Packages changed: cloud-init cni-plugins (0.8.4 -> 0.8.6) curl json-c kernel-64kb (5.7.1 -> 5.7.2) kernel-firmware (20200519 -> 20200610) kernel-source (5.7.1 -> 5.7.2) pkgconf (1.6.3 -> 1.7.3) snapper (0.8.9 -> 0.8.10) yast2 (4.3.6 -> 4.3.8) === Details === ==== cloud-init ==== - Disable testing to aid elimination of unittest2 in Factory ==== cni-plugins ==== Version update (0.8.4 -> 0.8.6) - Update to version 0.8.6 (bsc#1172410 CVE-2020-10749) * New features * Support device id in host device plugin (#471). * win-bridge: add support for portMappings capability (#475). * Make host-device to work with virtio net device (#453). * Small improvements * ptp, bridge: disable accept_ra on the host-side interface (#484). * modify the error url of windowscontainer (#460). * portmap: Apply the DNAT hairpin to the whole subnet (#469). The DNAT hairpin rule only allow the * container itself to access the ports it is exposing thru the host IP. Other containers in the same subnet might also want to access this service via the host IP, so apply this rule to the whole subnet instead of just for the container. * Unlock OS thread after netns is restored (#455). * Bugfixes * plugins/meta/sbr: Adjusted ipv6 address mask to /128 (#479). A /64 mask was used which routed an entire cidr based on source, not only the bound address. * check bridge's port state (#468). fix #463 * Reset the route flag before moving the rule (#472). * replace juju/errors because of CNCF license scan (#458). ref to #457 * loopback: Fix ipv6 address checks (#442). Fixes a minor bug in loopback plugin. The IPv6 address check loops over IPv4 addresses. - from version 0.8.5 * Bugfixes * bridge: Fix for the case where kernel doesn't have CONFIG_BRIDGE_VLAN_FILTERING (#434) fixes #370. * vlan: Fix vlan plugin returning error when device is already removed (#438). * Improvements * sysctl: Improve support of sysctl name separators (#437). ==== curl ==== Subpackages: libcurl4 - Change with-gssapi configure parameter: krb5 is changing location in the future: ask krb5-config about the correct prefix values. ==== json-c ==== - Add upstream fix for boo#1173022 * Added patch 0001-Detect-broken-RDRAND-during-initialization.patch * use URL from the releases page on github * run spec-cleaner over the spec file ==== kernel-64kb ==== Version update (5.7.1 -> 5.7.2) - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (bsc#1172783 CVE-2020-10768). - commit 3bb02b8 - x86/speculation: Prevent rogue cross-process SSBD shutdown (bsc#1172781 CVE-2020-10766). - commit 765c970 - iwl: fix crash in iwl_dbg_tlv_alloc_trigger (iwlwifi crash). - commit 6645a57 - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (bsc#1172782 CVE-2020-10767). - commit 5c5774f - Linux 5.7.2 (bnc#1012628). - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned (bnc#1012628). - x86/speculation: Add Ivy Bridge to affected list (bnc#1012628). - x86/speculation: Add SRBDS vulnerability and mitigation documentation (bnc#1012628). - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (bnc#1012628). - x86/cpu: Add 'table' argument to cpu_matches() (bnc#1012628). - x86/cpu: Add a steppings field to struct x86_cpu_id (bnc#1012628). - nvmem: qfprom: remove incorrect write support (bnc#1012628). - CDC-ACM: heed quirk also in error handling (bnc#1012628). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bnc#1012628). - tty: hvc_console, fix crashes on parallel open/close (bnc#1012628). - vt: keyboard: avoid signed integer overflow in k_ascii (bnc#1012628). - serial: 8250: Enable 16550A variants by default on non-x86 (bnc#1012628). - usb: musb: jz4740: Prevent lockup when CONFIG_SMP is set (bnc#1012628). - usb: musb: Fix runtime PM imbalance on error (bnc#1012628). - usb: musb: start session in resume for host port (bnc#1012628). - iio: adc: stm32-adc: fix a wrong error message when probing interrupts (bnc#1012628). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (bnc#1012628). - iio: vcnl4000: Fix i2c swapped word reading (bnc#1012628). - iio:chemical:sps30: Fix timestamp alignment (bnc#1012628). - USB: serial: ch341: fix lockup of devices with limited prescaler (bnc#1012628). - USB: serial: ch341: add basis for quirk detection (bnc#1012628). - USB: serial: option: add Telit LE910C1-EUX compositions (bnc#1012628). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bnc#1012628). - USB: serial: qcserial: add DW5816e QDL support (bnc#1012628). - commit 936fe4f ==== kernel-firmware ==== Version update (20200519 -> 20200610) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20200610 (git commit 887d2a103c2b): * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * Mellanox: Add new mlxsw_spectrum firmware xx.2007.1168 * rtw88: RTL8822C: update firmware version to v9.9 * cxgb4: Update firmware to revision 1.24.17.0 * mrvl: add firmware for Prestera ASIC devices - Update topics list for prestra f/w (maybe better to split to a new subpkg?) - Update copyright notice in template - Update aliases from 5.7 kernels ==== kernel-source ==== Version update (5.7.1 -> 5.7.2) - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (bsc#1172783 CVE-2020-10768). - commit 3bb02b8 - x86/speculation: Prevent rogue cross-process SSBD shutdown (bsc#1172781 CVE-2020-10766). - commit 765c970 - iwl: fix crash in iwl_dbg_tlv_alloc_trigger (iwlwifi crash). - commit 6645a57 - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (bsc#1172782 CVE-2020-10767). - commit 5c5774f - Linux 5.7.2 (bnc#1012628). - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned (bnc#1012628). - x86/speculation: Add Ivy Bridge to affected list (bnc#1012628). - x86/speculation: Add SRBDS vulnerability and mitigation documentation (bnc#1012628). - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (bnc#1012628). - x86/cpu: Add 'table' argument to cpu_matches() (bnc#1012628). - x86/cpu: Add a steppings field to struct x86_cpu_id (bnc#1012628). - nvmem: qfprom: remove incorrect write support (bnc#1012628). - CDC-ACM: heed quirk also in error handling (bnc#1012628). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bnc#1012628). - tty: hvc_console, fix crashes on parallel open/close (bnc#1012628). - vt: keyboard: avoid signed integer overflow in k_ascii (bnc#1012628). - serial: 8250: Enable 16550A variants by default on non-x86 (bnc#1012628). - usb: musb: jz4740: Prevent lockup when CONFIG_SMP is set (bnc#1012628). - usb: musb: Fix runtime PM imbalance on error (bnc#1012628). - usb: musb: start session in resume for host port (bnc#1012628). - iio: adc: stm32-adc: fix a wrong error message when probing interrupts (bnc#1012628). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (bnc#1012628). - iio: vcnl4000: Fix i2c swapped word reading (bnc#1012628). - iio:chemical:sps30: Fix timestamp alignment (bnc#1012628). - USB: serial: ch341: fix lockup of devices with limited prescaler (bnc#1012628). - USB: serial: ch341: add basis for quirk detection (bnc#1012628). - USB: serial: option: add Telit LE910C1-EUX compositions (bnc#1012628). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bnc#1012628). - USB: serial: qcserial: add DW5816e QDL support (bnc#1012628). - commit 936fe4f ==== pkgconf ==== Version update (1.6.3 -> 1.7.3) Subpackages: libpkgconf3 pkgconf-m4 pkgconf-pkg-config - Update to 1.7.3 - Bug fixes: + Fix a possible out of boundary write when evaluating dependencies. Patch by Tobias Stöckmann. + Fix escaping logic on Windows. Patch by Vincent Torri. + Fix out of boundary reads and writes with a malformed fragment. Patches by Tobias Stöckmann. + Fix a possible out of boundary write when evaluating tuples. Patch by Tobias Stöckmann. + Fix a windows-specific crash relating to path fixups. + Fix a possible out of boundary access in the parser for the cross-compile database. Patch by Tobias Stöckmann. + Missing files for building with Meson are now included in the tarball. Patch by Neal Gompa. + Fix calculation of package atoms on Windows with paths that use both directory separator characters. + Fix a possible buffer overflow involving newline escaping. Patch by Tobias Stöckmann. + Fix an out of boundary access in the parser. Patch by Tobias Stöckmann. + Fix leakage of strcmp() result value in pkgconf_compare_version() responses. + Return the default personality if loading a cross-compile personality file failed. + Do not complain about newlines when validating package versions. + Properly detect strndup() on Windows when building with Meson. - Enhancements: + A new --shared option and WantDefaultStatic cross-compile configuration option have been added. This allows for toolchains to specify that static linking should be used by default. + Support for the PKG_CONFIG_MSVC_SYNTAX environment variable has been added. Patch by Dan Kegel. + Support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS client flag which disables emulation of freedesktop.org pkg-config fragment merging semantics has been added. Patch by Karen Arutyunov. ==== snapper ==== Version update (0.8.9 -> 0.8.10) Subpackages: libsnapper5 - special rollback for transactional server (bsc#1172273) - version 0.8.10 ==== yast2 ==== Version update (4.3.6 -> 4.3.8) - Updated Yast::XML.validate arguments - Distinguish between a String argument (containing a XML document/schema) and Pathname (path to a file) - Related to bsc#1170886 - 4.3.8 - Add a method to determine the default start mode for a system service (related to bsc#1172749). - 4.3.7