Packages changed: busybox-links cockpit (230 -> 232) containers-systemd (0.0+git20201113.5e435e8 -> 0.0+git20201208.1b4413e) helm (3.4.1 -> 3.4.2) kernel-firmware (20201120 -> 20201130) kernel-source (5.9.12 -> 5.9.14) kubernetes (1.19.4 -> 1.20.0) kustomize (3.8.7 -> 3.9.0) libressl (3.2.2 -> 3.2.3) libzypp (17.25.2 -> 17.25.5) lvm2 lvm2-device-mapper open-lldp (1.1+15.ef8495548d04 -> 1.1+18.0e969d0edcc4) openldap2 (2.4.55 -> 2.4.56) patterns-microos python-M2Crypto (0.36.0 -> 0.37.1) python-PrettyTable python-cryptography (3.2.1 -> 3.3) python-psutil systemd (246.6 -> 246.7) u-boot-rpiarm64 zypper (1.14.40 -> 1.14.41) === Details === ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-sed - busybox-adduser needs "nogroup" for system accounts, which have no group specified. ==== cockpit ==== Version update (230 -> 232) Subpackages: cockpit-bridge cockpit-system - new version 230 https://cockpit-project.org/blog/cockpit-232.html https://cockpit-project.org/blog/cockpit-231.html ==== containers-systemd ==== Version update (0.0+git20201113.5e435e8 -> 0.0+git20201208.1b4413e) - Update to version 0.0+git20201208.1b4413e: * Add support for dovecot * Fix description * Add support for minidlna container * Add LMTP variable ==== helm ==== Version update (3.4.1 -> 3.4.2) - Update to version 3.4.2: * Updating to Kubernetes 1.19.4 package versions * fix: ingress path issue ==== kernel-firmware ==== Version update (20201120 -> 20201130) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20201130 (git commit 7455a3606674): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * i915: Add GuC firmware v49.0.1 for all platforms * i915: Remove duplicate KBL DMC entry * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2018 ==== kernel-source ==== Version update (5.9.12 -> 5.9.14) - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - commit c648a46 - Linux 5.9.14 (bsc#1012628). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (bsc#1012628). - USB: serial: kl5kusb105: fix memleak on open (bsc#1012628). - USB: serial: ch341: add new Product ID for CH341A (bsc#1012628). - USB: serial: ch341: sort device-id entries (bsc#1012628). - USB: serial: option: add Fibocom NL668 variants (bsc#1012628). - USB: serial: option: add support for Thales Cinterion EXS82 (bsc#1012628). - USB: serial: option: fix Quectel BG96 matching (bsc#1012628). - speakup: Reject setting the speakup line discipline outside of speakup (bsc#1012628). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (bsc#1012628). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (bsc#1012628). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (bsc#1012628). - ALSA: hda/realtek - Add new codec supported for ALC897 (bsc#1012628). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (bsc#1012628). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (bsc#1012628). - ring-buffer: Update write stamp with the correct ts (bsc#1012628). - ring-buffer: Set the right timestamp in the slow path of __rb_reserve_next() (bsc#1012628). - ring-buffer: Always check to put back before stamp when crossing pages (bsc#1012628). - ftrace: Fix updating FTRACE_FL_TRAMP (bsc#1012628). - ftrace: Fix DYNAMIC_FTRACE_WITH_DIRECT_CALLS dependency (bsc#1012628). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1012628). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1012628). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1012628). - cifs: add NULL check for ses->tcon_ipc (bsc#1012628). - gfs2: Upgrade shared glocks for atime updates (bsc#1012628). - gfs2: Fix deadlock between gfs2_{create_inode,inode_lookup} and delete_work_func (bsc#1012628). - s390/pci: fix CPU address in MSI for directed IRQ (bsc#1012628). - i2c: imx: Fix reset of I2SR_IAL flag (bsc#1012628). - i2c: imx: Check for I2SR_IAL after every byte (bsc#1012628). - i2c: imx: Don't generate STOP condition if arbitration has been lost (bsc#1012628). - tracing: Fix userstacktrace option for instances (bsc#1012628). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (bsc#1012628). - drm/omap: sdi: fix bridge enable/disable (bsc#1012628). - drm/amdgpu/vcn3.0: stall DPG when WPTR/RPTR reset (bsc#1012628). - drm/amdgpu/vcn3.0: remove old DPG workaround (bsc#1012628). - drm/i915/gt: Retain default context state across shrinking (bsc#1012628). - drm/i915/gt: Limit frequency drop to RPe on parking (bsc#1012628). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (bsc#1012628). - KVM: PPC: Book3S HV: XIVE: Fix vCPU id sanity check (bsc#1012628). - scsi: mpt3sas: Fix ioctl timeout (bsc#1012628). - io_uring: fix recvmsg setup with compat buf-select (bsc#1012628). - dm writecache: advance the number of arguments when reporting max_age (bsc#1012628). - dm writecache: fix the maximum number of arguments (bsc#1012628). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (bsc#1012628). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1012628). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1012628). - dm: fix bug with RCU locking in dm_blk_report_zones (bsc#1012628). - dm: fix double RCU unlock in dm_dax_zero_page_range() error path (bsc#1012628). - dm: remove invalid sparse __acquires and __releases annotations (bsc#1012628). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1012628). - coredump: fix core_pattern parse error (bsc#1012628). - mm: list_lru: set shrinker map bit when child nr_items is not zero (bsc#1012628). - mm/swapfile: do not sleep with a spin lock held (bsc#1012628). - hugetlb_cgroup: fix offline of hugetlb cgroup with reservations (bsc#1012628). - Revert "amd/amdgpu: Disable VCN DPG mode for Picasso" (bsc#1012628). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1012628). - mm: memcg/slab: fix obj_cgroup_charge() return value handling (bsc#1012628). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (bsc#1012628). - can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check (bsc#1012628). - gfs2: check for empty rgrp tree in gfs2_ri_update (bsc#1012628). - netfilter: ipset: prevent uninit-value in hash_ip6_add (bsc#1012628). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (bsc#1012628). - gfs2: Fix deadlock dumping resource group glocks (bsc#1012628). - gfs2: Don't freeze the file system during unmount (bsc#1012628). - rtw88: debug: Fix uninitialized memory in debugfs code (bsc#1012628). - i2c: qcom: Fix IRQ error misassignement (bsc#1012628). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (bsc#1012628). - dm writecache: remove BUG() and fail gracefully instead (bsc#1012628). - Input: i8042 - fix error return code in i8042_setup_aux() (bsc#1012628). - netfilter: nf_tables: avoid false-postive lockdep splat (bsc#1012628). - netfilter: nftables_offload: set address type in control dissector (bsc#1012628). - netfilter: nftables_offload: build mask based from the matching bytes (bsc#1012628). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1012628). - Revert "geneve: pull IP header before ECN decapsulation" (bsc#1012628). - bpf: Fix propagation of 32-bit signed bounds from 64-bit bounds (bsc#1012628). - commit 960bcea - Update patches.suse/tty-Fix-pgrp-locking-in-tiocspgrp.patch (bsc#1179745 CVE-2020-29661). - Update patches.suse/tty-Fix-session-locking.patch (bsc#1179745 CVE-2020-29660). Add CVE numbers. - commit 1329f77 - Update config files to disable CONFIG_DEBUG_SECTION_MISMATCH (bsc#1177403) - commit a0a476d - Linux 5.9.13 (bsc#1012628). - devlink: Hold rtnl lock while reading netdev attributes (bsc#1012628). - devlink: Make sure devlink instance and port are in same net namespace (bsc#1012628). - ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init (bsc#1012628). - net/af_iucv: set correct sk_protocol for child sockets (bsc#1012628). - net: openvswitch: fix TTL decrement action netlink message format (bsc#1012628). - net/tls: missing received data after fast remote close (bsc#1012628). - net/tls: Protect from calling tls_dev_del for TLS RX twice (bsc#1012628). - rose: Fix Null pointer dereference in rose_send_frame() (bsc#1012628). - sock: set sk_err to ee_errno on dequeue from errq (bsc#1012628). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1012628). - tun: honor IOCB_NOWAIT flag (bsc#1012628). - usbnet: ipheth: fix connectivity with iOS 14 (bsc#1012628). - vsock/virtio: discard packets only when socket is really closed (bsc#1012628). - mptcp: fix NULL ptr dereference on bad MPJ (bsc#1012628). - net/packet: fix packet receive on L3 devices without visible hard header (bsc#1012628). - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (bsc#1012628). - ipv4: Fix tos mask in inet_rtm_getroute() (bsc#1012628). - dt-bindings: net: correct interrupt flags in examples (bsc#1012628). - chelsio/chtls: fix panic during unload reload chtls (bsc#1012628). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (bsc#1012628). - ibmvnic: Fix TX completion error handling (bsc#1012628). - tipc: fix incompatible mtu of transmission (bsc#1012628). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (bsc#1012628). - geneve: pull IP header before ECN decapsulation (bsc#1012628). - net: ip6_gre: set dev->hard_header_len when using header_ops (bsc#1012628). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (bsc#1012628). - cxgb3: fix error return code in t3_sge_alloc_qset() (bsc#1012628). - net: pasemi: fix error return code in pasemi_mac_open() (bsc#1012628). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1012628). - chelsio/chtls: fix a double free in chtls_setkey() (bsc#1012628). - net: mvpp2: Fix error return code in mvpp2_open() (bsc#1012628). - net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl (bsc#1012628). - net: openvswitch: ensure LSE is pullable before reading it (bsc#1012628). - net/sched: act_mpls: ensure LSE is pullable before reading it (bsc#1012628). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (bsc#1012628). - net/mlx5: Fix wrong address reclaim when command interface is down (bsc#1012628). - net: mlx5e: fix fs_tcp.c build when IPV6 is not enabled (bsc#1012628). - ALSA: usb-audio: US16x08: fix value count for level meters (bsc#1012628). - Input: xpad - support Ardwiino Controllers (bsc#1012628). - Input: i8042 - add ByteSpeed touchpad to noloop table (bsc#1012628). - Input: atmel_mxt_ts - fix lost interrupts (bsc#1012628). - tracing: Fix alignment of static buffer (bsc#1012628). - tracing: Remove WARN_ON in start_thread() (bsc#1012628). - uapi: fix statx attribute value overlap for DAX & MOUNT_ROOT (bsc#1012628). - drm/i915/gt: Fixup tgl mocs for PTE tracking (bsc#1012628). - commit 3dfd18b - tty: Fix ->session locking (bsc#1179745). - tty: Fix ->pgrp locking in tiocspgrp() (bsc#1179745). - commit 9455f8b - net/x25: prevent a couple of overflows (bsc#1178590). - commit 2a06597 ==== kubernetes ==== Version update (1.19.4 -> 1.20.0) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Fix typo in *minus1 version definition - Bump kubernetes to 1.20.0 and assign 1.19.4 to *minus1 packages ==== kustomize ==== Version update (3.8.7 -> 3.9.0) - Update to version 3.9.0 - Auto update go.sum - Pin kustomize to api/v0.7.0, enabling kyaml by default - Flip default value of --enable_kyaml from false to true. - Update to version 3.8.8 - Pin kustomize to api/v0.6.7 - Pin to api v0.6.7 - Unpin kustomize from api. - Pin to api v0.6.6 - Pin to cmd/config v0.8.6 - Pin to kyaml v0.10.3 cliutils v0.22.1 - Automated Go mod cache updates. - Revert "helm values on inflator config" - helm values on inflator config spec. - connected allowresourcesidchanges bool to allow_id_changes flag - Automated go.sum updates. - update Go version to 1.15 - Use DepProvider in tests to access kyaml impls. - mark the list-builtin command alpha - Add command to list builtin plugins - added kustomize edit set label - Unpin everything post v3.8.7 release - Refresh vendor.tar.xz ==== libressl ==== Version update (3.2.2 -> 3.2.3) Subpackages: libcrypto46 libssl48 libtls20 - Update to release 3.2.3 * Fixed: Malformed ASN.1 in a certificate revocation list or a timestamp response token could lead to a NULL pointer dereference. ==== libzypp ==== Version update (17.25.2 -> 17.25.5) - Fix lsof monitoring (bsc#1179909) - version 17.25.5 (22) - Prevent librpmDb iterator from accidentally creating an empty rpmdb in / (repoened bsc#1178910) - Fix update of gpg keys with elongated expire date (bsc#1179222) - needreboot: remove udev from the list (bsc#1179083) - Prefer /run over /var/run. - version 17.25.4 (22) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Url: Hide known password entries when writing the query part (bsc#1050625 bsc#1177583, CVE-2017-9271) - adapt testcase to change introduced by libsolv#402. - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427, Fixes openSUSE/zypper#357). - version 17.25.3 (22) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - change external_device_info_source from none to udev - comment out lvm.conf item preferred_names by default (bsc#1179738) - comment out preferred_names - Update lvm.conf, make it closely to upstream's setting (bsc#1179739) - change lvm.conf, follow upstream 7b41ea61b2e33dbfad754fd4c6e7851faf7ca5ef ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - change external_device_info_source from none to udev - comment out lvm.conf item preferred_names by default (bsc#1179738) - comment out preferred_names - Update lvm.conf, make it closely to upstream's setting (bsc#1179739) - change lvm.conf, follow upstream 7b41ea61b2e33dbfad754fd4c6e7851faf7ca5ef ==== open-lldp ==== Version update (1.1+15.ef8495548d04 -> 1.1+18.0e969d0edcc4) Subpackages: liblldp_clif1 - Update to version v1.1+18.0e969d0edcc4: * event_iface: only set rcv buf size if too small (bsc#1175570) ==== openldap2 ==== Version update (2.4.55 -> 2.4.56) - updated to 2.4.56 OpenLDAP 2.4.56 Release (2020/11/10) Fixed slapd to remove assert in certificateListValidate (ITS#9383) Fixed slapd to remove assert in csnNormalize23 (ITS#9384) Fixed slapd to better parse ldapi listener URIs (ITS#9379) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Ensure gnome-session-wayland is pulled by GNOME desktop pattern. - Add desktop-common pattern for packages common to GNOME and KDE patterns - Some small cleanups, also because of the source formatter... - Use proper icons for desktop patterns - Switch the KDE pattern from plasma5-pk-updates to discover-notifier and add plasma-browser-integration ==== python-M2Crypto ==== Version update (0.36.0 -> 0.37.1) - Update to 0.37.1: - Remove support for CentOS 6 and Python 2.6 (remove tests.vendor module). Python 2.7 is still fully supported. - Remodel CI: - on GitHub switched from Travis-CI to GH Actions - on GitLab-CI: stop testing 2.7 on Fedora, add centos7 - update appveyor.yml - Stop playing with swig in setup.py, we don't support swig 1.* anymore. - Fix dereferencing of pointers (gl#m2crypto/m2crypto#281) - Replace deprecated PyObject_AsReadBuffer with our own shim (thanks to Casey Deccio for saving my bacon there). - Use parametrized to create parametrized tests (new external dependency). - Only use DigestSign() and DigestUpdate() with OpenSSL >= 1.1.1 - Expose all the X509_V_FLAG - Add support for DigestSign* and DigestVerify* ==== python-PrettyTable ==== - Update URL/Source0 due to Google Code Hosting being dead since 2016 ==== python-cryptography ==== Version update (3.2.1 -> 3.3) - update to 3.3.0 - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1i. - Python 2 support is deprecated in cryptography. This is the last release that will support Python 2. - Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. - Remove unnecessary dependency virtualenv. ==== python-psutil ==== - Only require unittest2 for Leap. - Add missing BR for unittest2 ==== systemd ==== Version update (246.6 -> 246.7) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit d5e7958d35dc7758fe2e87e0a8193b93ce1a1b15 (merge of v246.7) 450792497e sd-event: fix delays assert brain-o (#17790) 1040a19d08 udevadm: rename option '--log-priority' into '--log-level' a7b41e19bd udev: rename kernel option 'log_priority' into 'log_level' For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/f6104ea5f554233e34b94ffd92da8332c3bd7d8f...d5e7958d35dc7758fe2e87e0a8193b93ce1a1b15 ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Add bananapim2zero flavor - Introduce odroid-c4 ==== zypper ==== Version update (1.14.40 -> 1.14.41) Subpackages: zypper-needs-restarting - Avoid translated text in xml attributes ( fixes #361 ) - BuildRequires: libzypp-devel >= 17.25.3. Adapt to new LoadTestcase API. - version 1.14.41