegra: gr2d: Add tiled PATBASE address register (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tegra: gr3d: Assert reset before power-gating (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tegra: sor: Use correct power supply names for HDMI (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: host1x: debug: Dump push buffer state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: host1x: Put gather's BO on pinning error (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: host1x: Optimize BOs usage when firewall is enabled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: host1x: mipi: Split tegra_mipi_calibrate() and tegra_mipi_wait() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: host1x: mipi: Use readl_relaxed_poll_timeout() in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: host1x: mipi: Update tegra_mipi_request() to be node based (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdkfd: Fix large framesize for kfd_smi_ev_read() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - include/uapi/linux: Update KFD ioctl version (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Provide SMI events watch (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable ih CG for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable hdp CG and LS for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable mc CG and LS for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable athub/mmhub PG for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: set VCN1 pg only for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: add DC support for navy flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: support athub cg setting for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable GFX clock gating for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable JPEG3.0 PG and CG for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable VCN3.0 DPG for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable VCN3.0 PG and CG for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable cp_fw_write_wait for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add vcn ip block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add navy_flounder vcn firmware support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: add gc golden setting for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Add kfd2kgd_funcs for navy_flounder kfd support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Support navy_flounder KFD (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use front door firmware loading for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add psp block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add psp support for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add smu block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/powerplay: add smu support for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add gmc cg support for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: force pa_sc_tile_steering_override to 0 for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: configure navy_flounder gfx according to gfx 10.3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add virtual display support for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add sdma ip block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add gfx ip block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add ih ip block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add gmc ip block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add common ip block for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add support on mmhub for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: initialize IP offset for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/soc15: add support for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: add clockgating support for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gmc10: add navy_flounder support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: add support for navy_flounder firmware (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: set asic family and ip blocks for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: set fw load type for navy_flounder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add navy_flounder gpu info firmware (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add navy_flounder asic type (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: expand to add multiple trap event irq id (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/sriov skip vcn powergating and dec_ring_test (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: correct ta header v2 ucode init start address (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/sriov porting sriov cap to vcn3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/sriov add mmsch_v3 interface (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: optimize rlcg write for gfx_v10 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/sriov skip jped ip block and close pgcg flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unused code around thermal range setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: maximum the code sharing on thermal irq setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: sort the call flow on temperature ranges (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: cache the software_shutdown_temp (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct Sienna Cichlid temperature limit settings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct Navi1X temperature limit settings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct the supported pcie GenSpeed and LaneCount (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary wrapper around pcie parameters (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unused APIs and parameters (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop smu_v12_0.c unnecessary wrapper V2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary wrappers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: apply gfxoff disablement/enablement for all SMU11 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop Sienna Cichlid specific (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary Sienna Cichlid specific APIs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary Navi1x specific APIs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary Arcturus specific APIs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update the common API for performance level (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update UMD pstate clock settings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add new UMD pstate data structure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update Sienna Cichlid default dpm table setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update Navi10 default dpm table setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update Arcturus default dpm table setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: implement a common set dpm table API for smu V11 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add more members for dpm table (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add module parameter choose reset mode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable mode1 reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: RAS emergency restart logic refine (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add SMU mode1 reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: fix kernel-doc and cleanup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: remove an unnecessary NULL check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use ARRAY_SIZE() to add amdgpu debugfs files (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Allow for vblank enabled with no active planes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add missing DCN30 registers and fields for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Reuse parsing code of debugfs write buffer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.94 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 0.0.24 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix dcn3 p_state_change_support validation (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: p-state warning occurs while changing resolution (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: reduce sr_xxx_time by 3 us when ppt disable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Power down hardware if set mode is not called before (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: update dml var (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/powerplay: Target power profile mode should be the second (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix spelling mistake "Falied" -> "Failed" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: minor cleanup of phase1 suspend code (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: put dpm frequency setting common code in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: revise calling chain on retrieving frequency range (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: revise calling chain on setting soft limit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: put setting hard limit common code in smu_v11_0.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unused code and wrapper around clock (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: unshare the code for retrieving current clock (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: bypass wrapper on retrieving current clock (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary wrappers around clock retrieving (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update driver if file for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct the .get_workload_type() pointer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/amd/display: add mechanism to skip DCN init" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix CSC remap matrix not being applied on dcn30 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use VUPDATE_NO_LOCK instead of VUPDATE for dcn30 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable gpu recovery for sienna cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove unnecessary logic of ASIC check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu/drm: Remove debug info about CPU address (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add missing CW4 programming for DCN30 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in mmhub v9.4 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in mmhub v2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in mmhub v1 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in gfxhub v2.1 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in gfxhub v2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in gfxhub v1 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in VCN2/JEPG2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in UVD7/VCE4 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in VCN1/JEPG1 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in GMC10 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use register distance member instead of hardcode in GMC9 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add register distance members into vmhub structure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Remove redundant kfd2kgd interface lookup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Refresh patches.suse/drm-iommu-change-type-of-pasid-to-u32.patch. - drm/amdgpu: Move the mutex lock/unlock out (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add missing reg mask for dcn3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add logger for SMU msg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Request PHYCLK adjustment on PHY enable/disable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.93 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 0.0.23 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Remove VSC infoframe dep on DMCU (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Send VSIF on unsupported modes on DAL (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Register init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add diags scaling log by default (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix coding error of mmhub pg enablement (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use RREG32_KIQ to read register when get cg state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: updated ta ucode loading (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: updated ta ucode header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: remove redundant initialization of variable result (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/atomfirmware: update vram info handling for renoir (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/atomfirmware: update to latest integratedinfotable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: fix compile error with ARCH=arc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Create plane rotation property (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Add Arcturus GWS support and fix VG10 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/amdgpu: support access regs outside of mmio bar" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: make IB test synchronize with init for SRIOV(v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Update hardware scheduling time quanta (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Enable 4 to 1 mpc combine for max detile use (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.92 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add register key and status for edid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.22 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix incorrect rounding for 10Hz refresh range (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.21 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: check dpcd read status of DP_DOWNSTREAM_PORT_0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Handle SMU msg response (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.20 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Preserve gpu memory allocation for life of dc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Initialize psr debug flags to 0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: correct discovery_tmr_size init val (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary "@" on OD sysfs output (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update driver if file for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: change method to set board parameters (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: reduce ip discovery data reading size (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: merge atombios init block (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: invoke req full access early enough (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: move reg base init forward for soc15 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: request init data in virt detection (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Let KFD use more VMIDs on Arcturus (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Clean up KFD VMID assignment (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: SI support for UVD and VCE power managment (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: SI support for VCE clock control (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: SI support for UVD clock control (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: xlnx: DRM/KMS driver for Xilinx ZynqMP DisplayPort Subsystem (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dmaengine: Add support for repeating transactions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Refresh patches.suse/dmaengine-cookie-bypass-for-out-of-order-completion.patch. - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/etnaviv: Simplify clock enable/disable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/etnaviv: Make the "core" clock mandatory (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/etnaviv: Don't ignore errors on getting clocks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/etnaviv: Fix error path on failure to enable bus clk (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: imx-tve: Delete an error message in imx_tve_bind() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: ipu-v3: image-convert: Wait for all EOFs before completing a (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - gpu: ipu-v3: Restore RGB32, BGR32 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: imx-ldb: Disable both channels for split mode in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: parallel-display: move panel/bridge detection to fail early (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: imx-ldb: remove useless enum (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: drop useless best_encoder callback (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: tve: fix regulator_disable error path (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: parallel-display: Adjust bus_flags handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: fix use after free (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-fence: Make symbol 'dma_fence_lockdep_map' static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Use spin_(un)lock_irq() in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Use spin_(un)lock_irq() in drm_queue_vblank_event() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Use spin_(un)lock_irq() in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Use spin_(un)lock_irq() in drm_crtc_vblank_on() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Use spin_(un)lock_irq() in drm_crtc_vblank_reset() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/qxl: stop using TTM_MEMTYPE_FLAG_MAPPABLE v2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: stop using TTM_MEMTYPE_FLAG_MAPPABLE (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: stop using TTM_MEMTYPE_FLAG_MAPPABLE (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: remove TTM_MEMTYPE_FLAG_CMA (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: cleanup coding style and implementation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: remove io_reserve_fastpath flag (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: cleanup io_mem interface with nouveau (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: remove optional dummy function from drivers using TTM (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-fence: prime lockdep annotations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-fence: basic lockdep annotations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vram-helper: stop using TTM_MEMTYPE_FLAG_MAPPABLE (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: Replace HTTP links with HTTPS ones (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Replace HTTP links with HTTPS ones (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mxsfb: drop unused function parameter (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mxsfb: Make supported modifiers explicit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: core: Convert device logging to drm_* functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i810: switch from 'pci_' to 'dma_' API (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Use managed MM initialization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Initialize DRAM type before posting GPU (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Move VRAM size detection to ast_mm.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Use managed VRAM-helper initialization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Rename ast_ttm.c to ast_mm.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vram-helper: Managed vram helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Silence uninitialized-variable warning (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Bump driver to version 1.1 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Support multiple panels/bridges (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Add support for the IPU (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Add support for OSD mode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Use dmam_alloc_coherent() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Move register definitions to ingenic-drm.h (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Set DMA descriptor chain address in probe (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Add missing CR in debug strings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Rename ingenic-drm.c to ingenic-drm-drv.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Fix incorrect assumption about plane->index (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nvd9-: Fix disabling CRCs alongside OR reprogramming (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nvd9-: Add CRC support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: Move hard-coded object handles into header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: Expose nv50_outp_atom in disp.h (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv140-: Track wndw mappings in nv50_head_atom (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv50-: Fix disabling dithering (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau/kms/nv140-: Don't modify depth in state during atomic (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Add vblank works (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Use spin_(un)lock_irq() in drm_crtc_vblank_off() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: Register drmm cleanup action once per drm_vblank_crtc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tidss: Replace HTTP links with HTTPS ones (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vboxvideo: Replace HTTP links with HTTPS ones (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel-simple: Add 50 Hz mode to the Frida FRD350H54004 panel (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel-simple: Fix inverted V/H SYNC for Frida FRD350H54004 panel (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_rect.h: delete duplicated word in comment (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: msm_drm.h: delete duplicated words in comments (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: i915_drm.h: delete duplicated words in comments (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_mode_config.h: delete duplicated words in comments (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_gem.h: delete duplicated words in comments (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_bridge.h: delete duplicated word in comment (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_atomic.h: delete duplicated word in comment (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: Remove open-coded commit-tail function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tilcdc: Use standard drm_atomic_helper_commit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Inline mga_crtc_{prepare, commit}() into enable function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Rename G200WB prepare/commit function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Set/clear field in display enable/disable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Split DPMS function into helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Don't set or clear field during modeset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Move PLL setup out of mode-setting function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Don't write-protect CRTC 0-7 while in mga_crtc_prepare() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: sil_sii8620: initialize return of sii8620_readb (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: stop allocating dummy GTT nodes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: further cleanup ttm_mem_reg handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: radeon: fix common struct sg_table related issues (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: amdgpu: fix common struct sg_table related issues (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/lima: Expose job_hang_limit module parameter (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vkms: change the max cursor width/height (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: auo,b116xw03: fix flash backlight when power on (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: fb-helper: Convert logging to drm_* functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: mipi-dsi: Convert logging to drm_* functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: Replace HTTP links with HTTPS ones (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: dw-hdmi: Always add the bridge in the global bridge list (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: dw-hdmi: Don't cleanup i2c adapter and ddc ptr in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: Replace HTTP links with HTTPS ones (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbdev: sm712fb: set error code in probe (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbdev: da8xx-fb: go to proper label on error handling paths in probe (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: vt8623fb: Constify static vga_regsets (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - omapfb: dss: Fix max fclk divider for omap36xx (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: savage: fix memory leak on error handling path in probe (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbdev/fb.h: Use struct_size() helper in kzalloc() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - fbcon: Use array3_size() helper in scr_memcpyw() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: amifb: add FIXMEs about {put,get}_user() failures (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: amifb: add FIXME about dead APUS support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/edid: Clean up some curly braces (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/edid: Iterate through all DispID ext blocks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/edid: Allow looking for ext blocks starting from a specified index (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp: Include the AUX CH name in the debug messages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/stm: repair runtime power management (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/stm: ltdc: remove call of pm-runtime functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: overlay: fix build failure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Initialize mode setting in ast_mode_config_init() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Use managed mode-config init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Replace struct ast_crtc with struct drm_crtc (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Init cursors before creating modesetting structures (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Managed cursor release (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Keep cursor HW BOs mapped (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Add helper to hide cursor (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Don't enable HW cursors twice during atomic update (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Replace ast_cursor_move() with ast_cursor_show() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Move cursor pageflip into helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Update cursor image and checksum from same function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Move cursor fb pinning and mapping into helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Pass struct ast_private instance to cursor init/fini (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Move cursor functions to ast_cursor.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Remove the feed_txp tests (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: txp: Turn the TXP into a CRTC of its own (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Move the txp_armed function to the TXP (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Move the CRTC initialisation to a separate function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Only access the PixelValve registers if we have to (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Split CRTC data in two (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Make state functions public (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Move HVS setup code to the HVS driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: Reorder the bind order of the devices (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: Convert register accessors to FIELD_* (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_fourcc: Add generic alias for 16_16_TILE modifier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/hisilicon: Code refactoring for hibmc_drv_vdac (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: crtc: handle commit of Amlogic FBC frames (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: overlay: setup overlay for Amlogic FBC Scatter Memory (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: overlay: setup overlay for Amlogic FBC Memory Saving mode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: overlay: setup overlay for Amlogic FBC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: add Amlogic Video FBC registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/fourcc: Add modifier definitions for describing Amlogic Video (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: Use __drm_atomic_helper_crtc_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: Use __drm_atomic_helper_crtc_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mtk: Use __drm_atomic_helper_crtc_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: Use __drm_atomic_helper_crtc_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Use __drm_atomic_helper_crtc_reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/atomic-helper: reset vblank on crtc reset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm : Insert blank lines after declarations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-buf: fix dma-fence-chain out of order test (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "dma-buf: Report signaled links inside dma-fence-chain" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix the old vs. new epoch counter check during hotplug (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/hisilicon: Use drmm_kzalloc() instead of devm_kzalloc() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: st7703: Assert reset prior to powering down the regulators (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: st7703: Enter sleep after display off (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: st7703: Add support for Xingbangda XBD599 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: st7703: Move generic part of init sequence to enable callback (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: st7703: Move code specific to jh057n closer together (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: st7703: Prepare for supporting multiple panels (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: st7703: Rename functions from jh057n prefix to st7703 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: rocktech-jh057n00900: Rename the driver to st7703 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/drm_connector: use inline comments for drm_bus_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/drm_connector: drop legacy drm_bus_flags values (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: panel-simple: drop use of legacy drm_bus_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: novatek-nt39016: drop use of legacy drm_bus_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: raydium-rm67191: drop use of legacy drm_bus_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic-drm: drop use of legacy drm_bus_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tidss: drop use of legacy drm_bus_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/of: Make drm_of_find_panel_or_bridge() to check graph's presence (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - of_graph: add of_graph_is_present() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: panel: simple: Warn in case of incorrect bus format for LVDS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: panel: simple: Drop drive/sample bus flags for LVDS panels (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: panel: simple: Correct bus format for Satoz SAT050AT40H12R2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: panel: simple: Correct connector type for Starry KR070PE2T (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Send hotplug event if edid had changed (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Introduce epoch counter to drm_connector (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Add helper to compare edids (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: pl111: Absorb the external register header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: amba-clcd: Retire elder CLCD driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: pl111: Credit where credit is due (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: make TT creation purely optional v3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: cleanup ttm_mem_type_manager_func.get_node interface v3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/connector: fix minor typos in comments (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: use mipi_dsi_dcs_write_buffer where possible (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dsi: use stack buffer in mipi_dsi_dcs_write() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/zte: remove unneeded semicolon (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel-simple: Add missing BUS descriptions for some panels (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel-simple: Correct EDT ET057090DHU connector type (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ttm: do not keep GPU dependent addresses (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/scheduler: improve job distribution with multiple queues (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: don't use ttm bo->offset v3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vmwgfx: don't use ttm bo->offset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: ensure bridge suspend happens during PM (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Update DRIVER_DATE to 20200702 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Move the heartbeat into the high priority system wq (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Harden the heartbeat against a stuck driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp: Correctly advertise HBR3 for GEN11+ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix g4x fbc watermark enable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/icl+: Simplify combo/TBT PLL calculation call-chain (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl+: Fix TBT DPLL fractional divider for 38.4MHz ref clock (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Move obj->lut_list under its own lock (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: remove alias to dig_port (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Add PSR2 selective fetch registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Reorder intel_psr2_config_valid() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Add plane damage clips property (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Avoid kmalloc under i915->mm_lock (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Suppress spurious underruns on gen2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Reduce fbc1 compression interval to 1 second (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Store the fbc1 compression interval in the params (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Parametrize FBC_CONTROL (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/fbc: Don't clear busy_bits for origin==GTT (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: fix missing null check on allocated dsb object (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: fix a couple of spelling mistakes in kernel parameter help (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: HDCP: retry link integrity check on failure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Clamp linetime wm to <64usec (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gen12: implement Wa_14011508470 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Extend Wa_14010685332 to all ICP+ PCH's (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix DP_TRAIN_MAX_{PRE_EMPHASIS,SWING}_REACHED handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp_mst: Enable VC payload allocation after transcoder is enabled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp_mst: Clear the ACT sent flag during encoder disabling too (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp_mst: Clear only the ACT sent flag from DP_TP_STATUS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp_mst: Move clearing the ACT sent flag closer to its polling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp_mst: Disable link training fallback on MST links (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl+: Use the correct DP_TP_* register instances in MST encoders (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/params: switch to device specific parameters (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Replace manual kmap_atomic() with pin_map for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gvt: Drop redundant prepare_write/pin_pages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Show the culmative runtime as part of the engine info (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Initialise rps timestamp (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/query: Use struct_size() helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Always report the sample time for busy-stats (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Enable selftesting of busy-stats (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: fix spelling mistake "submited" -> "submitted" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Check preemption rollback of different ring queue (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Use friendly request names for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Exercise far preemption rollbacks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Remove redundant i915_request_await_object in blit clears (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Mark up inline getters as taking a const i915_request (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Fix inconsistent IS_ERR and PTR_ERR (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Don't flush the tasklet if not setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Add a safety submission flush in the heartbeat (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Dump engine state and trace upon hanging after (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Disable preemptive heartbeats over preemption (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Flush gen3 relocs harder, again (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Trim execlists runtime (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/execlists: Lift opportunistic process_csb to before engine (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Leave vma intact as they are discarded (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Remove live_suppress_wait_preempt (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp_mst: Fix disabling MST on a port (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix the i915_dsc_fec_support debugfs file for DP MST connectors (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Include context status in debug dumps (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Teach hang-self to target only itself (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Don't try to read out DSI transcoders (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Update TGP's pin mapping when paired with RKL (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: RKL uses ABOX0 for pixel transfers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Make the hanging request non-preemptible (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Adjust the sentinel assert to match implementation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/i915: Remove unneeded hack now for CDCLK" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/psr: Program default IO buffer Wake and Fast Wake (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Restore DP-E to VBT mapping table (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Delete unused code (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Correct discard i915_vma_compare assertion (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Discard a misplaced GGTT vma (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Always check to enable timeslicing if not submitting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Set timeslicing priority from queue (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Include the engine's fw-domains in the debug info (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix comments mentioning typo in IS_ENABLED() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Async GPU relocations only (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Add psr_safest_params (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Disable PSR2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Don't try to access transcoder D (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Setup ports/phys (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl: Add HBR and HBR2+ voltage swing table (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix wrong CDCLK adjustment changes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Handle comp master/slave relationships for PHYs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Add DDC pin mapping (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: provide port/phy mapping for vbt (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Set transcoder mask properly (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Track if an engine requires forcewake w/a (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Trim set_timer_ms() intervals (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl: Implement WA_16011163337 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Exercise all copy engines with the blt routines (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Replace some hand rolled max()s (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Reverse preemph vs. voltage swing preference (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Add {preemph,voltage}_max() vfuncs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix ivb cpu edp vswing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix ibx max vswing/preemph (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix cpt/ppt max pre-emphasis (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Drop i915_request.i915 backpointer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Suppress the error message for GT init failure on error (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Make the CTX_TIMESTAMP readable on !rcs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Identify Cometlake platform (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Ignore autoincrementing timestamp on verfifying whitelists (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dsi: Dont forget to clean up the connector on error (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/params: prevent changing module params runtime (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Move legacy context wa to intel_workarounds (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Split low level gen2-7 CS emitters (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/tgl: Update TC DP vswing table (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Trim the ironlake+ irq handler (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Relinquish forcewake immediately after manual grouping (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Handle very early engine initialisation failure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Add Plane color encoding support for YCBCR_BT2020 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Give each object class a friendly name (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Taint all shrinkable object locks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Add a few asserts around handling of (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Replace I915_MODE_FLAG_INHERITED with a boolean (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Stop using mode->private_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Start timeslice on partial submission (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Don't declare hangs if engine is stalled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Remove local entries from GGTT on suspend (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Restore both GGTT bindings on resume (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Clear LOCAL_BIND from shared GGTT on resume (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Improve execute_cb struct packing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/execlists: Shortcircuit queue_prio() for no internal levels (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Force the GT reset on shutdown (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: Fix early deref of 'dsb' (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Stop cross-polluting PIN_GLOBAL with PIN_USER with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Suppress some random warnings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Cancel the flush worker more thoroughly (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dsb: Pre allocate and late cleanup of cmd buffer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix includes and local vars order (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/ehl: Extend w/a 14010685332 to JSP/MCC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Remove unneeded hack now for CDCLK (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Adjust CDCLK accordingly to our DBuf bw needs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Introduce for_each_dbuf_slice_in_mask macro (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Plane configuration affects CDCLK in Gen11+ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Check plane configuration properly (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Extract cdclk requirements checking to separate function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Decouple cdclk calculation from modeset checks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Remove PIN_UPDATE for i915_vma_pin (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Flush the submission, not cancel it! (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Measure CS_TIMESTAMP (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/ehl: Wa_22010271021 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: RKL only uses PHY_MISC for PHY's A and B (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Add power well support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Limit number of universal planes to 5 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Update memory bandwidth parameters (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Add PCH support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Load DMC firmware for Rocket Lake (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Re-use TGL GuC/HuC firmware (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/rkl: Add RKL platform info and PCI ids (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Kick virtual siblings on timeslice out (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Add tests for timeslicing virtual engines (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Check for an initial-breadcrumb in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Change priority overflow detection (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Measure dispatch latency (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/runtime_pm: Prefer drm_WARN* over WARN* (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/pm: Prefer drm_WARN_ON over WARN_ON (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/pmu: Prefer drm_WARN_ON over WARN_ON (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/i915_drv: Prefer drm_WARN_ON over WARN_ON (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Prefer drm_WARN* over WARN* (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display/tc: Prefer drm_WARN_ON over WARN_ON (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display/sdvo: Prefer drm_WARN* over WARN* (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display/dp: Prefer drm_WARN* over WARN* (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display/display_power: Prefer drm_WARN_ON over WARN_ON (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Read out hrawclk on all gen3+ platforms (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Document our lackluster FSB frequency readout (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix 400 MHz FSB readout on elk (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/display: Return error from dbuf allocation failure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix dbuf slice mask when turning off all the pipes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gt: Reuse the tasklet priority for virtual as their siblings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/selftests: Refactor sibling selection (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/gem: Retry faulthandlers on ENOSPC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Clean up dbuf debugs during .atomic_check() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Move the dbuf pre/post plane update (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Nuke skl_ddb_get_hw_state() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Introduce proper dbuf state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Unify the low level dbuf code (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Polish some dbuf debugs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Make skl_compute_dbuf_slices() behave consistently for all platforms (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Protect overlay colorkey macro arguments (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Enable pipe gamma for the overlay (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Configure overlay cc_out precision based on crtc gamma config (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix overlay colorkey for 30bpp and 8bpp (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Fix max cursor size for i915g/gm (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable runtime pm on vega10 when noretry=0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: rework runtime pm enablement for BACO (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: call release_firmware() without a NULL check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Fix circular locking dependency warning (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/radeon: fix array out-of-bounds read and write issues (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: ensure 0 is returned for success in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: make sure to reserve tmr region on all asics which (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: return current DCEFCLK on sysfs read (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/powerplay: fix compilation warning (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.91 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.19 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: DP link layer test 4.2.1.1 fix due to specs update (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: allow query ddc data over aux to be read only (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Compare v_front_porch when checking if streams are (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: enable seamless boot for dcn30 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Red screen observed on startup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Allow 4 split on 10K 420 modes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: VSC SDP supported for SST (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fill in dmub_srv fw_version from firmware metadata (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Force ODM combine on 5K+ 420 modes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix 4to1 odm MPC_OUT_FLOW_CONTROL_COUNT (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: use dispclk AVFS for dppclk (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: add mechanism to skip DCN init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fine tune logic of edid max TMDS clock check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Added local_sink null check before access (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: clip plane rects in DM before passing into DC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.90 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.18 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Correctly respond in psr enablement interface (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix DML failures caused by doubled stereo viewport (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: enable assr (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: implement edid max TMDS clock check in DC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.17 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fixed using wrong eDP power sequence function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix calculation of virtual channel payload (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.16 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use dmub fw to lock pipe, cursor, dig (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD enabled on Verde, Tahiti, Pitcairn (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD enable for Oland (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD add uvd_v3_1 to makefile (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD context rreg/wreg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD v3_1 (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD PACKET_TYPE0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm amdgpu: SI UVD add firmwares (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/uvd3.x: fix register definition warnings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix compilation error on allmodconfig (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix unused variable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: sdma v5_2 ring bo mem leak (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove perf level dpm in one-VF (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add XGMI support for sienna cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: restrict the hw sched jobs number to power of two (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Update bounding box states (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove redundant initialization of variable ret (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove unused functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/display: properly guard the calls to swSMU functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/vcn2.0: fix no previous prototype for functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/vcn1.0: fix no previous prototype for functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/pm: fix ref count leak when pm_runtime_get_sync fails (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/debugfs: fix ref count leak when pm_runtime_get_sync fails (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: label internally used symbols as static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/powerplay: label internally used symbols as static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: label internally used symbols as static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: label internally used symbols as static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/jpeg2.0: fix no previous prototype for functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/jpeg1.0: fix no previous prototype for functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: fix ref count leak when pm_runtime_get_sync fails (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/fence: fix ref count leak when pm_runtime_get_sync fails (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/debugfs: fix memory leak when (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/debugfs: fix memory leak when pm_runtime_get_sync failed (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: vcn_v2_5_mc_resume_dpg_mode() can be static (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix compiler warning (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/smu: unify smu ppt callback macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/smu: unify pptable_func{} callback interface (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Update DCN3 bounding box (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove distinction between explicit and implicit sync (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: Fix offset for SQ_DEBUG_STS_GLOBAL on gfx10 (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/radeon: fix multiple reference count leak (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx9: Fix incorrect firmware size calculation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Fix reference count leaks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Add eviction debug messages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: Fix SQ_DEBUG_STS_GLOBAL* registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Get num_chans from VBIOS table (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd: add missing fill of the array`s first element (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Reconfigure ULV for gfx9 server SKUs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.89 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.15 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Not doing bios data pack (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: not reset dmub in driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Disable pipe split for modes with borders (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: change global buffer to local buffer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Improve DisplayPort monitor interop (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Enable use of dmub iff dmcu is disabled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: make calculate watermarks a function pointer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add helper to convert DC status (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: add support for per-state dummy-pstate latency (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Revert "DP link layer test 4.2.1.1 fix due to specs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: remove unnecessary mpcc updates (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: runtime select dmub emulatior (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Passing initial SDP deadline to dmub (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Force delay after DP receive power up (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.88 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.14 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: update audio wall clock programming (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix VBA chroma calculation for pipe splitting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Revert "enable plane if plane_status changed" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Remove unused macro from dcn21 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Use u16 for drm_bpp in DSC calculations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Move call to disable DPG (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.13 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix incorrect dcn1 bandwidth calculations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: correct alpha_en programming for new pixel format (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: Add SQ_DEBUG_STS_GLOBAL* registers/bits (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/jpeg: fix race condition issue for jpeg start (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sriov: Need to clear kiq position (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sriov: Disable pm for multiple vf sriov (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sriov: Add clear vf fw support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix the nullptr issue as for PWR IP not existing in (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Fix a buffer overflow handling the serial number (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: maximum code sharing on sensor reading (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: revise the calling chain on sensor reading (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary SMU_MSG_GetDpmClockFreq check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary wrapper .populate_smc_tables (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop redundant .set_min_dcefclk_deep_sleep API (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd: correct trivial kernel-doc inconsistencies (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: Add SQ debug registers to GFX9/GFX10 headers (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: handle return value of amdgpu_driver_load_kms (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move maximum sustainable clock retrieving to (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add check for power limit OD support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct power limit retrieving based on current (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unused code around power limit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: simplify the code around setting power limit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: simplify the code around retrieving power limit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: maximize code sharing around power limit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary get_pptable_power_limit wrappers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: correct the APIs' naming (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unnecessary wrappers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop dead vce powergate code (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add error messages on some critical paths (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: forbid to use pr_err/warn/info/debug (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: use MGPU friendly err/warn/info/dbg messages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/soc15: fix nullptr issue in soc15_read_register() for reg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix indenting in dcn30_set_output_transfer_func() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: skip BAR resizing if the bios already did it (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: use the same interval as PMFW on retrieving (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update how to use metrics table on Sienna Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update how to use metrics table on Navi10 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update how to use metrics table on Arcturus (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: drop duplicated .dsc_pg_control for dcn30 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: drop duplicated structure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update driver if file for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update powerplay table for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add smu v11_0_7 pptable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move powerplay table operation out of smu_v11_0.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: support reserve bad page for virt (v3) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: use work queue to perform throttling logging (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: skip BACO feature on DPMs disablement (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add firmware cleanup on sw_fini (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move amdgpu_irq_src to the smu structure (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: maximize code sharing between .hw_fini and (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: better namings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: sort those operations performed in hw setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: maximize code sharing between .hw_init and .resume (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: move those operations not needed for resume out (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: postpone operations not required for hw setup to (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: clean up the overdrive settings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: clean up the APIs for pptable setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: clean up the APIs for bootup clocks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: centralize all buffer allocation in sw_init phase (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: implement a common API for dpms disablement (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop unused APIs and unnecessary checks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: eliminate asic type check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix spelling mistake: "propogation" -> "propagation" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/fence: use the no_scheduler flag (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Revert "drm/[radeon|amdgpu]: Replace one-element array and use struct_size() helper" (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Only actually breakpoint if DEBUG_KERNEL_DC is (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: use existed smu_dpm_set* interfaces to implement (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: temporarily read bounding box from gpu_info fw for navi12 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 to Kconfig (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 blocks to Makefile (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/display: fix build without CONFIG_DRM_AMD_DC_DCN3_0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix and simplify pipe split logic for DCN3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Enable DM block for DCN3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Remove Unused Registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Handle RGBE_ALPHA Pixel Format (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Init function tables for DCN3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 VPG (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 AFMT (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 Command Table Helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 Resource (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 Support in DM (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 HWSEQ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 DMUB (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 GPIO (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 IRQ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 DML (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 DWB (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 MMHUBHUB (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 HUBP (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 HUBHUB (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 DPP (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 MPC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 OPP header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 OPTC (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 DCCG (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 CLK_MGR (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 DIO (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DCN3 chip ids (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: bypass tmr when reserve c2p memory (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove unnecessary check for mem train (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: support memory training for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: reserve fb according to return value from vbios (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: let PMFW to handle the features disablement on (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop sienna_cichlid hardcode of using pptable (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update smu function for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update golden setting for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/psp: support for loading PSP SPL fw (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/psp: initialization PSP SPL fw (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/psp: add structure to support PSP SPL (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: show gfxclk=0 in gfxoff state (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable gfxoff for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: disable gfxoff to retrieve gfxclk (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: support mclk socclk limit value set for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sriov : Add sriov detection for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: only use one gfx pipe for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: drop jpeg instance1 dpm setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: disable runtime pm for sienna_cichlid temporarily (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable fw ctf (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: skip GPU scheduler setup for KIQ and MES ring (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable VDDCI and MVDD for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: append pptable for sienna_cichlid (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: and smc dpm info struct for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sriov : Use kiq to do tlb invalidation for gfx10 on sriov (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable ULCK DS for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/vcn3.0: schedule instance 0 for decode and 1 for encode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: add no scheduler flag for mes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable DPG mode for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add workaround for issue in DPG for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: rename macro for VCN2.0 2.5 and 3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: rename macro for VCN1.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add internal reg offset translation for VCN inst 1 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: set indirect sram mode for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add pause DPG mode for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add stop DPG mode for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add start DPG mode for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add mc resume DPG mode for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add clock gating DPG mode for VCN3.0 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/am/powerplay: enable OUT OF BAND MONITER for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable RSMU SMN PG for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update golden setting for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: bundle GPO with gfx DPM (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable GPO (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable mmhub pg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable athub pg (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: skip VM inv eng assignment for mes ring (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes: allocate memory slots for hw resource setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes: add status fence memory definitions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes: update mes fw api (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add function to get power limit for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable APCC DFLL for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable BACO for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Sienna_Cichlid don't enable SMU for SRIOV (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable MM DPM PG for sienna_cichlid (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix typo for vcn3/jpeg3 idle check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable FCLK DS for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable VR0HOT for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: sienna_cichlid virtual function support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Support debugger in Navi1x trap handler (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Support newer assemblers in gfx10 trap handler (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Add Sienna_Cichlid trap handler support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Support Sienna_Cichlid KFD v4 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/dc: Add missing Sienna_Cichlid chip id (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable 3D pipe 1 on Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix SDMA hdp flush engine conflict (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Enable Multi Media Hub (MMHUB) Clock Gating for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: add athub ls support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: add IH cg support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: add HDP mgcg and ls support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: fix the HDP LS/DS/SD programming (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update golden setting for gfx10.3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: set the LMI ctrl and reset earlier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix the PSP front door loading VCN firmware (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: change the offset for VCN FW cache window (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: open GFX clock gating for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: switch to query reserved fb size from vbios (v3) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add atomfirmware helper funciton to query reserved fb (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add firmware_info v3_4 structure for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: only send one sdma firmware for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: drop gfx_v10_0_tiling_mode_table_init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: support query vram info for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add vram_info v2_5 in atomfirmware header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: disable gfxoff for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add cp firmware backdoor loading triger (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: force pa_sc_tile_steering_override to 0 for gfx10.3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: add gc golden setting for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable JPEG3.0 for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable JPEG3.0 PG and CG for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add Sienna_Cichlid JPEG PG and CG support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add JPEG3.0 support for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable VCN3.0 for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add Sienna_Cichlid VCN to the VCN family (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable VCN3.0 PG and CG for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add Sienna_Cichlid VCN PG and CG support (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add VCN3.0 support for Sienna_Cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes: correct register offset for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update the num of queue per pipe for mec on (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add mes block to sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: update mes initialization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: no need to set up GPU scheduler for mes ring (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/psp: convert amdgpu mes ucode type (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: upload mes firmware to gpu buffer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: copy mes fw info into global fw array (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: add sienna_cichlid mes firmware support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: implement setting hardware resources (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: implement querying the scheduler status (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: implement removing hardware queue (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: implement adding hardware queue (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: add the helper function for mes command (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: add the mes fw api (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: enable the mes ring during initialization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: install mes queue via kiq (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: install mes queue by register programming (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: initialize the mqd (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: allocate mqd buffer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: implement the ring functions of mes specific (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: initialize the software part of mes ring (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes10.1: allocate the eop buffer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/mes: update some mes definitions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: avoid dereferencing a NULL pointer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add the ring type definition of MES (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: assign the doorbell index to mes ring (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add 2rd VCN instance doorbell support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add psp block load condition for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add gmc cg support for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add support for athub v2.1 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Use variable instead of constant for sdma doorbell range (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: update SDMA 5.2 microcode init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: enable psp ip block for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: skip for reroute ih for sienna_cichlid psp ring init (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/psp: add psp support for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: skip ASD fw load for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/powerplay: add smu block for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable PPT and TDC for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: support to get power index for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable Fan control for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable GFX SS for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable LCLK DPM for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: support to print pcie levels for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: support pcie value set and update for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable DCEFCLK DPM and DS for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: Enable SOCCLK ULV for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: make gfx ds can be configure for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/powerplay: set UCLK DPM for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/powerplay: set Thermal control for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable SOC Clock Deep Sleep for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable Graphics Clock Deep Sleep for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable Ultra Low Voltage for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: set FCLK DPM for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: set SOCCLK DPM for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add support to set performance level for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/powerplay: add initial swSMU support for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add virtual display support for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: change register configure for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: correct SDMA3 IH clinet id for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add sdma ip block for sienna_cichlid (v5) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add sdma2 and sdma3 irqsrc header files for (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add gfx ip block for sienna_cichlid (v3) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add ih ip block for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add gmc ip block for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add support gfxhub for sienna_cichlid (v3) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add support on mmhub for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/soc15: add common ip block for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: initialize IP offset for sienna_cichlid (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/soc15: add support for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: add clockgating support for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gmc10: add sienna_cichlid support (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: add support for sienna_cichlid firmware (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: set asic family and ip blocks for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: set fw load type for sienna_cichlid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add sienna_cichlid gpu info firmware v2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add sienna_cichlid asic type (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add dcn30 Headers (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add VCN3.0 register headers (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Add ATHUB 2.1 header files (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: add GC 10.3 header files (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: restrict bo mapping within gpu address limits (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Add unique_id and serial_number for Arcturus v3 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Add ReadSerial defines for Arcturus (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: remove useless code in RAS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: fix RAS memory leak in error case (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/fru: fix header guard and include header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/nv: enable init reset check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/nv: remove some dead code (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/nv: allow access to SDMA status registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use IP discovery table for renoir (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: clean up discovery testing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: skip gpu_info firmware if discovery info is available (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: give better names for the thermal IRQ related APIs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: use the common APIs for IRQ disablement/enablement (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: stop thermal IRQs on suspend (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: added a sysfs interface for thermal throttling related V4 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable thermal throttling logging support V2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: implement ASIC specific thermal throttling logging (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: update Arcturus smu-driver headers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: fix a dereference of pdd before it is null checked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gmc10: program the smallK fragment size (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Fix GCC 10 compiler warning (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/amdgpu: Fix the CGCG setting is overwritten for SRIOV (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.87 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Don't compare same stream for synchronized vblank (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Release 1.0.12 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: enable plane if container of plane_status changed (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: combine public interfaces into single header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Allow Diagnostics test with eDP not connected (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: unit show garbage when do OPTC blank (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Guard against invalid array access (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Disable PG on NV12 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Increase Default Sizes of FW State and Trace Buffer (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Handle link loss interrupt better (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: simplify dml log2 function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix incorrect HDCP caps for dongle (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: link_status not align when power off encoder (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.86 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: Improve the MTYPE comments (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdkfd: Track SDMA utilization per process (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add check before i2c_add_adapter (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: remove SRIOV check in SMU11 (v2) (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: enable SMC message filter (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: add SMC message filter for SMU11 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: check whether SMU IP is enabled before access (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Make BREAK_TO_DEBUGGER() a debug print (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/[radeon|amdgpu]: Replace one-element array and use struct_size() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/radeon/dpm: Replace one-element array and use struct_size() helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: put some case statments in family order (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sdma4: simplify the logic around powering up sdma (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: simplify mec2 fw check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: simplify CZ/ST and KV/KB/ML checks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: simplify raven and renoir checks (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/gfx10: add navi12 to gfxoff case (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu/sdma4: add renoir to powergating setup (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: simplify ATIF backlight handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/radeon: disable AGP by default (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: print warning when input address is invalid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: skip smu_i2c_eeprom_init/fini under sriov mode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: remove the support of vega20 from swsmu (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/powerplay: remove the support of xgmi pstate on vega20 from (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: change memory training to common function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: FW Release 1.0.11 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Remove nv12 work around (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix dml immediate flip input (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: fix dml log2 function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Support CW4 for DMUB ringbuffer inbox (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add DMUB firmware version helpers in DMUB service (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: vbios data table packing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: DP link layer test 4.2.1.1 fix due to specs update (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: update dml interfaces and variables (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: 3.2.85 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Fix ABM memory alignment issue (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: FW release 1.0.10 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Implement some asic specific abm call backs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Add bit swap helper based on endianness (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Don't pass invalid fw_bss_data pointer into DMUB srv (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Check bss_data_size before going down legacy DMUB (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Do not fail if build scaling params fails (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd/display: Handle persistence in DM (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/debug: Expose connector VRR monitor range via debugfs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bochs: use drm_gem_vram_offset to get bo offset v2 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vram-helper: don't use ttm bo->offset v4 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/qxl: don't use ttm bo->offset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/radeon: don't use ttm bo->offset (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: move ttm bo->offset to amdgpu_bo (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: dw-mipi-dsi.c: remove unused header file (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-buf: minor doc touch-ups (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mipi-dbi: Remove ->enabled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tiny/repaper: Drop edp->enabled (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Make connector creation optional (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Pass drm_connector to internal functions as (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Store current connector in struct dw_hdmi (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Split connector creation to a separate function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Pass drm_display_info to dw_hdmi_support_scdc() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Constify mode argument to internal functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Constify mode argument to dw_hdmi_phy_ops (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Pass drm_display_info to .mode_valid() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: meson: dw-hdmi: Use dw_hdmi context to replace hack (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Remove unused field from dw_hdmi_plat_data (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Pass private data pointer to .configure_phy() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: dw-hdmi: Pass private data pointer to .mode_valid() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: Pass drm_display_info to drm_bridge_funcs .mode_valid() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: edid: Constify connector argument to infoframe functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: simple-bridge: Make connector creation optional (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: simple-bridge: Delegate operations to next bridge (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: Return NULL on error from drm_bridge_get_edid() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: adv7511: Make connector creation optional (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: adv7511: Implement bridge connector operations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: adv7511: Split connector creation to a separate function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: bridge: adv7511: Split EDID read to a separate function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mm/selftests: fix wrong return type casting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mm: cleanup and improve next_hole_*_addr() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mm: optimize find_hole() as well (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mm: remove unused rb_hole_size() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Use per-device logging macros (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Upcast from DRM device to ast structure via to_ast_private() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Remove test for device from ast_pm_freeze() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Remove unused code paths for AST 1180 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: simple: add Tianma TM070JVHG33 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: simple: add CDTech S070PWS19HP-FC21 and S070SWV29HG-DC44 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: tfp410: Fix setup and hold time calculation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: tfp410: fix de-skew value retrieval from DT (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel-simple: Add missing connector type for some panels (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp: DRM DP helper for reading Ignore MSA from DPCD (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/arm: fix unintentional integer overflow on left shift (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_fourcc: Add uncompressed AFBC modifier (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: drm_fourcc: add NV15, Q410, Q401 YUV formats (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panfrost: Use kvfree() to free bo->sgts (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panfrost: Fix runtime PM imbalance on error (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panfrost: Fix inbalance of devfreq record_busy/idle() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Check the regmap return value when setting (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Fix kernel-doc typo ln_polr => ln_polrs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Don't use kernel-doc comment for local (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Don't compile GPIO bits if not (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panfrost: Reduce the amount of logs on deferred probe (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/rockchip: Add per-pixel alpha support for the PX30 VOP (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmem-helper: Only dma-buf imports are private obj (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmem-helper: Fix obj->filp derefence (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/kselftest: fix spellint typo in test-drm_mm.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ast: Use managed pci functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/malidp: convert platform driver to use dev_groups (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/arm: Kconfig annotate drivers as COMPILE_TEST (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/todo: Add item about modeset properties (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/auth: make drm_{set,drop}master_ioctl symmetrical (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: vmwgfx: remove drm_driver::master_set() return type (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mm: remove invalid entry based optimization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp_mst: Fix flushing the delayed port/mstb destroy work (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp_mst: Fix the DDC I2C device registration of an MST port (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp_mst: Fix the DDC I2C device unregistration of an MST port (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915/dp_mst: Work around out-of-spec adapters filtering short pulses (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp_mst: Sanitize mgr->qlock locking in drm_dp_mst_wait_tx_reply() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Use managed device initialization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Embed instance of struct drm_device in struct mga_device (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Allocate device structures in mgag200_driver_load() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Separate device initialization into allocation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Move device init and cleanup to mgag200_drv.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Prefix symbol names in mgag200_drv.c with mgag200_ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Separate DRM and PCI functionality from each other (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Switch to managed MM (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Merge VRAM setup into MM initialization (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Lookup VRAM PCI BAR start and length only once (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Rename mgag200_ttm.c to mgag200_mm.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Use pcim_enable_device() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Remove mgag200_cursor.c (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Remove declaration of mgag200_mmap() from header file (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drivers: gpu: drm: Fix trivial spelling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Restrict HACT_ACT setup to DSI (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Turn static const variable into a define (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Move crtc state to common header (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Switch to of_device_get_match_data (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: crtc: Rename SoC data structures (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: plane: Move additional planes creation to driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: plane: Move planes creation to its own function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: drv: Add include guards (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/udl: Use GEM vmap/mmap function from SHMEM helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmem-helper: Add .gem_create_object helper that sets map_cached (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Remove struct drm_driver.gem_print_info (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/zte: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/zte: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tve200: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tve200: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tilcdc: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tilcdc: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sti: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/sti: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/stm: Set GEM CMA functions with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/stm: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmobile: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmobile: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/rcar-du: Set GEM CMA functions with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/rcar-du: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mxsfb: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mxsfb: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: Set GEM CMA functions with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/meson: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mcde: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mcde: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/malidp: Set GEM CMA functions with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/malidp: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/komeda: Set GEM CMA functions with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/komeda: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/ingenic: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/imx: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/hisilicon/kirin: Set GEM CMA functions with (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/hisilicon/kirin: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/hisilicon/kirin: Set .dumb_create to drm_gem_cma_dumb_create() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/fsl-dcu: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/fsl-dcu: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/atmel-hlcdc: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/atmel-hlcdc: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/arm: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/arm: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/arc: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/arc: Use GEM CMA object functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/cma-helper: Add DRM_GEM_CMA_DRIVER_OPS to set default GEM CMA (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/cma-helper: Rework DRM_GEM_CMA_VMAP_DRIVER_OPS macro (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/cma-helper: Rename symbols from drm_cma_gem_ to drm_gem_cma_ (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmem-helpers: Simplify dma-buf importing (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmem-helpers: Ensure get_pages is not called on imported dma-buf (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mm: add ig_frag selftest (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: document how user-space should use link-status (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: simple: Add support for KOE TX26D202VM0BWA panel (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panel: simple: Set connector type for DSI panels (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mm: fix hole size comparison (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/hdlcd: Don't call drm_crtc_vblank_off on unbind (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/malidp: Don't call drm_crtc_vblank_off on unbind (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmem-helpers: Redirect mmap for imported dma-buf (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/shmem-helpers: Don't call get/put_pages on imported dma-buf in vmap (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/udl: Don't call get/put_pages on imported dma-buf (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: Call the right shmem helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/doc: Some polish for shmem helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gem: WARN if drm_gem_get_pages is called on a private obj (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: Don't call dma_buf_vunmap without _vmap (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: add docs for standard CRTC properties (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: Use IS_BUILTIN (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: pxafb: Use correct return value for pxafb_probe() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: pxafb: Fix the function used to balance a (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drivers: video: hdmi: cleanup coding style in video a bit (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - console: newport_con: fix an issue about leak related system (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - omapfb/dss: fix comparison to bool warning (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: DPMS is no longer the only mutable connector prop (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: convert get_user_pages() --> pin_user_pages() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: fix error handling for get_user_pages_fast() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: use drm_WARN for all warnings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: use drm_* functions for logging (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Documentation: Fix typo error in todo.rst (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: use drm_dev_has_vblank more (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gma500: Stop using mode->private_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mcde: Use mode->clock instead of reverse calculating it from the vrefresh (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: pahole struct drm_display_mode (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Flatten drm_mode_vrefresh() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Shrink drm_display_mode timings (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Make mode->flags u32 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Shrink mode->type to u8 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Shrink {width,height}_mm to u16 (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm/dpu: Stop copying around mode->private_flags (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Nuke mode->vrefresh (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: Introduce some local intel_dp variables (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/format-helper: Add drm_fb_swab() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/client: Add drm_client_modeset_check() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/client: Add drm_client_framebuffer_flush() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: hdmi: Silence pixel clock error on -EPROBE_DEFER (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/auth: remove redundant assignment to variable ret (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/writeback: don't set fence->ops to default (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Restore the NULL check for drm_gem_object_put() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - dma-fence: add might_sleep annotation to _wait() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/file: wrap excessively long line (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: print the current->comm alongside the pid (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: remove transient drm_gem_object_put_unlocked() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/xen: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vkms: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/virtio: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vgem: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vc4: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/v3d: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tegra: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/rockchip: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/radeon: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/qxl: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/panfrost: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/omapdrm: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/nouveau: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/msm: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mediatek: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/lima: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/i915: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gma500: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/exynos: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/etnaviv: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/armada: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/arm: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amd: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: remove _unlocked suffix in drm_gem_object_put_unlocked (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gem: add drm_gem_object_put helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gem: add _locked suffix to drm_gem_object_put (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gem: fold drm_gem_object_put_unlocked and __drm_gem_object_put() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: remove drm_driver::gem_free_object (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gma500: Use lockless gem BO free callback (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/amdgpu: use the unlocked drm_gem_object_put (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/doc: drop struct_mutex reference for drm_gem_object_free (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/doc: add WARNING for drm_device::struct_mutex (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/doc: drop struct_mutex references (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/todo: mention i915 in the struct_mutex section (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gem: use _unlocked reference in drm_gem_objects_lookup docs (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: remove unused drm_gem.h include (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Replace VRAM helpers with SHMEM helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Convert to simple KMS helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Use simple-display data structures (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Remove out-commented suspend/resume helpers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Move register initialization into separate function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Move hiprilvl setting into separate functions (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Move TAGFIFO reset into separate function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Set primary plane's format in separate helper function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Set pitch in a separate helper function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Update mode registers after plane registers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Split MISC register update into PLL selection, SYNC and (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Move mode-setting code into separate helper function (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Clean up mga_crtc_do_set_base() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Clean up mga_set_start_address() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/mgag200: Remove HW cursor (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tilcdc: add missing static for panel_driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tilcdc: remove unnecessary state->fb check (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Implement lane reordering + polarity (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: ti-sn65dsi86: Export bridge GPIOs to Linux (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Match drm_dp_send_clear_payload_id_table definition to (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Describe dp_rev for drm_dp_set_phy_test_pattern (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Help unconfuse gcc, avoid accidental impossible unsigned comparisons (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Include internal header for managed function declarations (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: amba-clcd: use devm_of_find_backlight (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm: Add DRM_MODE_TYPE_USERDEF flag to probed modes matching a video= (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/debugfs: fix plain echo to connector "force" attribute (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/gem: Fix a leak in drm_gem_objects_lookup() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/rockchip: vop: call vop_cfg_done() under reg_lock (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/tilcdc: use devm_of_find_backlight (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/omap: display: use devm_of_find_backlight (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/dp_mst: Fix timeout handling of MST down messages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/vblank: remove outdated and noisy output (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - nouveau/svm: use the new migration invalidation (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - mm/notifier: add migration invalidation type (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - mm/migrate: add a flags parameter to migrate_vma (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - nouveau: fix storing invalid ptes (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - nouveau/hmm: support mapping large sysmem pages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - nouveau: fix mapping 2MB sysmem pages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - nouveau/hmm: fault one page at a time (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - mm/hmm: provide the page mapping order in hmm_range_fault() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge: lvds-codec: simplify error handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - drm/bridge/sii8620: fix resource acquisition error handling (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - driver core: add device probe log helper (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Documentation: gpu/drm-uapi: eliminate duplicated word (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Documentation: gpu/komeda-kms: eliminate duplicated word (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - docs: move nommu-mmap.txt to admin-guide and rename to ReST (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - treewide: Remove uninitialized_var() usage (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - video: fbdev: remove fb-puv3 driver (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - commit ee626ec - scsi: zfcp: Clarify access to erp_action in zfcp_fsf_req_complete() (jsc#SLE-15871 bsc#1176961 LTC#187760). - scsi: zfcp: Use list_first_entry_or_null() in zfcp_erp_thread() (jsc#SLE-15871 bsc#1176961 LTC#187760). - scsi: zfcp: Avoid benign overflow of the Request Queue's free-level (jsc#SLE-15871 bsc#1176961 LTC#187760). - scsi: zfcp: Replace open-coded list move (jsc#SLE-15871 bsc#1176961 LTC#187760). - scsi: zfcp: Clean up zfcp_erp_action_ready() (jsc#SLE-15871 bsc#1176961 LTC#187760). - scsi: zfcp: Use prandom_u32_max() for backoff (jsc#SLE-15871 bsc#1176961 LTC#187760). - commit 6b83ff7 - scsi: zfcp: use fallthrough; (jsc#SLE-15871 bsc#1176961 LTC#187760). - Refresh patches.suse/scsi-zfcp-Move-shost-updates-during-xconfig-data-han.patch. - commit f093ef6 - Move endpoint security DASD info patches to the sorted section - patches.suse/s390-sles15sp3-03-01-s390-cio-Export-information-about-Endpoint-Security-.patch - patches.suse/s390-sles15sp3-03-02-s390-cio-Provide-Endpoint-Security-Mode-per-CU.patch - patches.suse/s390-sles15sp3-03-03-s390-cio-Add-support-for-FCES-status-notification.patch. - patches.suse/s390-sles15sp3-03-04-s390-dasd-Remove-unused-parameter-from-dasd_generic_.patch - patches.suse/s390-sles15sp3-03-05-s390-dasd-Move-duplicate-code-to-separate-function.patch - patches.suse/s390-sles15sp3-03-06-s390-dasd-Store-path-configuration-data-during-path-.patch - patches.suse/s390-sles15sp3-03-07-s390-dasd-Fix-operational-path-inconsistency.patch - patches.suse/s390-sles15sp3-03-08-s390-dasd-Display-FC-Endpoint-Security-information-v.patch - patches.suse/s390-sles15sp3-03-09-s390-dasd-Prepare-for-additional-path-event-handling.patch - patches.suse/s390-sles15sp3-03-10-s390-dasd-Process-FCES-path-event-notification.patch - commit 5e6fdd9 - efi/libstub: Rename efi_call_early/_runtime macros to be more intuitive (jsc#SLE-16407). - Refresh patches.suse/0001-efi-generalize-efi_get_secureboot.patch. - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - Refresh patches.suse/0006-efi-allow-user-to-regenerate-secret-key.patch. - commit 34853ac - efi/libstub: Remove 'sys_table_arg' from all function prototypes (jsc#SLE-16407). - Refresh patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch. - Refresh patches.suse/0001-efi-generalize-efi_get_secureboot.patch. - commit f1a59c9 - efi/libstub: Drop sys_table_arg from printk routines (jsc#SLE-16407). - Refresh patches.suse/0001-efi-generalize-efi_get_secureboot.patch. - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - Refresh patches.suse/0006-efi-allow-user-to-regenerate-secret-key.patch. - commit cbab4fc ++++ python3-core: - Pin Sphinx version to fix doc subpackage ++++ libzypp: - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Url: Hide known password entries when writing the query part (bsc#1050625 bsc#1177583, CVE-2017-9271) - adapt testcase to change introduced by libsolv#402. - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427, Fixes openSUSE/zypper#357). - version 17.25.3 (22) ++++ opensc: - OpenSC 0.21.0: * CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK smart card software driver (boo#1177380) * CVE-2020-26572: stack-based buffer overflow in the TCOS smart card software driver (boo#1177378) * CVE-2020-26570: heap-based buffer overflow in the Oberthur smart card software driver (boo#1177364) * CardOS 5.x support boo#1179291 * Support for OAEP encryption, make SHA256 default * New separate debug level for PIN commands * Fix handling of card/reader insertion/removal events in pcscd * Fixes of removed readers handling * Fix Firefox crash because of invalid pcsc context * PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards * Propagate ignore_user_content to PKCS#11 layer not to confuse applications * Minidriver: Fix check of ATR length (2-to 33 characters inclusive) * pkcs11-tool: allow using SW tokens * opensc-explorer asn1 accepts offsets and decode records * opensc-explorer cat accepts records * OpenPGP: Add new ec curves supported by GNUK * First steps supporting OpenPGP 3.4 * OpenPGP: Add support for EC key import * Rutoken: Add ATR for Rutoken ECP SC NFC * Improve detection of various CardOS 5 configurations * DNIe: Add new DNIe CA structure for the secure channel * ePass2003: Improve ECC support * ePass2003: Fix erase sequence * IAS-ECC: Fix support for Idemia Cosmo cards * IAS-ECC: PIN padding settings are now used from PKCS#15 info when available * IAS-ECC: Added PIN-pad support for PIN unblock * New driver for Gemalto IDPrime (only some types) * eDo: New driver with initial support for Polish eID card (e-dowód, eDO) * MCRD: Remove unused and broken RSA EstEID support * TCOS: Add missing encryption certificates * PIV: Add ATR of DOD Yubikey * fixed PIV global pin bug * CAC1: Support changing PIN with CAC Alt tokens - includes changes from 0.20.0 * CVE-2019-6502: memory leak in libopensc (boo#1122756) * CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747) * CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746) * CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256) * CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307) * CVE-2019-20792: double free in coolkey_free_private_dat (bsc#1170809) * Support RSA-PSS signature mechanisms using RSA-RAW * Added memory locking for secrets * added support for terminal colors * PC/SC driver: Fixed error handling in case of changing or removing the card reader * rename md_read_only to read_only and use it for PKCS#11 and Minidriver * allow global use of ignore_private_certificate * PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile * PKCS#11: Add C_WrapKey and C_UnwrapKey implementations * PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects * PKCS#11: Truncate long PKCS#11 labels with ... * PKCS#11: Fixed recognition of a token when being unplugged and reinserted * Minidriver: Register for CardOS5 cards * Minidriver: Add support for RSA-PSS * tools: Harmonize the use of option -r/--reader * goid-tool: GoID personalization with fingerprint * openpgp-tool: replace the options -L/--key-length with -t/--key-type * openpgp-tool: add options -C/--card-info and -K/--key-info * opensc-explorer: add command pin_info, extend random * pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11 * pkcd11-register: Autostart * opensc-tool: Show ATR also for cards not recognized by OpenSC * pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters * pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values * pkcs11-tool: Support for signature verification via --verify * pkcs11-tool: Add object type secrkey for --type option * pkcs11-tool: Implement Secret Key write object * pkcs11-tool: Add GOSTR3410-2012 support * pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP * pkcs11-tool: Add extractable option to key import * pkcs11-tool: list more key access flags when listing keys * pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys * pkcs15-crypt: *Handle keys with user consent * New separate CAC1 driver using the old CAC specification (#1502) * CardOS: Add support for 4K RSA keys in CardOS 5 * CardOS: Fixed decryption with CardOS 5 * Enable CoolKey driver to handle 2048-bit keys * EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 * GIDS Decipher fix (#1881) * GIDS: Allow RSA 4K support * MICARDO: Remove long expired EstEID 1.0/1.1 card support * MyEID: Add support for unwrapping a secret key with an RSA key or secret key * MyEID Add support for wrapping a secret key with a secret key * Support for MyEID 4K RSA * Support for OsEID * Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys * OpenPGP Card v3 ECC support * Add Rutoken ECP SC * Add Rutoken Lite * Add SmartCard-HSM 4K ATR * Add missing secp384r1 curve parameter * Stacros: Fix decipher with 2.3 * Stacros: Add ATR for 2nd gen. eGK * Stacros: Add new ATR for 3.5 * Stacros: Detect and allow Globalplatform PIN encoding * Fix TCOS IDKey support * TCOS: add encryption certificate for IDKey * Infocamere, Postecert, Cnipa: Remove profiles * Remove incomplete acos5 driver - drop patches now upstream: * opensc-0.19.0-piv_card_matching.patch * opensc-0.19.0-redundant_logging.patch * opensc-0.19.0-rsa-pss.patch ++++ openssh: - Support /usr/etc/pam.d ++++ patterns-microos: - created pattern cockpit ++++ python3: - Pin Sphinx version to fix doc subpackage ++++ ovmf: - Update to edk2-stable202011 * MdeModulePkg/VariablePolicyLib: Fix runtime panic in ValidateSetVariable() * CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku * Revert "SecurityPkg: Add RPMC Index to the RpmcLib" * MdeModulePkg/LzmaCustomDecompressLib: catch 4GB+ uncompressed buffer sizes (bsc#1183578, CVE-2021-28211) * MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion (bsc#1183579, CVE-2021-28210) * MdeModulePkg/Core/Dxe: assert SectionInstance invariant in FindChildNode() (bsc#1183579, CVE-2021-28210) * SecurityPkg: Add RPMC Index to the RpmcLib * BaseTools: Resolve index out of range errors. * UefiCpuPkg/PiSmmCpuDxeSmm: Reflect page table depth with page table address * UefiCpuPkg/PiSmmCpuDxeSmm: Correct the Cr3 typo * CryptoPkg: Make the MD5 disable as default for security * NetworkPkg/Defines: Make iSCSI disable as default * OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI * OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI * OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI * OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI * ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI * ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI * NetworkPkg: Enable MD5 while enable iSCSI * CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 * SecurityPkg/Hash2DxeCrypto: Remove SHA1 support * SecurityPkg/Hash2DxeCrypto: Remove MD5 support * MdeModulePkg: Drop VarLock from RuntimeDxe variable driver * MdeModulePkg: Change TCG MOR variables to use VariablePolicy * SecurityPkg: Allow VariablePolicy state to delete authenticated variables * MdeModulePkg: Allow VariablePolicy state to delete protected variables * MdeModulePkg: Connect VariablePolicy business logic to VariableServices * ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform * OvmfPkg: Add VariablePolicy engine to OvmfPkg platform * BaseTools: Fix BrotliCompress tool issue * MdePkg/BaseRngLibDxe: Add DXE_RUNTIME_DRIVER class to RngLib * MdeModulePkg DisplayEngineDxe: Correct the local variable name. * MdeModulePkg/AtaAtapiPassThru: Trace ATA packets * MdeModulePkg/AtaAtapiPassThru: Restart failed packets * MdeModulePkg/AtaAtapiPassThru: Add SATA error recovery flow * MdeModulePkg/AtaAtapiPassThru: Check IS to check for command completion * MdeModulePkg/DriverSampleDxe: Add HII sample options * MdeModulePkg/Library: Revise HiiLib to check REST_STYLE * BaseTools/VfrCompile: VFR compiler supports REST_STYLE in HII option * MdePkg: Add GUID for REST Style Formset * UefiCpuPkg/MpInitLib: For SEV-ES guest, set stack based on processor number * UefiCpuPkg, OvmfPkg: Disable interrupts when using the GHCB * OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Fix erase blocks for SEV-ES * OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Set the SwScratch valid bit * UefiCpuPkg/MpInitLib: Set the SW exit fields when performing VMGEXIT * OvmfPkg/VmgExitLib: Set the SwScratch valid bit for MMIO events * OvmfPkg/VmgExitLib: Set the SwScratch valid bit for IOIO events * OvmfPkg/VmgExitLib: Set the SW exit fields when performing VMGEXIT * OvmfPkg/VmgExitLib: Implement new VmgExitLib interfaces * UefiCpuPkg/VmgExitLib: Add interfaces to set/read GHCB ValidBitmap bits * MdePkg: Clean up GHCB field offsets and save area * BaseTools: Limit command line length. * BaseTools: Update report map file format * BaseTools: Add image type into generate map file * BaseTools: Incremental build issue for included ASI file's deletion. * MdeModulePkg/Core/Dxe: log memory base and length, after lib ctors again * BaseTools: Fix BaseTools nmake cleanall hang issue * ShellPkg:Fix bug in FileBuffer.c * BaseTools: Enable Module Scope Structure Pcd * MdeModulePkg/Gcd: Check memory allocation when initializing memory * BaseTools: Remove the dependency on the build intermediate file * DynamicTablesPkg: Add SSDT CMN-600 Table generator * MdePkg: Definitions for Extended Interrupt Flags * BaseTools: Update the FV Space Information to display decimal and Hex * MdePkg/Include: Definitions of EFI REST JSON Structure Protocol * MdeModulePkg/XhciDxe: Retry device slot init on failure * MdeModulePkg/AcpiTableDxe: use pool allocation for RSDP if possible * MdeModulePkg/AcpiTableDxe: use pool allocation for RSDT/XSDT if possible * MdeModulePkg/AcpiTableDxe: use pool allocations when possible * MdePkg: Fix SmBios.h PROCESSOR_CHARACTERISTIC_FLAGS to be UINT16 * MdePkg: Update SmBios.h to add SMBIOS 3.4.0 ARM64 SoC ID field * ShellPkg: Add ARM64 SoC ID to Processor Characteristics in smbiosview * ShellPkg: Fix smbiosview string definition name for "boot from CD" * ShellPkg: Fix a couple of typos in smbiosview * MdeModulePkg/Core: Support standalone MM in FV2 protocol GetNextFile(). * MdePkg/SystemResourceTable.h: Add vendor range values * MdePkg/Include: Fix wrong spelling in http11.h * BaseTools/Ecc: Fix ECC check MetaFile Copyright information issue * MdeModulePkg/XhciDxe: Error handle for USB slot initialization failure * ArmPkg/ArmMmuLib: Explicitly cast function pointer argument * ArmPkg/ArmMmuLib: Explicitly cast UINT32 data conversions * DynamicTablesPkg: SsdtSerialPortFixupLib fix ECC errors * DynamicTablesPkg: AmlEncoding change debug macro * DynamicTablesPkg: AmlLib\AmlDbgPrint fix ECC error * DynamicTablesPkg: AmlLib fix ECC errors * DynamicTablesPkg: AcpiSratLibArm fix ECC error * DynamicTablesPkg: SsdtSerialPortLibArm fix ECC error * DynamicTablesPkg: Fix order of assert checks * CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584) (bsc#1177789) * Revert "MdeModulePkg/PartitionDxe: Fix the incorrect LBA size in child ..." * UefiCpuPkg/MpInitLib: Reduce reset vector memory pressure * SecurityPkg/Tcg2PhysicalPresenceLib: Fix incorrect TCG VER comparision * CryptoPkg: BaseCryptLib: Add unit tests (Host and Shell based) * ArmVirtPkg: Add kvmtool to package dictionary * ArmVirtPkg: Package dependency for MC146818 RTC * ArmVirtPkg: Support for kvmtool virtual platform * ArmVirtPkg: Add Kvmtool Platform Pei Lib * ArmVirtPkg: 16550 UART Platform hook library * ArmVirtPkg: GUID Hob for 16550 UART base address * MdeModulePkg: Fix constructor invocation ordering * ArmVirtPkg: Add Kvmtool NOR flash lib * ArmVirtPkg: kvmtool platform memory map * ArmVirtPkg: Add kvmtool platform driver * ArmPlatformPkg: Dynamic flash variable base * ArmVirtPkg: Add Kvmtool RTC Fdt Client Library * PcAtChipsetPkg: Add MMIO Support to RTC driver * MdePkg/Include: Add HTTP definitions * BaseMemoryLibSse2: Take advantage of write combining buffers * RedfishPkg/Include: PCD definitions of Host Interface EFI device path * MdePkg/Include: Definitions of EFI REST EX Protocol * ShellPkg/SmbiosView: Add DDR5 support * MdePkg/BaseLib: Fix invalid memory access in AArch64 SetJump/LongJump * BaseTools: Add EDKII_DSC_PLATFORM_GUID MACRO * MdeModulePkg: Remove code wrapped by DISABLE_NEW_DEPRECATED_INTERFACES * MdePkg: Remove code wrapped by DISABLE_NEW_DEPRECATED_INTERFACES * BaseTools Build_Rule: Add the missing ASM16_FLAGS for ASM16 source file * BaseTools: Move C tool flags before the common flags * BaseTools: Copy PACKED definition from MdePkg Base.h * MdeModulePkg/Core/Dxe: expose SP and CRYPTO capabilities in UEFI memmap * MdePkg/UefiSpec: separate page access bitmask from SP and CRYPTO caps * MdePkg: SMBIOS 3.4.0 Update "adding DDR5 definitions". * NetworkPkg: Fix possible infinite loop in HTTP msg body parser * NetworkPkg/HttpDxe: TlsChildHandle is not cleared when reset * NetworkPkg: Add RngLib entry to .dsc file. * MdeModulePkg/HiiDatabase: Do not modify CONST string * OvmfPkg: enable HttpDynamicCommand * ArmVirtPkg: enable HttpDynamiCommand * ShellPkg/DynamicCommand: add HttpDynamicCommand * CryptoPkg/BaseCryptLib: add crypto algorithms needed by variable protection * BaseTools: Add RISCV64 binding * MdeModulePkg/XhciDxe: Fix Broken Timeouts * BaseTools: Set section alignment as zero if its type is Auto * BaseTools: Remove CanSkip calling for incremental build * BaseTools: Normalize case of pathname when evaluating Macros. * BaseTools: Clean the ffs folder before generating files in it * BaseTools: Add included files to deps_target file. * OvmfPkg/README: HTTPS Boot: describe host-side TLS cipher suites forwarding * MdeModulePkg/NonDiscoverablePciDeviceDxe: Add NULL pointer check * CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool * ArmVirtPkg: Add RngLib based on TimerLib for CryptoPkg * OvmfPkg: Add RngLib based on TimerLib for Crypto * MdePkg: BaseRngLibDxe: Add RngLib that uses RngDxe * MdePkg: TimerRngLib: Added RngLib that uses TimerLib * MdePkg: Correct EFI_BLOCK_IO_PROTOCOL_REVISION3 value * OvmfPkg: drop redundant VendorID check in VirtioMmioDeviceLib * MdePkg: PciExpressLib support variable size MMCONF * UefiPayloadPkg: Store the size of the MMCONF window * SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuid * BaseTools: update IASL extdep to more modern version * UefiCpuPkg/RegisterCpuFeaturesLib: Support MpServices2 only case. * BaseTools: Sort the Pcd set when generating the VPD binary * SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO - Refresh ovmf-add-exclude-shell-flag.patch - Drop upstreamed ovmf-jscSLE-16075-SEV-ES-fixes.patch ++++ sysconfig: - Also support service(network) provides ++++ yast2: - prepare usrmerge: install legacy symlinks via spec file only (boo#1029961) - 4.3.44 ++++ zypper: - Avoid translated text in xml attributes ( fixes #361 ) - BuildRequires: libzypp-devel >= 17.25.3. Adapt to new LoadTestcase API. - version 1.14.41 ------------------------------------------------------------------ ------------------ 2020-11-26 - Nov 26 2020 ------------------- ------------------------------------------------------------------ ++++ hdparm: - prepare usrmerge (boo#1029961) ++++ kernel-default: - sched: Fix data-race in wakeup (bnc#1178227). - Delete patches.suse/sched-Fix-loadavg-accounting-race-on-arm64-kabi.patch. Replaces a KABI-safe fix in SP2 with the upstream version. - commit 1fe5fc0 - of/address: check for invalid range.cpu_addr (jsc#SLE-16543). - commit 3da893a - powerpc: Drop using struct of_pci_range.pci_space field (jsc#SLE-16543). - commit 55da8d8 - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - commit b0ab459 - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - commit d7dbfa4 - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - commit 918cff8 - Update configs: Refresh arm64's config - commit 96a2987 - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290). - commit 223af9b - dt-bindings: pwm: Add binding for RPi firmware PWM bus (jsc#SLE-16543). - staging: vchiq: Release firmware handle on unbind (jsc#SLE-16543). - soc: bcm: raspberrypi-power: Release firmware handle on unbind (jsc#SLE-16543). - reset: raspberrypi: Release firmware handle on unbind (jsc#SLE-16543). - pwm: Add Raspberry Pi Firmware based PWM bus (jsc#SLE-16543). - Update configs - supported.conf: Enable pwm driver - input: raspberrypi-ts: Release firmware handle when not needed (jsc#SLE-16543). - gpio: raspberrypi-exp: Release firmware handle on unbind (jsc#SLE-16543). - firmware: raspberrypi: Keep count of all consumers (jsc#SLE-16543). - firmware: raspberrypi: Introduce devm_rpi_firmware_get() (jsc#SLE-16543). - clk: bcm: rpi: Release firmware handle on unbind (jsc#SLE-16543). - arm64: mm: Set ZONE_DMA size based on early IORT scan (jsc#SLE-17068). - arm64: mm: Set ZONE_DMA size based on devicetree's dma-ranges (jsc#SLE-17068). - of/address: Introduce of_dma_get_max_cpu_address() (jsc#SLE-17068). - arm64: mm: Move zone_dma_bits initialization into zone_sizes_init() (jsc#SLE-17068). - arm64: mm: Move reserve_crashkernel() into mem_init() (jsc#SLE-17068). - arm64: Force NO_BLOCK_MAPPINGS if crashkernel reservation is required (jsc#SLE-17068). - arm64: Ignore any DMA offsets in the max_zone_phys() calculation (jsc#SLE-17068). - usb: host: pci-quirks: Bypass xHCI quirks for Raspberry Pi 4 (jsc#SLE-17068). - reset: Add Raspberry Pi 4 firmware reset controller (jsc#SLE-17068). - Update configs - supported.conf: Enable reset controller - dt-bindings: reset: Add a binding for the RPi Firmware reset controller (jsc#SLE-17068). - soc: bcm2835: Add notify xHCI reset property (jsc#SLE-17068). - of/address: Support multiple 'dma-ranges' entries (jsc#SLE-17068). - of/address: use range parser for of_dma_get_range (jsc#SLE-17068). - of/address: Rework of_pci_range parsing for non-PCI buses (jsc#SLE-17068). - of: Drop struct of_pci_range.pci_space field (jsc#SLE-17068). - of/address: Move range parser code out of CONFIG_PCI (jsc#SLE-17068). - usb: xhci: Enable LPM for VIA LABS VL805 (jsc#SLE-17068). - Refresh: patches.suse/usb-xhci-define-IDs-for-various-ASMedia-host-control.patch - commit 410dbc7 - Revert "USB: pci-quirks: Add Raspberry Pi 4 quirk (bsc#1163560)." (jsc#SLE-17068) We can now use the proper upstream patch series: https://lkml.org/lkml/2020/6/29/606 This reverts commit e30de5ffe3acb6c8dd1892793ce6899a79bd38bd. - commit 1644970 - Revert "soc: bcm2835: Sync xHCI reset firmware property with downstream" (jsc#SLE-17068) We can now use the proper upstream patch series: https://lkml.org/lkml/2020/6/29/606 This reverts commit 32f4877b5567ad9d16055f194bb21bb6dde55341. - commit ded9d4a - Revert "firmware: raspberrypi: Introduce vl805 init routine" (jsc#SLE-17068) We can now use the proper upstream patch series: https://lkml.org/lkml/2020/6/29/606 This reverts commit d18390349922079ee04fe357c88651c04db51968. - commit 585af47 - Revert "PCI: brcmstb: Wait for Raspberry Pi's firmware when present" (jsc#SLE-17068) We can now use the proper upstream patch series: https://lkml.org/lkml/2020/6/29/606 This reverts commit 41c84ba0bba58cf9d61a81aeb6e3eb4b1fcc468f. - commit 9addf5a - Revert "Refresh: patches.suse/firmware-raspberrypi-introduce-vl805-init-routine.patch" (jsc#SLE-17068) We can now use the proper upstream patch series: https://lkml.org/lkml/2020/6/29/606 This reverts commit 24cdb0de74210a49a6118ffa6db198eca0f0aad9. - commit 233d8c1 - Revert "Update patches.suse/firmware-raspberrypi-introduce-vl805-init-routine.patch." (jsc#SLE-17068) We can now use the proper upstream patch series: https://lkml.org/lkml/2020/6/29/606 This reverts commit 984c0bd050167f3492694794b785e90921bc60e9. - commit b168995 - tpm: efi: Don't create binary_bios_measurements file for an empty log (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - commit 91b284d - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - commit 56a64e3 - fpga: add kABI padding (jsc#SLE-13441). - commit 963653a - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - Revert "ibmvnic: remove never executed if statement" (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - Refresh patches.suse/ibmvnic-restore-adapter-state-on-failed-reset.patch. - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: enhance resetting status check during module exit (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: notify peers when failover and migration happen (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix call_netdevice_notifiers in do_reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - Revert "ibmvnic: remove never executed if statement" (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290). - commit a8dadbf - arm64: mm: fix inverted PAR_EL1.F check (jsc#13705,jsc#13695). - arm64: mm: fix spurious fault detection (jsc#13705,jsc#13695). - commit 0de2657 - arm64: mm: use single quantity to represent the PA to VA translation (jsc#SLE-16407). - commit 202adf6 - docs: arm64: Add layout and 52-bit info to memory document (jsc#SLE-16407). - arm64: mm: Remove vabits_user (jsc#SLE-16407). - arm64: mm: Separate out vmemmap (jsc#SLE-16407). Refresh patches.suse/0002-arm64-rename-variables-used-to-calculate-ZONE_DMA32-.patch patches.suse/0003-arm64-use-both-ZONE_DMA-and-ZONE_DMA32.patch patches.suse/arm64-mm-Introduce-52-bit-Kernel-VAs.patch - commit 0d98a48 - efi/x86: Don't remap text<->rodata gap read-only for mixed mode (jsc#SLE-16407). - efi/x86: Fix the deletion of variables in mixed mode (jsc#SLE-16407). - arm64: Fix kcore macros after 52-bit virtual addressing fallout (jsc#SLE-16407). - arm64: fix fixmap copy for 16K pages and 48-bit VA (jsc#SLE-16407). - arm64: memory: rename VA_START to PAGE_END (jsc#SLE-16407). - arm64: memory: Add comments to end of non-trivial #ifdef blocks (jsc#SLE-16407). - arm64: memory: Simplify _VA_START and _PAGE_OFFSET definitions (jsc#SLE-16407). - arm64: memory: Rewrite default page_to_virt()/virt_to_page() (jsc#SLE-16407). - arm64: memory: Ensure address tag is masked in conversion macros (jsc#SLE-16407). - arm64: memory: Fix virt_addr_valid() using __is_lm_address() (jsc#SLE-16407). - arm64: mm: Simplify definition of virt_addr_valid() (jsc#SLE-16407). - arm64: mm: Introduce 52-bit Kernel VAs (jsc#SLE-16407). - arm64: mm: Modify calculation of VMEMMAP_SIZE (jsc#SLE-16407). - arm64: mm: Logic to make offset_ttbr1 conditional (jsc#SLE-16407). - arm64: mm: Introduce vabits_actual (jsc#SLE-16407). Refresh patches.suse/0002-arm64-rename-variables-used-to-calculate-ZONE_DMA32-.patch patches.suse/0003-arm64-use-both-ZONE_DMA-and-ZONE_DMA32.patch - arm64: dump: De-constify VA_START and KASAN_SHADOW_START (jsc#SLE-16407). - arm64: mm: Remove bit-masking optimisations for PAGE_OFFSET and VMEMMAP_START (jsc#SLE-16407). - commit 65ae799 - Fix compiler warnings (jsc#SLE-15020) - Refresh patches.suse/0001-efi-generalize-efi_get_secureboot.patch. patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch. - commit c2e474d ++++ kernel-default-base: - Add wireguard (boo#1179225) ++++ util-linux: - Do search /usr/sbin for mount helpers. (This drops /sbin/fs, /sbin/fs.d, which we do not use in openSUSE.) ++++ python-pytz: - update to 2020.4: * update to IANA 2020d timezone release ++++ ovmf: - Cosmetic changes in the spec file suggested by spec-cleaner ++++ raspberrypi-firmware-dt: - Introduce upstream-overlay-rpi-poe.patch to adapt the overlay to our driver (jsc#SLE-16543) ++++ systemd-default-settings: - Fix typo introduced by the previous change (bsc#1179183) ++++ toolbox: - Update to version 1.0+git20201126.3d26283: * Make it easier to use custom images (#10) * Update toolbox doc (#9) ++++ util-linux-systemd: - Do search /usr/sbin for mount helpers. (This drops /sbin/fs, /sbin/fs.d, which we do not use in openSUSE.) ++++ yast2: - CWM ComboBox: an editable ComboBox will not alter the list of items when the current value is not part of the list as it uses the original list which could be already modified (bsc#1177137) - 4.3.43 ------------------------------------------------------------------ ------------------ 2020-11-25 - Nov 25 2020 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ++++ kernel-default: - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - commit e680b1d - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - commit 27c703c - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - commit 36b05ae - arm64: signal: nofpsimd: Handle fp/simd context for signal frames (jsc#13705,jsc#13695). - arm64: fpsimd: Make sure SVE setup is complete before SIMD is used (jsc#13705,jsc#13695). - arm64: Introduce system_capabilities_finalized() marker (jsc#13705,jsc#13695). Refresh: patches.suse/arm64-tlb-Use-the-TLBI-RANGE-feature-in-arm64.patch - arm64: kpti: Add Broadcom Brahma-B53 core to the KPTI whitelist (jsc#13705,jsc#13695). - arm64: Introduce ID_ISAR6 CPU register (jsc#13705,jsc#13695). - arm64: cpufeature: Export matrix and other features to userspace (jsc#13705,jsc#13695). Refresh: patches.suse/arm64-tlb-Detect-the-ARMv8.4-TLBI-RANGE-feature.patch - arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 (jsc#13705,jsc#13695). - arm64: cpufeature: Fix typos in comment (jsc#13705,jsc#13695). - docs/arm64: cpu-feature-registers: Rewrite bitfields that don't follow [e, s] (jsc#13705,jsc#13695). - docs/arm64: cpu-feature-registers: Documents missing visible fields (jsc#13705,jsc#13695). - arm64: sysreg: fix incorrect definition of SYS_PAR_EL1_F (jsc#13705,jsc#13695). - arm64: entry.S: Do not preempt from IRQ before all cpufeatures are enabled (jsc#13705,jsc#13695). - arm64: kvm: Replace hardcoded '1' with SYS_PAR_EL1_F (jsc#13705,jsc#13695). - arm64: mm: Ignore spurious translation faults taken from the kernel (jsc#13705,jsc#13695). - arm64: sysreg: Add some field definitions for PAR_EL1 (jsc#13705,jsc#13695). - arm64: mm: Add ISB instruction to set_pgd() (jsc#13705,jsc#13695). - arm64: constify sys64_hook instances (jsc#13705,jsc#13695). - arm64: constify aarch64_insn_encoding_class (jsc#13705,jsc#13695). - arm64: constify icache_policy_str (jsc#13705,jsc#13695). - arm64: sysreg: Remove unused and rotting SCTLR_ELx field definitions (jsc#13705,jsc#13695). Refresh: patches.suse/arm64-cpufeature-Add-remaining-feature-bits-in-ID_AA.patch - commit 844c03f - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - commit 858be95 - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - commit 5a17bb5 - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - commit b4307bb - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - commit dfebf26 - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - commit 4eec57a - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - commit 8bd0d47 - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - commit 62c9be4 - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - commit b68f0fe - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - commit 99df01c - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - commit 1af8481 - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - commit de53464 - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - commit 6169028 - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - commit ae0b28b - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - commit 044ef73 - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - commit f6b3b97 - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - commit de43bbe - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - commit 937dc61 - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - commit 96e1736 - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - commit d01ef40 - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - commit c7c922c - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - commit 68ec4df - arm64: bpf: Fix branch offset in JIT (git-fixes). - commit dcf0a55 - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - commit c6b65e2 - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - commit 17e4326 - Re-enable openSUSE Leap features (jsc#SLE-11796) Most of Leap 15.2 configs are taken over for x86_64 and arm64, while a few features are dropped (e.g. PCMCIA, X32, ISDN). ppc64le and s390x are kept unchanged. The Leap-only modules are packaged into kernel-*-optional subpackage. - commit d64e6b6 - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - commit 8298c55 - ACPICA: Add NHLT table signature (bsc#1176200). - commit c68e192 - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - commit 2b0db2e - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - commit 8d1bf8e - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED (git-fixes). - commit 3fc2241 - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - commit 5e4a1f7 - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - commit 0493181 - dmaengine: idxd: Add shared workqueue support (jsc#SLE-12688). - Update config files: CONFIG_INTEL_IDXD_SVM=y - commit cda5f69 - dmaengine: idxd: define table offset multiplier (jsc#SLE-12688). - dmaengine: idxd: Update calculation of group offset to be more readable (jsc#SLE-12688). - dmaengine: idxd: Add ABI documentation for shared wq (jsc#SLE-12688). - dmaengine: idxd: Clean up descriptors with fault error (jsc#SLE-12688). - commit 84ee085 - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - commit 09c2c7d - dmaengine: idxd: add sysfs ABI for idxd driver (jsc#SLE-12688). - Refresh patches.suse/dmaengine-idxd-export-hw-version-through-sysfs.patch. - commit 30e848c - dmaengine: idxd: fix mapping of portal size (jsc#SLE-12688). - dmaengine: idxd: fix wq config registers offset programming (jsc#SLE-12688). - dmaengine: idxd: add command status to idxd sysfs attribute (jsc#SLE-12688). - dmaengine: idxd: add support for configurable max wq batch size (jsc#SLE-12688). - dmaengine: idxd: add support for configurable max wq xfer size (jsc#SLE-12688). - dmaengine: idxd: clear misc interrupt cause after read (jsc#SLE-12688). - dmaengine: idxd: add leading / for sysfspath in ABI documentation (jsc#SLE-12688). - commit 428b8a5 - x86/asm: Add an enqcmds() wrapper for the ENQCMDS instruction (jsc#SLE-12688). - x86/asm: Carve out a generic movdir64b() helper for general usage (jsc#SLE-12688). - commit 269143b - driver core: Add support for linking devices during device addition (jsc#SLE-16407). - driver core: Add fwnode_to_dev() to look up device from fwnode (jsc#SLE-16407). - commit 0ba9e50 ++++ fmt: - Update to version 7.1.3 * Fixed handling of buffer boundaries in format_to_n * Fixed linkage errors when linking with a shared library * Reintroduced ostream support to range formatters * Worked around an issue with mixing std versions in gcc ++++ lvm2: - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ++++ python3-core: - Change setuptools and pip version numbers according to new wheels (bsc#1179756). - Add ignore_pip_deprec_warn.patch to switch of persistently failing test. ++++ ceph: - Update to 16.0.0-7500-g78f6791981: + cephadm: add global flag --container-init + mgr/cephadm: append --container-init to basecommand + cephadm: remove container-init subparser from "deploy" ++++ libsigc++2: - Update to version 2.10.6: + Build: Meson build: Fix versioning on macOS. + Documentation: - sigc++/sigc++.h: Describe how to use libsigc++ with Meson. - Update links to the web page, now at libsigcplusplus.github.io/libsigcplusplus. ++++ libxml2: - Avoid quadratic checking of identity-constraints: [bsc#1178823] * key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch ++++ patterns-microos: - added vim-small to the default pattern ++++ perl-Cairo: - updated to 1.108 see /usr/share/doc/packages/perl-Cairo/ChangeLog.pre-git ++++ python3: - Change setuptools and pip version numbers according to new wheels (bsc#1179756). - Add ignore_pip_deprec_warn.patch to switch of persistently failing test. ++++ libxml2-python: - Avoid quadratic checking of identity-constraints: [bsc#1178823] * key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch ++++ sysvinit: - prepare usrmerge (boo#1029961) ++++ virt-manager: - boo#1178141 - Accomodate qemu modularization with respect to v5.2 qemu changes, where 3 additional modular shared objects need to be present for spice support. This change simply augments what was done before, adding the additional code to the same patch ------------------------------------------------------------------ ------------------ 2020-11-24 - Nov 24 2020 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Pass --enable-lto to configure, build with LTO enabled. - Stop passing --enable-json-validation to configure, no longer needed, nor recognized. ++++ cockpit-wicked: - Version 1. - First public release. ++++ gtk3: - Update to version 3.24.23+118: + cssnode: Bail out nicely if there is no settings (#2780). + gdk/wayland: Add support for primary-selection-unstable-v1 (#2591). + wayland: Emit dummy configure event when resizing while fixed. + colorchooser: Backport the new color palette. + gdk: Fix parent relative background crash. + Updated translations. ++++ kernel-default: - Update patches.suse/icmp-randomize-the-global-rate-limiter.patch references (add CVE-2020-25705 bsc#1175721). - commit 302c097 - fix patches metadata - fix Patch-mainline: patches.suse/sched-Fix-rq-nr_iowait-ordering.patch patches.suse/sched-fair-Ensure-tasks-spreading-in-LLC-during-LB.patch patches.suse/sched-fair-Fix-unthrottle_cfs_rq-for-leaf_cfs_rq-list.patch - commit 07cd2c9 - blacklist.conf: Kernel building with clang is not supported - commit 66e9cbf - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - commit 155f594 - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - commit 0f2faa6 - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - commit f2af668 - blacklist.conf: Alternative KABI-safe fix used instead (bnc#1178227) - commit 307bf60 - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - commit 6ea8e73 - blacklist.conf: breaks kABI - commit c7c8b0d - timer: Fix wheel index calculation on last level (git-fixes). - commit 7f8a2b1 - timer: Prevent base->clk from moving backward (git-fixes). - commit 48a61b6 - Update patch reference for serial security fix (CVE-2020-15437 bsc#1179140) - commit 195abfd - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - commit 0bca1b7 - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - commit 142fe1e - video: hyperv_fb: include vmalloc.h (git-fixes). - commit 9598448 - arm64: mm: convert mm/dump.c to use walk_page_range() (jsc#SLE-16407). - efi/arm: Defer probe of PCIe backed efifb on DT systems (jsc#SLE-16407). - arm/efi: EFI soft reservation to memblock (jsc#SLE-16407). - arm64: memory: fix flipped VA space fallout (jsc#SLE-16407). - commit aa2fd77 - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - commit 83cd53c - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Don't set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Don't call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - commit 25f15d1 - arm64: mm: Introduce VA_BITS_MIN (jsc#SLE-16407). - Refresh patches.suse/efi-libstub-Rename-efi_call_early-_runtime-macros-to-966291f6.patch. - Refresh patches.suse/efi-libstub-Get-rid-of-sys_table_arg-macro-parameter-2fcdad2a.patch. - arm64: kasan: Switch to using KASAN_SHADOW_OFFSET (jsc#SLE-16407). - arm64: mm: Flip kernel VA space (jsc#SLE-16407). - commit 12d714f ++++ python3-core: - Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916). ++++ snapper: - do not override passwd after getpwuid_r et.al. calls (gh#openSUSE/snapper#589) ++++ systemd: - Don't post-require systemd-default-settings-branding anymore This is actually not needed now that the branding package issues a PID1 reloading every times it's being updated. ++++ python3: - Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916). ++++ salt: - Fix syntax error on pkgrepo state with Python 2.7 - transactional_update: unify with chroot.call - Add "migrated" state and GPG key management functions - Master can read grains - Fix for broken psutil (bsc#1102248) - Fix novendorchange handling in zypperpkg module - Added: * add-migrated-state-and-gpg-key-management-functions-.patch * fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch * fix-novendorchange-option-284.patch * grains-master-can-read-grains.patch * transactional_update-unify-with-chroot.call.patch * pkgrepo-support-python-2.7-function-call-294.patch ++++ qemu: - Be more careful about what directives are used for qemu-testsuite - Fix some spec file 'Requires' statements to be accurate to the new model of relying on system-user-qemu and system-group-kvm to provide the needed users and groups ++++ systemd-rpm-macros: - Bump to version 5 (bsc#1179020) This milestone makes systemd rpm macros mostly identical between SLE12-SP2 and SLE15. - Rename the tag file used to detect when presets need to be applied Rather than placing these tags directly under /run, let's place them under /run/systemd/rpm. This also has the benefit to make the workaround for bsc#1059627 no more needed. ++++ yast2: - CWM ComboBox: reverted the addition of the current_items method (bsc#1177137) - 4.3.42 ------------------------------------------------------------------ ------------------ 2020-11-23 - Nov 23 2020 ------------------- ------------------------------------------------------------------ ++++ gpg2: - GnuPG 2.2.25: * scd: Fix regression in 2.2.24 requiring gpg --card-status before signing or decrypting * gpgsm: Using Libksba 1.5.0 signatures with a rarely used combination of attributes can now be verified ++++ kernel-default: - Refresh patches.suse/1322-amdgpu-a-NULL-mm-does-not-mean-a-thread-is-a-kthread.patch. - commit 2d2501a - powerpc/rtas: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107). Update config files. - commit 4d9370a - Add missing '.patch' extension - commit 6639fd0 - Add missing '.patch' extension - commit cb5e93e - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - ionic: check port ptr before use (bsc#1167773). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - commit b757d92 - Update patch reference tag for fbcon fix (CVE-2020-28974 bsc#1178589) - commit 4526eab - powerpc/uaccess: Evaluate macro arguments once, before user access is allowed (CVE-2020-4788 bsc#1177666). - commit 3a6dc74 - blacklist.conf: coresight: mark duplicate fixes - commit 4122655 - usb: core: driver: fix stray tabs in error messages (git-fixes). - commit a37b0ae - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - commit 1bc383a - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (jsc#SLE-16407). - efi/x86: Remove support for EFI time and counter services in mixed mode (jsc#SLE-16407). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (jsc#SLE-16407). - efi/x86: Fix boot regression on systems with invalid memmap entries (jsc#SLE-16407). - efi/x86: Disable instrumentation in the EFI runtime handling code (jsc#SLE-16407). - efi/libstub/x86: Fix EFI server boot failure (jsc#SLE-16407). - efi/x86: avoid KASAN false positives when accessing the 1: 1 mapping (jsc#SLE-16407). - efi: Fix comment for efi_mem_type() wrt absent physical addresses (jsc#SLE-16407). Refresh patches.suse/x86-efi-Delete-SGI-UV1-detection.patch - efi/x86: Limit EFI old memory map to SGI UV machines (jsc#SLE-16407). Refresh patches.suse/x86-mm-efi-convert-ptdump_walk_pgd_level-to-take-a-mm_struct.patch patches.suse/x86-efi-Delete-SGI-UV1-detection.patch - efi/x86: Avoid RWX mappings for all of DRAM (jsc#SLE-16407). - efi/x86: Don't map the entire kernel text RW for mixed mode (jsc#SLE-16407). - efi/libstub/x86: Fix unused-variable warning (jsc#SLE-16407). - efi/libstub/x86: Use mandatory 16-byte stack alignment in mixed mode (jsc#SLE-16407). - efi/libstub/x86: Use const attribute for efi_is_64bit() (jsc#SLE-16407). Refresh patches.suse/x86-boot-compressed-64-add-idt-infrastructure. - efi: Allow disabling PCI busmastering on bridges during boot (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch Update config files. Add "CONFIG_EFI_DISABLE_PCI_DMA is not set" to x86_64/default and arm64/default - efi/x86: Allow translating 64-bit arguments for mixed mode calls (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - efi/x86: Check number of arguments to variadic functions (jsc#SLE-16407). - efi/x86: Remove unreachable code in kexec_enter_virtual_mode() (jsc#SLE-16407). - efi/x86: Don't panic or BUG() on non-critical error conditions (jsc#SLE-16407). - efi/x86: Clean up efi_systab_init() routine for legibility (jsc#SLE-16407). - efi/x86: Drop two near identical versions of efi_runtime_init() (jsc#SLE-16407). - efi/x86: Simplify mixed mode call wrapper (jsc#SLE-16407). - efi/x86: Simplify 64-bit EFI firmware call wrapper (jsc#SLE-16407). - efi/x86: Simplify i386 efi_call_phys() firmware call wrapper (jsc#SLE-16407). - efi/x86: Split SetVirtualAddresMap() wrappers into 32 and 64 bit versions (jsc#SLE-16407). - efi/x86: Split off some old memmap handling into separate routines (jsc#SLE-16407). - efi/x86: Avoid redundant cast of EFI firmware service pointer (jsc#SLE-16407). - efi/x86: Map the entire EFI vendor string before copying it (jsc#SLE-16407). - efi/x86: Re-disable RT services for 32-bit kernels running on 64-bit EFI (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/libstub/x86: Force 'hidden' visibility for extern declarations (jsc#SLE-16407). - efi/libstub: Fix boot argument handling in mixed mode entry code (jsc#SLE-16407). Refresh patches.suse/x86-boot-compressed-64-add-idt-infrastructure - efi/libstub/x86: Avoid globals to store context during mixed mode calls (jsc#SLE-16407). - efi/libstub: Tidy up types and names of global cmdline variables (jsc#SLE-16407). - commit 05d5a7e - Refresh L1D flush patches to upstream. - commit 6f67758 - config: arm64: enable coresight support References: jsc#SLE-13629,jsc#SLE-14776 - commit 82b71f4 - Delete patches.suse/suse-hv-balloon-debug.patch. - commit f2ea562 - dt-bindings: arm: Adds CoreSight CTI hardware definitions (jsc#SLE-13629,jsc#SLE-14776). - commit 06e36ad - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - commit 8621df1 - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - commit 1caac5a - coresight: tmc-etr: Assign boolean values to a bool variable (jsc#SLE-13629,jsc#SLE-14776). - commit 9f54ba1 - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - commit 7689d05 - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for "grep -E". So use the latter instead. - commit 63d7072 - coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf() (jsc#SLE-13629,jsc#SLE-14776). - coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf() (jsc#SLE-13629,jsc#SLE-14776). - coresight: Remove unnecessary THIS_MODULE of funnel and replicator driver (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Handle TRCVIPCSSCTLR accesses (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix accesses to TRCPROCSELR (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Update TRCIDR3.NUMPROCS handling to match v4.2 (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix accesses to TRCCIDCTLR1 (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix accesses to TRCVMIDCTLR1 (jsc#SLE-13629,jsc#SLE-14776). - coresight: core: Remove unneeded semicolon (jsc#SLE-13629,jsc#SLE-14776). - coresight: Fix uninitialised pointer bug in etm_setup_aux() (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Initialize dynamic sysfs attributes (jsc#SLE-13629,jsc#SLE-14776). - coresight: add module license (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Skip setting LPOVERRIDE bit for qcom,skip-power-up (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (jsc#SLE-13629,jsc#SLE-14776). - coresight: core: Allow the coresight core driver to be built as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: catu: Allow catu drivers to be built as modules (jsc#SLE-13629,jsc#SLE-14776). - coresight: tmc-etr: Add function to register catu ops (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Allow cti to be built as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Increase reference count when enabling cti (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Don't disable ect device if it's not enabled (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Fix bug clearing sysfs links on callback (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Fix remove sysfs link error (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add function to register cti associate ops (jsc#SLE-13629,jsc#SLE-14776). - coresight: replicator: Allow replicator driver to be built as module (jsc#SLE-13629,jsc#SLE-14776). - coresight: funnel: Allow funnel driver to be built as module (jsc#SLE-13629,jsc#SLE-14776). - coresight: tmc: Allow tmc to be built as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: tpiu: Allow tpiu to be built as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: etb: Allow etb to be built as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Allow etm4x to be built as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm3x: Allow etm3x to be built as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm: perf: Fix warning caused by etm_setup_aux failure (jsc#SLE-13629,jsc#SLE-14776). - coresight: stm: Allow to build coresight-stm as a module (jsc#SLE-13629,jsc#SLE-14776). - coresight: Add try_get_module() in coresight_grab_device() (jsc#SLE-13629,jsc#SLE-14776). - coresight: Export global symbols (jsc#SLE-13629,jsc#SLE-14776). - coresight: Add coresight prefix to barrier_pkt (jsc#SLE-13629,jsc#SLE-14776). - coresight: Use IS_ENABLED for CONFIGs that may be modules (jsc#SLE-13629,jsc#SLE-14776). - coresight: cpu_debug: Define MODULE_DEVICE_TABLE (jsc#SLE-13629,jsc#SLE-14776). - coresight: cpu_debug: Add module name in Kconfig (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix number of resources check for ETM 4.3 and above (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix mis-usage of nr_resource in sysfs interface (jsc#SLE-13629,jsc#SLE-14776). - coresight: Make sysfs functional on topologies with per core sink (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm: perf: Sink selection using sysfs is deprecated (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix issues on trcseqevr access (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Handle unreachable sink in perf mode (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Write regsiters directly in cti_enable_hw() (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix issues within reset interface of sysfs (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Ensure default perf settings filter user/kernel (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: remove pm_runtime_get_sync() from CPU hotplug (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: disclaim device only when it's claimed (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Add Support for HiSilicon ETM device (jsc#SLE-13629,jsc#SLE-14776). - coresight: fix offset by one error in counting ports (jsc#SLE-13629,jsc#SLE-14776). - coresight: stm: Support marked packet (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix etm4_count race by moving cpuhp callbacks to init (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix save/restore during cpu idle (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm: perf: Add default sink selection to etm perf (jsc#SLE-13629,jsc#SLE-14776). - coresight: tmc: Update sink types for default selection (jsc#SLE-13629,jsc#SLE-14776). - coresight: Add default sink selection to CoreSight base (jsc#SLE-13629,jsc#SLE-14776). - coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb() (jsc#SLE-13629,jsc#SLE-14776). - coresight: tmc: Add shutdown callback for TMC ETR (jsc#SLE-13629,jsc#SLE-14776). - coresight: Fix comment in main header file (jsc#SLE-13629,jsc#SLE-14776). - coresight: etmv4: Counter values not saved on disable (jsc#SLE-13629,jsc#SLE-14776). - coresight: etmv4: Fix resource selector constant (jsc#SLE-13629,jsc#SLE-14776). - coresight: Drop double check for ACPI companion device (jsc#SLE-13629,jsc#SLE-14776). - coresight: Use devm_kcalloc() in coresight_alloc_conns() (jsc#SLE-13629,jsc#SLE-14776). - coresight: replicator: Reset replicator if context is lost (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Add support to skip trace unit power up (jsc#SLE-13629,jsc#SLE-14776). - coresight: catu: Use CS_AMBA_ID macro for id table (jsc#SLE-13629,jsc#SLE-14776). - coresight: replicator: Use CS_AMBA_ID macro for id table (jsc#SLE-13629,jsc#SLE-14776). - coresight: etmv4: Fix CPU power management setup in probe() function (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Fix error handling in probe (jsc#SLE-13629,jsc#SLE-14776). - stm class: Replace zero-length array with flexible-array (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add CPU idle pm notifer to CTI devices (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add CPU Hotplug handling to CTI driver (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Fix use-after-free of per-cpu etm drvdata (jsc#SLE-13629,jsc#SLE-14776). - coresight: Avoid casting void pointers (jsc#SLE-13629,jsc#SLE-14776). - coresight: Include required headers in C files (jsc#SLE-13629,jsc#SLE-14776). - coresight: Initialize arg in sparse friendly way (jsc#SLE-13629,jsc#SLE-14776). - coresight: Don't initialize variables unnecessarily (jsc#SLE-13629,jsc#SLE-14776). - coresight: Mark some functions static (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Add support for Neoverse N1 ETM (jsc#SLE-13629,jsc#SLE-14776). - coresight: etmv4: Update default filter and initialisation (jsc#SLE-13629,jsc#SLE-14776). - coresight: tmc: Fix TMC mode read in tmc_read_prepare_etb() (jsc#SLE-13629,jsc#SLE-14776). - coresight: Fix support for sparsely populated ports (jsc#SLE-13629,jsc#SLE-14776). - coresight: etb10: Make coresight_etb_groups static (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Make some symbols static (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Replace ETM PIDs with UCI IDs for Kryo385 (jsc#SLE-13629,jsc#SLE-14776). - coresight: etm4x: Add support for Qualcomm SC7180 SoC (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add in sysfs links to other coresight devices (jsc#SLE-13629,jsc#SLE-14776). - coresight: Expose device connections via sysfs (jsc#SLE-13629,jsc#SLE-14776). - coresight: Add generic sysfs link creation functions (jsc#SLE-13629,jsc#SLE-14776). - coresight: Add return value for fixup connections (jsc#SLE-13629,jsc#SLE-14776). - coresight: Pass coresight_device for coresight_release_platform_data (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: remove incorrect NULL return check (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add connection information to sysfs (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Enable CTI associated with devices (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add device tree support for custom CTI (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add device tree support for v8 arch CTI (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add sysfs trigger / channel programming API (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add sysfs access to program function registers (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Add sysfs coresight mgmt register access (jsc#SLE-13629,jsc#SLE-14776). - coresight: cti: Initial CoreSight CTI Driver (jsc#SLE-13629,jsc#SLE-14776). - stm class: sys-t: Fix the use of time_after() (jsc#SLE-13629,jsc#SLE-14776). - commit a8be182 - series.conf: cleanup - update upstream reference and resort: patches.suse/scsi-libiscsi-fix-nop-race-condition - commit 8f31344 - fix patch metadata - fix Patch-mainline: patches.suse/0001-mm-THP-swap-fix-allocating-cluster-for-swapfile-by-m.patch - commit 47f49e5 - blacklist.conf: ffedeeb780dc linkage: Introduce new macros for assembler symbols - commit 3f22bb2 - usb: typec: ucsi: Report power supply changes (git-fixes). - commit 23870a2 - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - commit adf56a8 - arm64: lock down kernel in secure boot mode (jsc#SLE-15020). - Update config file: Enable CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and its dependencies. - commit 6f11f98 - arm64/ima: add ima_arch support (jsc#SLE-15020). - ima: generalize x86/EFI arch glue for other EFI architectures (jsc#SLE-15020). - commit 6c08e9b - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - commit 61bc819 - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - mac80211: always wind down STA state (git-fixes). - commit 0772cb9 - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - commit d9b4c40 - efi: generalize efi_get_secureboot (jsc#SLE-15020). - Refresh patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch. - commit 5086d30 - speakup: Do not let the line discipline be used several times (CVE-2020-28941 bsc#1178740). - commit 94aeaf9 - x86/ima: use correct identifier for SetupMode variable (jsc#SLE-15020). - commit f8d6ce0 - blacklist.conf: add two more bpf commits 197afc631413 libbpf: Don‘t attempt to load unused subprog as an entry-point BPF program 2acc3c1bc8e9 selftests/bpf: Fix error return code in run_getsockopt_test() - commit d1b0a66 - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - commit c5101f8 - libbpf: Fix VERSIONED_SYM_COUNT number parsing (bsc#1177028). - bpf: Relax return code check for subprograms (bsc#1177028). - tools, bpftool: Add missing close before bpftool net attach exit (bsc#1177028). - bpf: verifier: Use target program's type for access verifications (bsc#1177028). - bpf: sockmap: Allow update from BPF (bsc#1177028). - bpf: sockmap: Call sock_map_update_elem directly (bsc#1177028). - bpf: sockmap: Merge sockmap and sockhash update functions (bsc#1177028). - commit c8ac81c ++++ kernel-firmware: - Fix build with older distros due to missing _firmwaredir ++++ Mesa: - update to 20.2.3 * third bugfix release for the 20.2 branch ++++ ceph: - Update to 16.0.0-7497-g63a0682c7e: + rebase on tip of upstream "master" branch, SHA1 8c6b533ee85e7fe2cd19e5dbb6f0363898f5a2ee ++++ systemd: - Import commit 49caf8e37aba04841e5493ccc25e7edab462d95b f8f7286527 units: restore sysfs conditions in sys-fs-fuse-connections.mount and sys-kernel-config.mount e9c7158dc7 units: wait until some fs modules are entirely loaded before mounting their corresponding filesystem (bsc#1178631) ac7ddc4201 Revert "units: skip modprobe@.service if the unit appears to be already loaded" 17310a1d19 core: serialize u->pids until the processes have been moved to the scope cgroup (bsc#1174436) 1416965614 meson: add option to skip installing to $sysconfdir f71a1ef5d0 systemctl: give a nice hint about org.freedesktop.LogControl1 when applicable 20a3f9fd95 systemctl: immediately reject invalid log levels 9f67d2e57b systemctl: merge log_target(), log_level(), service_log_setting() ddf7cf4872 systemctl: add service-log-{level,target} verbs 026d7d156d systemctl: list unit introspection verbs first, modification second ++++ libtpms: - Update to version 0.7.4 * Addressed potential constant-time related issues in TPM 1.2 and TPM 2 code TPM 1.2: RSA decryption TPM 2: EcSchnorr and EcSM2 signatures; Ecsda is handled by OpenSSL * Fixed some compilation issues ++++ libxkbcommon: - Update to release 1.0.3 * Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device() in some unclear situation (bug introduced in 1.0.2). * Fix keymaps created with xkb_x11_keymap_new_from_device() do not have level names (bug introduced in 0.8.0). ++++ yast2-trans: - Update to version 84.87.20201122.ac554fbdd6: * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'nis'. * New POT for text domain 'journal'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'alternatives'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'bootloader'. * New POT for text domain 'firstboot'. ------------------------------------------------------------------ ------------------ 2020-11-22 - Nov 22 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI workaround for USB audio driver (bsc#1178203). - commit 9a89b5e ++++ kernel-firmware: - Update to version 20201120 (bc9cd0b7b0e9): including AMDGPU update (bsc#1179062) and ath11k addition (bsc#1178274) * linux-firmware: Update AMD SEV firmware * amdgpu: add sienna cichlid firmware for 20.45 * amdgpu: update vega20 firmware for 20.45 * amdgpu: update vega12 firmware for 20.45 * amdgpu: update vega10 firmware for 20.45 * amdgpu: update renoir firmware for 20.45 * amdgpu: update navi14 firmware for 20.45 * amdgpu: update navi12 firmware for 20.45 * amdgpu: update navi10 firmware for 20.45 * amdgpu: update raven2 firmware for 20.45 * amdgpu: update raven firmware for 20.45 * rtlwifi: v88.2 firmware files for RTL8192CU * rtw88: RTL8822C: Update firmware to v9.9.4 * Revert "rtw88: RTL8822C: Update firmware to v9.9.4" * vpdma: Move firmware to ti directory * amdgpu: update picasso VCN firmware * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * rtw88: RTL8822C: Update firmware to v9.9.4 * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A * QCA: Update Bluetooth firmware for QCA6390 * qcom : updated venus firmware files for v5.4 * QCA : Fixed BT SSR due to command timeout / IO fatal error * ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 * ath11k: QCA6390 hw2.0: add board-2.bin * ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ8074 hw2.0: add board-2.bin * ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ6018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077 * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1 - ath11k is split into its own subpackage due to its size - Update topics list and aliases accordingly ++++ swtpm: - Update to version 0.5.1 * swtpm & swtpm_setup: - Addressed potential symlink attack issue (CVE-2020-28407) * build-sys: - Fix configure python cryptography error message - Misc. spec file changes. ------------------------------------------------------------------ ------------------ 2020-11-21 - Nov 21 2020 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvcreate not wiping the lvm signature without prompting with --yes parameter (bsc#1177734) + bug-1177734_raid-no-wiping-when-zeroing-raid-metadata-device.patch ++++ kernel-default: - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - commit 5ad6aa8 - ALSA: hda/ca0132: Fix compile warning without PCI (git-fixes). - commit 279d4c5 - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - Refresh patches.suse/edac-amd64-add-amd-family-17h-model-60h-pci-ids.patch. - Refresh patches.suse/edac-amd64-add-family-ops-for-family-19h-models-00h-0fh.patch. - Refresh patches.suse/edac-amd64-add-pci-device-ids-for-family-17h-model-70h.patch. - Refresh patches.suse/edac-amd64-save-max-number-of-controllers-to-family-type.patch. - commit 889ea68 - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - Refresh patches.suse/ALSA-usb-audio-Fix-potential-use-after-free-of-strea.patch. - Refresh patches.suse/ALSA-usb-audio-set-the-interface-format-after-resume.patch. - commit 0f18878 - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - commit 535b061 - ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid (jsc#SLE-13489). - commit 9c738ab - ASOC: Intel: kbl_rt5663_rt5514_max98927: Do not try to disable disabled clock (git-fixes). - ASoC: Intel: KMB: Fix S24_LE configuration (git-fixes). - commit 4a82e7d - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - commit 55dbb32 - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - commit 263a905 - EDAC/amd64: Gather hardware information early (bsc#1179001). - Refresh patches.suse/edac-amd64-save-max-number-of-controllers-to-family-type.patch. - commit 23c7468 - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). Refresh patches.suse/edac-amd64-add-family-ops-for-family-19h-models-00h-0fh.patch. - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - commit 7a2a5fc ++++ c-ares: - add BR for pkg-config to get the provides in the devel package ++++ lvm2: - lvcreate not wiping the lvm signature without prompting with --yes parameter (bsc#1177734) + bug-1177734_raid-no-wiping-when-zeroing-raid-metadata-device.patch ++++ libseccomp: - update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys - remove testsuite-riscv64-missing-syscalls.patch ------------------------------------------------------------------ ------------------ 2020-11-20 - Nov 20 2020 ------------------- ------------------------------------------------------------------ ++++ btrfsmaintenance: - btrfsmaintenance.service-delete-install-section.patch: Remove [Install] section (bsc#1178874) ++++ librsvg: - Update to version 2.50.2: + Fix dx/dy offsets in nested elements. ++++ gnutls: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) * add 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch ++++ hwinfo: - merge gh#openSUSE/hwinfo#89 - rework network device detection on aarch64 (bsc#1177600, bsc#1177261) - 21.71 ++++ kernel-default: - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - commit 13bd533 - mm/memremap.c: convert devmap static branch to {inc,dec} (jsc#SLE-16387). - commit 28e3712 - lib: fix test_hmm.c reference after free (jsc#SLE-16387). - commit 6494bc7 - MAINTAINERS: add HMM selftests (jsc#SLE-16387). - commit de2b551 - mm/hmm/test: add selftests for HMM (jsc#SLE-16387). - commit 04c8e1c - mm/hmm/test: add selftest driver for HMM (jsc#SLE-16387). - Update config files. - commit dc51e9f - brcmfmac: Fix warning message after dongle setup failed (git-fixes). - commit 21b5253 - Update config files: Enable imx8's SPI, dmaengine and alsa components - supported.conf: Add spi-imx and imx-sdma - commit e5360c4 - powerpc/32s: Prepare prevent_user_access() for user_access_end() (CVE-2020-4788 bsc#1177666). - commit 2118998 - powerpc/32s: Drop NULL addr verification (CVE-2020-4788 bsc#1177666). - commit 764b74e - spi: cadence-quadspi: Fix error return code in cqspi_probe (git-fixes). - commit 8996fc5 - dmaengine: imx-dma: Mark expected switch fall-through (jsc#SLE-16106). - commit 6962d07 - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - commit 21f8205 - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - commit 8099b4b - fs/select.c: batch user writes in do_sys_poll (CVE-2020-4788 bsc#1177666). - commit e2a69e2 - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: add check_session_state() helper and make it global (bsc#1179012). - commit d99bb08 - Refresh patches.suse/crypto-safexcel-des-switch-to-new-verification-routines.patch. The removal of the variable flags in safexcel_aead_setkey() was somehow missed, creating warnings on Leap kernels. - commit 88b5f9f - Revert "- crypto: caam - share definition for MAX_SDLEN (jsc#SLE-14454)." This reverts commit 3551d7147c4c8c2560932f1461fa9ae2dabaae66. The patch was already introduced by 51f999dc1fe74962969c521a27218efa49298292 but with a slightly different file name. - commit c8b4478 - spi: introduce fallback to pio (jsc#SLE-16106). - commit 415e477 - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc "(kABI: revert use_mm name change (MM Functionality, bsc#1178426))". The scripts/git_sort/lib.py script matches the upper-case "K" in the header. - commit cec3f48 - selftests/powerpc: entry flush test (CVE-2020-4788 bsc#1177666). - powerpc/64s: flush L1D after user accesses (CVE-2020-4788 bsc#1177666). - powerpc/64s: flush L1D on kernel entry (CVE-2020-4788 bsc#1177666). - selftests/powerpc: rfi_flush: disable entry flush if present (CVE-2020-4788 bsc#1177666). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (CVE-2020-4788 bsc#1177666). - selftests/powerpc: entry flush test (CVE-2020-4788 bsc#1177666). - powerpc: Only include kup-radix.h for 64-bit Book3S (CVE-2020-4788 bsc#1177666). - powerpc/64s: flush L1D after user accesses (CVE-2020-4788 bsc#1177666). - powerpc/64s: flush L1D on kernel entry (CVE-2020-4788 bsc#1177666). - selftests/powerpc: rfi_flush: disable entry flush if present (CVE-2020-4788 bsc#1177666). - commit e2755de - Fonts: Replace discarded const qualifier (CVE-2020-28915 bsc#1178886). - commit 1896c0d - fbcon: Fix global-out-of-bounds read in fbcon_get_font() (CVE-2020-28915 bsc#1178886). - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (CVE-2020-28915 bsc#1178886). - commit cf5442f - Refresh patch reference for font fix patch (CVE-2020-28915 bsc#1178886) - commit 1add793 - selftests/powerpc: Skip security tests on older CPUs (CVE-2020-4788 bsc#1177666). - commit 1bc32c0 - ACPI: processor: fix NONE coordination for domain mapping failure (jsc#SLE-14771). - cppc_cpufreq: expose information on frequency domains (jsc#SLE-14771). - cppc_cpufreq: clarify support for coordination types (jsc#SLE-14771). - cppc_cpufreq: use policy->cpu as driver of frequency setting (jsc#SLE-14771). - cppc_cpufreq: replace per-cpu structures with lists (jsc#SLE-14771). - cppc_cpufreq: simplify use of performance capabilities (jsc#SLE-14771). - cppc_cpufreq: clean up cpu, cpu_num and cpunum variable use (jsc#SLE-14771). - cppc_cpufreq: fix misspelling, code style and readability issues (jsc#SLE-14771). - ACPI: CPPC: Make some symbols static (jsc#SLE-14771). - ACPI: CPPC: clean up acpi_get_psd_map() (jsc#SLE-14771). - commit f7b4058 - blacklist.conf: add RISC V patch - commit 42e5de9 - ACPI: fan: Initialize performance state sysfs attribute (git-fixes). - net: phy: realtek: support paged operations on RTL8201CP (git-fixes). - commit f04c666 - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop mode property comment (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - commit 3d08124 - kbuild: make Clang build userprogs for target architecture (bsc#1177028). - commit 11fffeb - efi/libstub: Drop 'table' argument from efi_table_attr() macro (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/libstub: Drop protocol argument from efi_call_proto() macro (jsc#SLE-16407). - efi/libstub/x86: Work around page freeing issue in mixed mode (jsc#SLE-16407). - efi/libstub/x86: Drop __efi_early() export and efi_config struct (jsc#SLE-16407). Refresh patches.suse/x86-boot-compressed-64-add-idt-infrastructure. Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch - efi/libstub: Unify the efi_char16_printk implementations (jsc#SLE-16407). - efi/libstub: Get rid of 'sys_table_arg' macro parameter (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - efi/libstub: Avoid protocol wrapper for file I/O routines (jsc#SLE-16407). - efi/libstub/x86: Avoid thunking for native firmware calls (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - efi/libstub: Annotate firmware routines as __efiapi (jsc#SLE-16407). - efi/libstub: Use stricter typing for firmware function pointers (jsc#SLE-16407). - efi/libstub: Drop explicit 32/64-bit protocol definitions (jsc#SLE-16407). - efi/libstub: Distinguish between native/mixed not 32/64 bit (jsc#SLE-16407). - efi/libstub: Extend native protocol definitions with mixed_mode aliases (jsc#SLE-16407). - efi/libstub: Use a helper to iterate over a EFI handle array (jsc#SLE-16407). - efi/x86: Rename efi_is_native() to efi_is_mixed() (jsc#SLE-16407). - efi/libstub: Remove unused __efi_call_early() macro (jsc#SLE-16407). - efi/gop: Unify 32/64-bit functions (jsc#SLE-16407). - efi/gop: Convert GOP structures to typedef and clean up some types (jsc#SLE-16407). - efi/gop: Remove unused typedef (jsc#SLE-16407). - efi/gop: Remove bogus packed attribute from GOP structures (jsc#SLE-16407). - efi/capsule-loader: Explicitly include linux/io.h for page_to_phys() (jsc#SLE-16407). - x86/efi: Explicitly include realmode.h to handle RM trampoline quirk (jsc#SLE-16407). - x86/efistub: Disable paging at mixed mode entry (jsc#SLE-16407). - commit 7d8fae9 - treewide: Use sizeof_field() macro (jsc#SLE-16407). - commit f4dcb62 - pinctrl: lynxpoint: Move GPIO driver to pin controller folder (jsc#SLE-12730). - Refresh patches.suse/pinctrl-intel-Add-Intel-Alder-Lake-S-pin-controller-.patch. - commit 66f9d94 ++++ util-linux: - prepare usrmerge (boo#1029961) ++++ fuse3: - Drop /sbin links; they do not seem to be used from anywhere. - Package "permission" is required in %post, not %pre. - Update descriptions. ++++ systemd: - systemd-default-settings is needed by %post scriptlet ++++ libxkbcommon: - Update to release 1.0.2 * Fix a bug where a keysym that cannot be resolved in a keymap gets compiled to a garbage keysym. Now it is set to XKB_KEY_NoSymbol instead. * Improve the speed of xkb_x11_keymap_new_from_device() on repeated calls in the same xkb_context(). ++++ perl-ExtUtils-MakeMaker: - updated to 7.56 see /usr/share/doc/packages/perl-ExtUtils-MakeMaker/Changes 7.56 Thu 19 Nov 19:57:05 GMT 2020 No changes since v7.55_01 7.55_01 Wed 18 Nov 18:23:19 GMT 2020 Bug fixes: - RT#133762 Explicitly print to STDOUT in EUMM.pm ++++ suse-module-tools: - Add bugref for bsc#1174287 and bsc#1172745 * The workaround for these was in 15.3.5 already. ++++ tcl: - Add a manpage symlink for tclsh8.6. ++++ tk: - Fix manpage symlink for wish8.6. ++++ u-boot-rpiarm64: - Added u-boot tools binaries to tools package - Add pinebook-pro-rk3399 support ++++ util-linux-systemd: - prepare usrmerge (boo#1029961) ++++ virt-manager: - bsc#1172340 - Several YaST modules can be started by typing "yast2 $module " virt-install.rb ------------------------------------------------------------------ ------------------ 2020-11-19 - Nov 19 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: git-fixes blacklist for drm v5.8 - commit 9af7e74 - usb: dwc3: pci: add support for the Intel Alder Lake-S (jsc#SLE-13489). - commit 030ca85 - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cfg80211: initialize wdev data earlier (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - commit 0ba4e11 - futex: Don't enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1149032). - commit 15c899a - kABI workaround for HD-audio (git-fixes). - commit 97e2fbf - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - commit 6f153b9 - x86/asm/32: Change all ENTRY+ENDPROC to SYM_FUNC_* (jsc#SLE-16407). Joey Lee: Only backporting EFI files for later EFI stub changing. - linkage: Introduce new macros for assembler symbols (jsc#SLE-16407). - commit 0db172f - gpio: aspeed: avoid return type warning (git-fixes). - commit 3ce1279 - Add blacklist and no-fix for superfluous gpio and pinctrl commits - commit e89ba63 - gpio: aspeed: fix ast2600 bank properties (git-fixes). - gpio/aspeed-sgpio: don't enable all interrupts by default (git-fixes). - gpio/aspeed-sgpio: enable access to all 80 input & output sgpios (git-fixes). - Revert "gpio: thunderx: Switch to GPIOLIB_IRQCHIP" (git-fixes). - MAINTAINERS: Append missed file to the database (git-fixes). - pinctrl: pinmux: fix a possible null pointer in pinmux_can_be_used_for_gpio (git-fixes). - gpio: aspeed-sgpio: Rename and add Kconfig/Makefile (git-fixes). - pinctrl: stmfx: fix valid_mask init sequence (git-fixes). - commit d2a6950 - arm64: thunderX2: drop support for pre-production silicon revisions References: jsc#11529 - commit 5a94cc5 - cpufreq: CPPC: Reuse caps variable in few routines (jsc#SLE-14771). - cpufreq: cppc: Reorder code and remove apply_hisi_workaround variable (jsc#SLE-14771). - mailbox: pcc: Put the PCCT table for error path (jsc#SLE-14771). - mailbox: pcc: make pcc_mbox_driver static (jsc#SLE-14771). - cpufreq: CPPC: add SW BOOST support (jsc#SLE-14771). - cpufreq: change '.set_boost' to act on one policy (jsc#SLE-14771). - cpufreq: CPPC: put ACPI table after using it (jsc#SLE-14771). - cpufreq : CPPC: Break out if HiSilicon CPPC workaround is matched (jsc#SLE-14771). - commit 7996b85 - pinctrl: intel: Fix 2 kOhm bias which is 833 Ohm (jsc#SLE-12730). - pinctrl: sunrisepoint: Modify COMMUNITY macros to be consistent (jsc#SLE-12730). - pinctrl: cannonlake: Modify COMMUNITY macros to be consistent (jsc#SLE-12730). - pinctrl: intel: Update header block to reflect direct dependencies (jsc#SLE-12730). - pinctrl: cherryview: Switch to use intel_pinctrl_get_soc_data() (jsc#SLE-12730). - pinctrl: baytrail: Switch to use intel_pinctrl_get_soc_data() (jsc#SLE-12730). - pinctrl: intel: Extract intel_pinctrl_get_soc_data() helper for wider use (jsc#SLE-12730). - pinctrl: cherryview: Utilize temporary variable to hold device pointer (jsc#SLE-12730). - pinctrl: cherryview: Switch to use struct intel_pinctrl (jsc#SLE-12730). - pinctrl: cherryview: Move custom community members to separate data struct (jsc#SLE-12730). - pinctrl: cherryview: Drop stale comment (jsc#SLE-12730). - commit 19aef60 - pinctrl: merrifield: Add I2S bus 2 pins to groups and functions (jsc#SLE-12730). - commit ba1d01c - pinctrl: cherryview: Preserve CHV_PADCTRL1_INVRXTX_TXDATA flag on GPIOs (jsc#SLE-12730). - pinctrl: baytrail: Use fallthrough pseudo-keyword (jsc#SLE-12730). - pinctrl: merrifield: Update pin names in accordance with official list (jsc#SLE-12730). - pinctrl: baytrail: Drop no-op ACPI_PTR() call (jsc#SLE-12730). - pinctrl: lynxpoint: Drop no-op ACPI_PTR() call (jsc#SLE-12730). - pinctrl: lynxpoint: Introduce helpers to enable or disable input (jsc#SLE-12730). - pinctrl: lynxpoint: Make use of for_each_requested_gpio() (jsc#SLE-12730). - pinctrl: intel: Make use of for_each_requested_gpio_in_range() (jsc#SLE-12730). - pinctrl: intel: Protect IO in few call backs by lock (jsc#SLE-12730). - pinctrl: intel: Split intel_config_get() to three functions (jsc#SLE-12730). - pinctrl: intel: Drop the only label in the code for consistency (jsc#SLE-12730). - pinctrl: intel: Get rid of redundant 'else' in intel_config_set_debounce() (jsc#SLE-12730). - pinctrl: intel: Make use of IRQ_RETVAL() (jsc#SLE-12730). - pinctrl: intel: Reduce scope of the lock (jsc#SLE-12730). - pinctrl: intel: Disable input and output buffer when switching to GPIO (jsc#SLE-12730). - pinctrl: cherryview: Re-use data structures from pinctrl-intel.h (part 3) (jsc#SLE-12730). - pinctrl: intel: Allow drivers to define ACPI address space ID (jsc#SLE-12730). - pinctrl: intel: Allow drivers to define total amount of IRQs per community (jsc#SLE-12730). - pinctrl: cherryview: Convert chv_writel() to use chv_padreg() (jsc#SLE-12730). - pinctrl: cherryview: Introduce helpers to IO with common registers (jsc#SLE-12730). - pinctrl: cherryview: Introduce chv_readl() helper (jsc#SLE-12730). - gpiolib: Introduce for_each_requested_gpio_in_range() macro (jsc#SLE-12730). - commit 2be8053 - pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) (jsc#SLE-12730). - pinctrl: intel: Move npins closer to pin_base in struct intel_community (jsc#SLE-12730). - pinctrl: intel: Update description in struct intel_community (jsc#SLE-12730). - pinctrl: lynxpoint: Use platform_get_irq_optional() explicitly (jsc#SLE-12730). - pinctrl: baytrail: Use platform_get_irq_optional() explicitly (jsc#SLE-12730). - pinctrl: icelake: Use generic flag for special GPIO base treatment (jsc#SLE-12730). - pinctrl: cannonlake: Use generic flag for special GPIO base treatment (jsc#SLE-12730). - pinctrl: cherryview: Use GENMASK() consistently (jsc#SLE-12730). - pinctrl: cherryview: Re-use data structures from pinctrl-intel.h (part 2) (jsc#SLE-12730). - commit efa95a6 - Update config files. - Refresh patches.suse/pinctrl-intel-Add-Intel-Alder-Lake-S-pin-controller-.patch. - Refresh patches.suse/pinctrl-lynxpoint-Move-GPIO-driver-to-pin-controller.patch. - supported.conf: Add pinctrl-lynxpoint - commit 7d43af8 - pinctrl: sunrisepoint: Add Coffee Lake-S ACPI ID (jsc#SLE-12730). - pinctrl: intel: Pass irqchip when adding gpiochip (jsc#SLE-12730). - pinctrl: intel: Add GPIO <-> pin mapping ranges via callback (jsc#SLE-12730). - pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output (jsc#SLE-12730). - pinctrl: lynxpoint: Update summary in the driver (jsc#SLE-12730). - pinctrl: lynxpoint: Switch to pin control API (jsc#SLE-12730). - pinctrl: lynxpoint: Add GPIO <-> pin mapping ranges via callback (jsc#SLE-12730). - pinctrl: lynxpoint: Implement ->pin_dbg_show() (jsc#SLE-12730). - pinctrl: lynxpoint: Add pin control operations (jsc#SLE-12730). - pinctrl: lynxpoint: Reuse struct intel_pinctrl in the driver (jsc#SLE-12730). - pinctrl: lynxpoint: Add pin control data structures (jsc#SLE-12730). - pinctrl: lynxpoint: Implement intel_gpio_get_direction callback (jsc#SLE-12730). - pinctrl: lynxpoint: Implement ->irq_ack() callback (jsc#SLE-12730). - pinctrl: lynxpoint: Move ownership check to IRQ chip (jsc#SLE-12730). - pinctrl: lynxpoint: Move lp_irq_type() closer to IRQ related routines (jsc#SLE-12730). - pinctrl: lynxpoint: Move ->remove closer to ->probe() (jsc#SLE-12730). - pinctrl: lynxpoint: Extract lp_gpio_acpi_use() for future use (jsc#SLE-12730). - pinctrl: lynxpoint: Convert unsigned to unsigned int (jsc#SLE-12730). - pinctrl: lynxpoint: Switch to memory mapped IO accessors (jsc#SLE-12730). - pinctrl: lynxpoint: Keep pointer to struct device instead of its container (jsc#SLE-12730). - pinctrl: lynxpoint: Relax GPIO request rules (jsc#SLE-12730). - pinctrl: lynxpoint: Assume 2 bits for mode selector (jsc#SLE-12730). - pinctrl: lynxpoint: Use standard pattern for memory allocation (jsc#SLE-12730). - pinctrl: lynxpoint: Use %pR to print IO resource (jsc#SLE-12730). - pinctrl: lynxpoint: Drop useless assignment (jsc#SLE-12730). - pinctrl: lynxpoint: Correct amount of pins (jsc#SLE-12730). - pinctrl: lynxpoint: Use raw_spinlock for locking (jsc#SLE-12730). - pinctrl: baytrail: Reuse struct intel_pinctrl in the driver (jsc#SLE-12730). - pinctrl: baytrail: Use local variable to keep device pointer (jsc#SLE-12730). - pinctrl: baytrail: Keep pointer to struct device instead of its container (jsc#SLE-12730). - pinctrl: intel: Share struct intel_pinctrl for wider use (jsc#SLE-12730). - pinctrl: intel: Use GPIO direction definitions (jsc#SLE-12730). - pinctrl: cherryview: Use GPIO direction definitions (jsc#SLE-12730). - pinctrl: baytrail: Use GPIO direction definitions (jsc#SLE-12730). - pinctrl: baytrail: Move IRQ valid mask initialization to a dedicated callback (jsc#SLE-12730). - pinctrl: baytrail: Group GPIO IRQ chip initialization (jsc#SLE-12730). - pinctrl: baytrail: Allocate IRQ chip dynamic (jsc#SLE-12730). - commit be1af4d - pinctrl: sunrisepoint: Add missing Interrupt Status register offset (jsc#SLE-12730). - Refresh patches.suse/pinctrl-sunrisepoint-Fix-PAD-lock-register-offset-fo.patch. - commit 58844ce - pinctrl: cherryview: Missed type change to unsigned int (jsc#SLE-12730). - Refresh patches.suse/pinctrl-cherryview-Add-missing-spinlock-usage-in-chv.patch. - commit 2b6f93f - pinctrl: intel: Use helper to restore register values on - >resume() (jsc#SLE-12730). - Refresh patches.suse/pinctrl-intel-Introduce-common-flags-for-GPIO-mappin.patch. - commit 07edd70 - pinctrl: intel: Introduce intel_restore_hostown() helper (jsc#SLE-12730). - Refresh patches.suse/pinctrl-intel-Introduce-common-flags-for-GPIO-mappin.patch. - commit 2eb52ff - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - commit 0640a68 - Move patches.suse/compiler.h-Enforce-that-READ_ONCE_NOCHECK-access-siz.patch into sorted section. For some reason, the above patch was in the kABI padding section. That's clearly wrong, move it out of the kABI padding section and into sorted patches section. - commit a46db82 - tty/sysrq: constify the sysrq API (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - commit 28757bc - tty/sysrq: alpha: export and use __sysrq_get_key_op() (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - commit 0885df4 - i2c: add helper to check if a client has a driver attached (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - commit ff6d2f4 - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - commit b2a9d8e - x86/asm: Change all ENTRY+ENDPROC to SYM_FUNC_* (jsc#SLE-16407). Joey Lee: Only backporting EFI files for later EFI stub changing. - x86/asm: Make some functions local (jsc#SLE-16407). - Refresh patches.suse/x86-entry-64-handle-fsgsbase-enabled-paranoid-entry-exit.patch. - Refresh patches.suse/x86-entry-64-switch-cr3-before-swapgs-in-paranoid-entry.patch. - Refresh patches.suse/x86-powerpc-rename-memcpy_mcsafe-to-copy_mc_to_-user-kernel.patch. - x86/boot: Annotate data appropriately (jsc#SLE-16407). Refresh patches.suse/x86-boot-compressed-64-add-idt-infrastructure. - x86/asm: Annotate aliases (jsc#SLE-16407). Refresh patches.suse/x86-cpufeatures-Add-support-for-fast-short-REP-MOVSB.patch. - x86/asm/crypto: Annotate local functions (jsc#SLE-16407). - x86/asm: Make more symbols local (jsc#SLE-16407). - commit c5b2503 - bpf: Fix two typos in uapi/linux/bpf.h (bsc#1177028). - bpf: Make bpf_link API available indepently of CONFIG_BPF_SYSCALL (bsc#1177028). - bpf: Drop duplicated words in uapi helper comments (bsc#1177028). - xdp: introduce xdp_get_shared_info_from_{buff, frame} utility routines (bsc#1177028). Refresh patches - patches.suse/bpf-cpumap-Add-the-possibility-to-attach-an-eBPF-pro.patch - patches.suse/bpf-cpumap-Implement-XDP_REDIRECT-for-eBPF-programs-.patch - bpf: Switch most helper return values from 32-bit int to 64-bit long (bsc#1177028). Refresh patches: - patches.suse/bpf-Introduce-SK_LOOKUP-program-type-with-a-dedicate.patch - patches.suse/bpf-Sync-linux-bpf.h-to-tools.patch - patches.suse/bpf-Fix-comment-for-helper-bpf_current_task_under_cg.patch - commit dd3217c - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - commit ed80277 ++++ c-ares: - ares_dns.h, missing_header.patch: re-add missing header in last release ++++ schily-libs: - fix_junk_in_partition.patch: Initialize memory that created the partition table instead of writing random bytes to it (bsc#1178692) ++++ snapper: - state in man-pages that ext4 support is discontinued (gh#openSUSE/snapper#331) ++++ cdrtools: - fix_junk_in_partition.patch: Initialize memory that created the partition table instead of writing random bytes to it (bsc#1178692) ++++ pam: - pam_cracklib: added code to check whether the password contains a substring of of the user's name of at least characters length in some form. This is enabled by the new parameter "usersubstr=" See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] ++++ qemu: - Added io_uring support. ++++ systemd-default-settings: - Issue a daemon-reload in %post of the main package - Import 0.5 0c5e241 SLE: turn off RemoveIPC by default for logind (fate#320125) cb6914f SLE: restore ProtectHostname=no for udevd (bsc#1178374) 7e332a6 Add a header in all each drop-ins 465e1c7 Makefile: simplify 'archive' target ------------------------------------------------------------------ ------------------ 2020-11-18 - Nov 18 2020 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - memremap: provide a not device managed memremap_pages (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Refresh patches.suse/mm-memunmap-don-t-access-uninitialized-memmap-in-mem.patch. - commit a124be7 - memremap: don't use a separate devm action for devmap_managed_enable_get (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - commit 4d6242f - memremap: remove the dev field in struct dev_pagemap (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Refresh patches.suse/PCI-P2PDMA-Introduce-private-pagemap-structure.patch. - Refresh patches.suse/mm-memunmap-don-t-access-uninitialized-memmap-in-mem.patch. - commit 1feeaf5 - x86/efi: EFI soft reservation to E820 enumeration (jsc#SLE-16407). Refresh patches.suse/x86-efi-Add-efi_fake_mem-support-for-EFI_MEMORY_SP-199c8471.patch. - efi: Common enable/disable infrastructure for EFI soft reservation (jsc#SLE-16407). - Refresh patches.suse/efi-Store-mask-of-supported-runtime-services-in-stru.patch. patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch. - Update config files. CONFIG_EFI_SOFT_RESERVE=y on x86_64/default, arm64/default - x86: efi/random: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table (jsc#SLE-16407). - commit 4faf531 - usb: dwc3: Add ACPI support for xHCI ports (jsc#SLE-12251). - commit 324b394 - pinctrl: cherryview: Pass irqchip when adding gpiochip (jsc#SLE-12730). - pinctrl: cherryview: Add GPIO <-> pin mapping ranges via callback (jsc#SLE-12730). - pinctrl: cherryview: Split out irq hw-init into a separate helper function (jsc#SLE-12730). - pinctrl: baytrail: Pass irqchip when adding gpiochip (jsc#SLE-12730). - pinctrl: baytrail: Add GPIO <-> pin mapping ranges via callback (jsc#SLE-12730). - pinctrl: baytrail: Update North Community pin list (jsc#SLE-12730). - pinctrl: intel: Missed type change to unsigned int (jsc#SLE-12730). - pinctrl: intel: Drop level from warning to debug in intel_restore_hostown() (jsc#SLE-12730). - pinctrl: intel: Introduce intel_restore_intmask() helper (jsc#SLE-12730). - pinctrl: intel: Introduce intel_restore_padcfg() helper (jsc#SLE-12730). - pinctrl: cherryview: Fix spelling mistake in the comment (jsc#SLE-12730). - commit 7f8dbee - pinctrl: baytrail: Re-use data structures from pinctrl-intel.h (part 2) (jsc#SLE-12730). - Refresh patches.suse/0001-pinctrl-baytrail-Really-serialize-all-register-acces.patch. - commit e0a9108 - pinctrl: sunrisepoint: Provide Interrupt Status register offset (jsc#SLE-12730). - Refresh patches.suse/pinctrl-sunrisepoint-Fix-PAD-lock-register-offset-fo.patch. - commit dfae0e2 - pinctrl: intel: mark intel_pin_to_gpio __maybe_unused (jsc#SLE-12730). - pinctrl: intel: Allow to request locked pads (jsc#SLE-12730). - pinctrl: cherryview: Remove dev_err() usage after platform_get_irq() (jsc#SLE-12730). - pinctrl: intel: Remove dev_err() usage after platform_get_irq() (jsc#SLE-12730). - pinctrl: intel: Use NSEC_PER_USEC for debounce calculus (jsc#SLE-12730). - pinctrl: intel: Remove default Interrupt Status offset (jsc#SLE-12730). - pinctrl: lewisburg: Provide Interrupt Status register offset (jsc#SLE-12730). - pinctrl: icelake: Provide Interrupt Status register offset (jsc#SLE-12730). - pinctrl: geminilake: Provide Interrupt Status register offset (jsc#SLE-12730). - pinctrl: cannonlake: Provide Interrupt Status register offset (jsc#SLE-12730). - pinctrl: broxton: Provide Interrupt Status register offset (jsc#SLE-12730). - pinctrl: intel: Simplify offset validation in intel_get_padcfg() (jsc#SLE-12730). - pinctrl: intel: Drop double check for data in intel_pinctrl_probe_by_uid() (jsc#SLE-12730). - pinctrl: merrifield: Use devm_platform_ioremap_resource() (jsc#SLE-12730). - pinctrl: intel: Use devm_platform_ioremap_resource() (jsc#SLE-12730). - pinctrl: cherryview: Use devm_platform_ioremap_resource() (jsc#SLE-12730). - pinctrl: baytrail: Use devm_platform_ioremap_resource() (jsc#SLE-12730). - commit ee7dd05 - Revert "gpio: merrifield: Pass irqchip when adding gpiochip" (jsc#SLE-12730). - Revert "gpio: merrifield: Restore use of irq_base" (jsc#SLE-12730). - commit 778c0ed - Revert "gpio: merrifield: Move hardware initialization to callback" (jsc#SLE-12730). - gpio: lynxpoint: set default handler to be handle_bad_irq() (jsc#SLE-12730). - gpio: merrifield: Move hardware initialization to callback (jsc#SLE-12730). - gpio: lynxpoint: Move hardware initialization to callback (jsc#SLE-12730). - gpio: intel-mid: Move hardware initialization to callback (jsc#SLE-12730). - gpio: merrifield: Restore use of irq_base (jsc#SLE-12730). - pinctrl/gpio: Take MUX usage into account (jsc#SLE-12730). - commit a8fa4e0 - gpiolib: of: add a fallback for wlf,reset GPIO name (jsc#SLE-12730). - Refresh patches.suse/usb-fusb302-convert-to-use-gpio-descriptors.patch. - commit 9cd8b23 - gpio: Initialize the irqchip valid_mask with a callback (jsc#SLE-12730). - Refresh patches.suse/gpiolib-Initialize-the-hardware-with-a-callback.patch. - Refresh patches.suse/pinctrl-cherryview-Fix-irq_valid_mask-calculation.patch. - commit 65c5c62 - gpio: htc-egpio: Remove unused exported htc_egpio_get_wakeup_irq() (jsc#SLE-12730). - gpio: remove explicit comparison with 0 (jsc#SLE-12730). - gpio: creg-snps: use devm_platform_ioremap_resource() to simplify code (jsc#SLE-12730). - gpio: aspeed: Add in ast2600 details to Aspeed driver (jsc#SLE-12730). - gpio: aspeed: Use ngpio property from device tree if available (jsc#SLE-12730). - gpio: aspeed: Setup irqchip dynamically (jsc#SLE-12730). - gpiolib: acpi: make acpi_can_fallback_to_crs() static (jsc#SLE-12730). - commit bf8a468 - gpio: of: Normalize return code variable name (jsc#SLE-12730). - Refresh patches.suse/gpiolib-No-need-to-call-gpiochip_remove_pin_ranges-t.patch. - commit a436005 - gpio: gpiolib: Normalize return code variable name (jsc#SLE-12730). - Refresh patches.suse/gpiolib-Initialize-the-hardware-with-a-callback.patch. - Refresh patches.suse/gpiolib-Introduce-add_pin_ranges-callback.patch. - Refresh patches.suse/gpiolib-Switch-order-of-valid-mask-and-hw-init.patch. - Refresh patches.suse/gpiolib-don-t-clear-FLAG_IS_OUT-when-emulating-open-.patch. - commit 591fe46 - gpio: merrifield: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: lynxpoint: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: intel-mid: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: pch: Use dev_get_drvdata (jsc#SLE-12730). - gpio: ep93xx: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: lpc32xx: allow building on non-lpc32xx targets (jsc#SLE-12730). - gpio: ixp4xx: remove redundant dev_err message (jsc#SLE-12730). - commit 970dbfe - intel_idle: Customize IceLake server support (bsc#1178286). - commit eac5b5e - gpio: em: use a helper variable for &pdev->dev (jsc#SLE-12730). - gpio: zynq: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: mt7621: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: aspeed: Add SGPIO driver (jsc#SLE-12730). - gpio: tqmx86: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: vf610: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: zx: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: ftgpio: Move hardware initialization (jsc#SLE-12730). - gpio: Use callback presence to determine need of valid_mask (jsc#SLE-12730). - pinctrl: stmfx: Use the callback to populate valid_mask (jsc#SLE-12730). - commit 2c3ab09 - spi: Stop selecting MTD_SPI_NOR for SPI_HISI_SFC_V3XX (jsc#SLE-14214 jsc#SLE-16606). - commit bcf49c6 - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - commit ba1483e - drivers: qcom: rpmh-rsc: Use rcuidle tracepoints for rpmh (jsc#SLE-12251). - commit e5cbc97 - supported.conf: enable fsl-mph-dr-of for NXP LS1012A References: jsc#SLE-12251 - commit 985a505 - USB: phy: fsl-usb: remove character device usage (jsc#SLE-12251). - USB: phy: fsl-usb: remove sysfs abuse (jsc#SLE-12251). - usb: phy: phy-fsl-usb: Make structure fsl_otg_initdata constant (jsc#SLE-12251). - USB: phy: fsl-usb: convert platform driver to use dev_groups (jsc#SLE-12251). - commit d31fcb5 - Add bug reference to two hv_netvsc patches (bsc#1178853). - commit 2fdc798 - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - commit 47d9c63 - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - commit 803c2b1 - cpuidle: psci: Fix suspicious RCU usage (jsc#SLE-12251). - cpuidle: psci: Prevent domain idlestates until consumers are ready (jsc#SLE-12251). - cpuidle: psci: Convert PM domain to platform driver (jsc#SLE-12251). - cpuidle: psci: Fix error path via converting to a platform driver (jsc#SLE-12251). - cpuidle: psci: Fail cpuidle registration if set OSI mode failed (jsc#SLE-12251). - cpuidle: psci: Split into two separate build objects (jsc#SLE-12251). - drivers/firmware/psci: Assign @err directly in hotplug_tests() (jsc#SLE-12251). - cpuidle: psci: Fixup execution order when entering a domain idle state (jsc#SLE-12251). - cpuidle: psci: Split psci_dt_cpu_init_idle() (jsc#SLE-12251). - cpuidle: psci: Add support for PM domains by using genpd (jsc#SLE-12251). - PM / Domains: Introduce a genpd OF helper that removes a subdomain (jsc#SLE-12251). - cpuidle: psci: Support CPU hotplug for the hierarchical model (jsc#SLE-12251). - cpuidle: psci: Manage runtime PM in the idle path (jsc#SLE-12251). - cpuidle: psci: Prepare to use OS initiated suspend mode via PM domains (jsc#SLE-12251). - cpuidle: psci: Attach CPU devices to their PM domains (jsc#SLE-12251). - cpuidle: psci: Add a helper to attach a CPU to its PM domain (jsc#SLE-12251). - cpuidle: psci: Support hierarchical CPU idle states (jsc#SLE-12251). - cpuidle: psci: Simplify OF parsing of CPU idle state nodes (jsc#SLE-12251). - cpuidle: dt: Support hierarchical CPU idle states (jsc#SLE-12251). - of: base: Add of_get_cpu_state_node() to get idle states for a CPU node (jsc#SLE-12251). - cpuidle: psci: Align psci_power_state count with idle state count (jsc#SLE-12251). - PM / Domains: Align in-parameter names for some genpd functions (jsc#SLE-12251). - commit cfb59fe - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - commit 5a4cff0 - gpio: Pass mask and size with the init_valid_mask() (jsc#SLE-12730). - Refresh patches.suse/gpiolib-Introduce-add_pin_ranges-callback.patch. - commit 4f43960 - gpio: aspeed: Pass irqchip when adding gpiochip (jsc#SLE-12730). - Refresh patches.suse/gpio-aspeed-Fix-incorrect-number-of-banks.patch. - commit 4ad35e3 - gpio: Remove dev_err() usage after platform_get_irq() (jsc#SLE-12730). - Refresh patches.suse/gpio-max77620-Don-t-shadow-error-code-of-platform_ge.patch. - commit 3167e98 - gpio: mockup: don't depend twice on GPIOLIB (jsc#SLE-12730). - gpio: hlwd: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: xlp: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: cadence: Pass irqchip when adding gpiochip (jsc#SLE-12730). - gpio: thunderx: Switch to GPIOLIB_IRQCHIP (jsc#SLE-12730). - gpio: ixp4xx: Convert to hierarchical GPIOLIB_IRQCHIP (jsc#SLE-12730). - gpio: remove ks8695 driver (jsc#SLE-12730). - commit 7ebfb0b - gpiolib: acpi: Split ACPI stuff to gpiolib-acpi.h (jsc#SLE-12730). - Refresh patches.suse/gpiolib-acpi-Add-honor_wakeup-module-option-quirk-me.patch. - Refresh patches.suse/gpiolib-acpi-Rework-honor_wakeup-option-into-an-igno.patch. - Refresh patches.suse/gpiolib-acpi-Turn-dmi_system_id-table-into-a-generic.patch. - commit f7da78b - gpio: madera: Use local copy of pdata (jsc#SLE-12730). - gpio: arizona: Use local copy of pdata (jsc#SLE-12730). - gpio: viperboard: Replace 'unsigned' with 'unsigned int' (jsc#SLE-12730). - gpio: refactor gpiochip_allocate_mask() with bitmap_alloc() (jsc#SLE-12730). - gpiolib-acpi: Move acpi_dev_add_driver_gpios() et al to consumer.h (jsc#SLE-12730). - gpio: max77650: add MODULE_ALIAS() (jsc#SLE-12730). - gpio: bd70528: remove redundant assignment to variable ret (jsc#SLE-12730). - gpio: bd70528: fix spelling misstake "debouce" -> "debounce" (jsc#SLE-12730). - commit b978538 - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (git-fixes). - commit 1361be0 - Update Patch-metadata after merging into mainline: - patches.suse/i40e-xsk-uninitialized-variable-in-i40e_clean_rx_irq.patch - commit 0b71e11 - optee: model OP-TEE as a platform device/driver (jsc#SLE-12251). - tee: optee: Fix compilation issue with nommu (jsc#SLE-12251). - optee: Fix multi page dynamic shm pool alloc (jsc#SLE-12251). - tee: optee: fix device enumeration error handling (jsc#SLE-12251). - tee: optee: Fix dynamic shm pool allocations (jsc#SLE-12251). - tee: optee: add might_sleep for RPC requests (jsc#SLE-12251). - commit 859d294 - x86/platform/uv: Fix copied UV5 output archtype (bsc#1178908 bsc#1177710 jsc#SLE-13285). - x86/platform/uv: Drop last traces of uv_flush_tlb_others (bsc#1178908 bsc#1177710 jsc#SLE-13285). - x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (bsc#1178908 bsc#1177710 jsc#SLE-13285). - x86/platform/uv: Mark is_uv_hubless() static (bsc#1178908 bsc#1177710 jsc#SLE-13285). - commit a7ea789 - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - commit 35dd120 - Add bug reference to a pci-hyperv patch (bsc#1178901). - commit 5530843 - bpfilter: switch bpfilter_ip_set_sockopt to sockptr_t (bsc#1177028). - commit f612634 - Input: sunkbd - avoid use-after-free in teardown paths (CVE-2020-25669 bsc#1178182). - commit bafe1db - bpfilter: Allow to build bpfilter_umh as a module without static library (bsc#1177028). Update config files: - Add CONFIG_BPFILTER_UMH=m back to x86_64/default - umd: Stop using split_argv (bsc#1177028). - umd: Remove exit_umh (bsc#1177028). - bpfilter: Take advantage of the facilities of struct pid (bsc#1177028). Refresh patches.suse/net-bpfilter-split-__bpfilter_process_sockopt.patch - exit: Factor thread_group_exited out of pidfd_poll (bsc#1177028). - umd: Track user space drivers with struct pid (bsc#1177028). Refresh patches: - patches.suse/bpfilter-Initialize-pos-variable.patch - patches.suse/bpfilter-fix-up-a-sparse-annotation.patch - patches.suse/net-bpfilter-split-__bpfilter_process_sockopt.patch - bpfilter: Move bpfilter_umh back into init data (bsc#1177028). - exec: Remove do_execve_file (bsc#1177028). - umh: Stop calling do_execve_file (bsc#1177028). - umd: Transform fork_usermode_blob into fork_usermode_driver (bsc#1177028). - umd: Rename umd_info.cmdline umd_info.driver_name (bsc#1177028). - umd: For clarity rename umh_info umd_info (bsc#1177028). - umh: Separate the user mode driver and the user mode helper support (bsc#1177028). - umh: Remove call_usermodehelper_setup_file (bsc#1177028). - umh: Rename the user mode driver helpers for clarity (bsc#1177028). - umh: Move setting PF_UMH into umh_pipe_setup (bsc#1177028). - umh: Capture the pid in umh_pipe_setup (bsc#1177028). - commit 7fb16dd - bpfilter: document build requirements for bpfilter_umh (bsc#1177028). - bpfilter: use 'userprogs' syntax to build bpfilter_umh (bsc#1177028). - kbuild: add infrastructure to build userspace programs (bsc#1177028). - bpfilter: check if $(CC) can link static libc in Kconfig (bsc#1177028). Update config files - Set CONFIG_CC_CAN_LINK_STATIC=n since we don't build in bpfilter - Temporarily remove CONFIG_BPFILTER_UMH=m + Will add it back later - commit 4602c14 ++++ snapper: - use C++11 regexes instead of own regcomp/regexec wrapper class (see gh#openSUSE/snapper#583) ++++ pam: - pam_xauth.c: do not free() a string which has been (successfully) passed to putenv(). [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] ++++ u-boot-rpiarm64: Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2020.10 * Patches added: 0014-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch - bsc#1178884 ------------------------------------------------------------------ ------------------ 2020-11-17 - Nov 17 2020 ------------------- ------------------------------------------------------------------ ++++ canutils: - Update to release 2020.11.0 * No further changes to prior snapshot, just version bump. ++++ cifs-utils: - prepare usrmerge (boo#1029961) ++++ distribution-logos-openSUSE: - Add favicon.ico format ++++ drbd-utils: - prepare usrmerge (boo#1029961) ++++ gpg2: - GnuPG 2.2.24: * gpg: New command --quick-revoke-sig * gpg: Do not use weak digest algos if selected by recipient preference during sign+encrypt * gpg: Switch to AES256 for symmetric encryption in de-vs mode * gpg: Silence weak digest warnings with --quiet * gpg: Print new status line CANCELED_BY_USER for a cancel during symmetric encryption * gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. This is in particular needed for keys created from existing smartcard based keys * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys * agent: Keep some permissions of private-keys-v1.d * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and gnutls builds * dirmngr: Fix the pool keyserver case for a single host in the pool * scd: Fix the use case of verify_chv2 by CHECKPIN * scd: Various improvements to the ccid-driver * scd: Minor fixes for Yubikey * gpgconf: New option --show-versions * i18n: Complete overhaul and completion of the Italian translation ++++ kernel-default: - perf/x86/intel: Support per-thread RDPMC TopDown metrics (jsc#SLE-13346). - perf/x86/intel: Support TopDown metrics on Ice Lake (jsc#SLE-13346). - perf/x86: Add a macro for RDPMC offset of fixed counters (jsc#SLE-13346). - commit 6b22c07 - perf/x86/intel: Generic support for hardware TopDown metrics (jsc#SLE-13346). - Refresh patches.suse/perf-x86-fix-n_pair-for-cancelled-txn.patch. - commit dba68ee - perf/core: Add a new PERF_EV_CAP_SIBLING event capability (jsc#SLE-13346). - perf/x86/intel: Use switch in intel_pmu_disable/enable_event (jsc#SLE-13346). - perf/x86/intel: Fix the name of perf METRICS (jsc#SLE-13346). - perf/x86/intel: Move BTS index to 47 (jsc#SLE-13346). - perf/x86/intel: Introduce the fourth fixed counter (jsc#SLE-13346). - perf/x86/intel: Name the global status bit in NMI handler (jsc#SLE-13346). - perf/x86: Use event_base_rdpmc for the RDPMC userspace support (jsc#SLE-13346). - perf/x86: Keep LBR records unchanged in host context for guest usage (jsc#SLE-13346). - perf/x86: Add constraint to create guest LBR event without hw counter (jsc#SLE-13346). - perf/x86/lbr: Add interface to get LBR information (jsc#SLE-13346). - perf/x86/core: Refactor hw->idx checks and cleanup (jsc#SLE-13346). - perf/core: Unify {pinned,flexible}_sched_in() (jsc#SLE-13346). - perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (jsc#SLE-13346). - perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (jsc#SLE-13346). - perf/x86/intel: Implement LBR callstack context synchronization (jsc#SLE-13346). - perf/core, perf/x86: Introduce swap_task_ctx() method at 'struct pmu' (jsc#SLE-13346). - commit 0679634 - regulator: fixed: add off-on-delay (jsc#SLE-12251). - commit 799dfed - resource: add a not device managed request_free_mem_region variant (jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322). - Refresh patches.suse/dev-mem-Revoke-mappings-when-a-driver-claims-the-reg.patch. - commit 970e8db - rtc: ds1307: Clear OSF flag on DS1388 when setting time (jsc#SLE-12251). - commit cc52d58 - rtc: ds1307: provide an indication that the watchdog has fired (jsc#SLE-12251). - rtc: ds1307: check for failed memory allocation on wdt (jsc#SLE-12251). - rtc: ds1307: add support for watchdog timer on ds1388 (jsc#SLE-12251). - rtc: ds1307: handle oscillator failure flags for ds1388 variant (jsc#SLE-12251). - commit d4d523e - i2c: mux: pca954x: Convert license to SPDX identifier (jsc#SLE-12251). - i2c: mux: pca954x: Move device_remove_file() out of pca954x_cleanup() (jsc#SLE-12251). - i2c: mux: pca954x: Make use of device properties (jsc#SLE-12251). - i2c: mux: pca954x: Refactor pca954x_irq_handler() (jsc#SLE-12251). - i2c: mux: pca954x: support property idle-state (jsc#SLE-12251). - commit 8b7638a - i2c: imx: ACPI support for NXP i2c controller (jsc#SLE-12251). - commit 0652f75 - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - commit 436b016 - dmaengine: fsl-dpaa2-qdma: remove set but not used variable 'dpaa2_qdma' (jsc#SLE-12251). - dmaengine: fsl-dpaa2-qdma: Adding shutdown hook (jsc#SLE-12251). - dmaengine: fsl-dpaa2-qdma: Remove unnecessary local variables in DPDMAI_CMD_CREATE macro (jsc#SLE-12251). - dmaengine: fsl-dpaa2-qdma: export the symbols (jsc#SLE-12251). - dmaengine: fsl-dpaa2-qdma: Add NXP dpaa2 qDMA controller driver for Layerscape SoCs (jsc#SLE-12251). - dmaengine: fsl-dpaa2-qdma: Add the DPDMAI(Data Path DMA Interface) support (jsc#SLE-12251). - commit 297a0bf - mmc: sdio: fix clock rate setting for SDR12/SDR25 mode (jsc#SLE-12251). - mmc: sdhci-of-esdhc: exit HS400 properly before setting any speed mode (jsc#SLE-12251). - mmc: sdhci: add spin lock for sdhci_set_default_irqs in sdhci_init (jsc#SLE-12251). - mmc: sdhci-of-esdhc: fix serious issue clock is always disabled (jsc#SLE-12251). - mmc: sdhci-of-esdhc: fix transfer mode register reading (jsc#SLE-12251). - mmc: sdhci-of-esdhc: fix clock setting for different controller versions (jsc#SLE-12251). - mmc: sdhci-of-esdhc: update tuning erratum A-008171 (jsc#SLE-12251). - mmc: sdhci-of-esdhc: convert to use esdhc_tuning_window_ptr() (jsc#SLE-12251). - mmc: sdhci-of-esdhc: use 1/2 periperhal clock for ls1088a (jsc#SLE-12251). - commit c331989 - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - commit 1e8d73b - Update config files. Update for DRM v5.8 backport - commit db4dda7 - bpf, doc: Remove references to warning message when using bpf_trace_printk() (bsc#1177028). - commit 305cc47 - bpf: Setup socket family and addresses in bpf_prog_test_run_skb (bsc#1177028). Refresh patches.suse/bpf-Allow-to-specify-ifindex-for-skb-in-bpf_prog_tes.patch - commit 4740764 - s390/bpf: Use bpf_skip() in bpf_jit_prologue() (bsc#1177028). - commit 3e03b2e - efi: Fix handling of multiple efi_fake_mem= entries (jsc#SLE-16407). - efi: Fix efi_memmap_alloc() leaks (jsc#SLE-16407). - efi: Add tracking for dynamically allocated memmaps (jsc#SLE-16407). - efi: Add a flags parameter to efi_memory_map (jsc#SLE-16407). - efi/libstub/random: Initialize pointer variables to zero for mixed mode (jsc#SLE-16407). - x86/efi: Update e820 with reserved EFI boot services data to fix kexec breakage (jsc#SLE-16407). - efi: Fix efi_loaded_image_t::unload type (jsc#SLE-16407). - efi/apple-properties: use PROPERTY_ENTRY_U8_ARRAY_LEN (jsc#SLE-16407). - software node: introduce PROPERTY_ENTRY_XXX_ARRAY_LEN() (jsc#SLE-16407). - x86/efi: Add efi_fake_mem support for EFI_MEMORY_SP (jsc#SLE-16407). Refresh patches.suse/0002-ima-generalize-x86-EFI-arch-glue-for-other-EFI-archi.patch - x86/efi: Push EFI_MEMMAP check into leaf routines (jsc#SLE-16407). Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - efi: Enumerate EFI_MEMORY_SP (jsc#SLE-16407). - ACPICA: make acpi_load_table() return table index (jsc#SLE-16407). Refresh patches.suse/ACPI-configfs-Add-missing-config_item_put-to-fix-ref.patch. - ACPICA: Add new external interface, acpi_unload_table() (jsc#SLE-16407). Refresh patches.suse/ACPI-configfs-Add-missing-config_item_put-to-fix-ref.patch. - efi/random: use arch-independent efi_call_proto() (jsc#SLE-16407). - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN (jsc#SLE-16407). - commit 672368d - arm64: bpf: Fix branch offset in JIT (bsc#1177028). - bpf: Remove inline from bpf_do_trace_printk (bsc#1177028). - bpf, arm64: Add BPF exception tables (bsc#1177028). - bpf: Use dedicated bpf_trace_printk event instead of trace_printk() (bsc#1177028). - bpf: Allow %pB in bpf_seq_printf() and bpf_trace_printk() (bsc#1177028). - bpf: Support 'X' in bpf_seq_printf() helper (bsc#1177028). - commit 8b2406b - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - bpf: Don't rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - commit fb71c62 - blacklist.conf: Add dups from DRM v5.8 backport - commit 34e47a8 ++++ c-ares: - Version update to 1.17.0 Security: * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing * Avoid theoretical buffer overflow in RC4 loop comparison * Empty hquery->name could lead to invalid memory access * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was passed in (bsc#1178882, CVE-2020-8277) Changes: * Update help information for adig, acountry, and ahost * Test Suite now uses dynamic system-assigned ports rather than hardcoded ports to prevent failures in containers * Detect remote DNS server does not support EDNS using rules from RFC 6891 * Source tree has been reorganized to use a more modern layout * Allow parsing of CAA Resource Record Bug fixes: * readaddrinfo bad sizeof() * Test cases should honor HAVE_WRITEV flag, not depend on WIN32 * FQDN with trailing period should be queried first * ares_getaddrinfo() was returning members of the struct as garbage values if unset, and was not honoring ai_socktype and ai_protocol hints. * ares_gethostbyname() with AF_UNSPEC and an ip address would fail * Properly document ares_set_local_ip4() uses host byte order For details, see https://c-ares.haxx.se/changelog.html - add missing upstream sources, to be removed for next release - remove unnecessary BuildRequires - fix building on SLE12 systems ++++ libfido2: - Add Conflicts: to supersede version 1.0.0. This is needed for a clean upgrade path on SLE. ++++ gpgme: - gpgme 1.15.0: * New function gpgme_op_setexpire to make changing the expiration easier * New function gpgme_op_revsig to revoke key signatures * Support exporting secret keys * cpp: Support for set expire operations in the C++ bindings * cpp: Support for revoking key signatures in the C++ bindings * qt: Extended ChangeExpiryJob to support changing the expiry of subkeys * qt: Extended QuickJob to support revoking of key signatures * qt: Added QDebug stream operator for GpgME::Error. * Require libgpg-error 1.36 ++++ systemd: - Revert the change that dropped %{release} from the package version constraints used in Requires: The release number is actually relevant since it can be increased when some patches, which might touch multiple sub-packages of systemd, are added/modified. However the %{release} is still no more used in conflicts. ++++ qemu: - A patch has been applied to virt-manager to handle qemu spice related modules not being present, so undo the change from Sep 30, 2020. Once again qemu-hw-display-qxl and qemu-hw-usb-redirect are Recommends and not Required by the qemu package (boo#1157320 boo#1176517, boo#1178141) - For jsc#SLE-11629, change qemu, qemu-tools, and qemu-guest-agent to rely on system-user-qemu and system-group-kvm to provide now static system UIDs and GID's for qemu user and group, and kvm group. This will make guest migration more seamless for new installations since there is no chance of having required ID's differ in value. ++++ ovmf: - Add ovmf-jscSLE-16075-SEV-ES-fixes.patch to merge upstream SEV-ES fixes (jsc#SLE-16075) ++++ sysvinit: - Update to sysvinit 2.98: * Fixed time parsing in shutdown when there is a + in front of a 0 time offset. Commands with a postiive time offset (+1) would work but +0 fails. This has been corrected by Arkadiusz Miskiewicz.