Packages changed: apparmor boost-base btrfsmaintenance ceph (16.0.0.5613+gb1a0951432 -> 16.1.0.46+g571704f730) containers-systemd (0.0+git20210118.1366ecb -> 0.0+git20210205.a4b07b6) dhcp (4.3.5 -> 4.4.2) dosfstools (4.1+git.1610658652.9443732 -> 4.2) elfutils (0.182 -> 0.183) fuse3 (3.10.1 -> 3.10.2) gcc11 (11.0.0+git182924 -> 11.0.0+git183291) glib2 (2.66.4 -> 2.66.7) glibc (2.32 -> 2.33) gptfdisk (1.0.5 -> 1.0.6) haproxy (2.3.4+git0.10189c965 -> 2.3.5+git0.5902ad99b) helm (3.4.2 -> 3.5.2) json-glib (1.6.0 -> 1.6.2) kbd (2.3.0 -> 2.4.0) kernel-default-base (5.10.12 -> 5.10.16) kernel-firmware (20210119 -> 20210208) kernel-source (5.10.12 -> 5.10.16) kmod kustomize (3.9.2 -> 3.10.0) libapparmor libcap (2.47 -> 2.48) libevent libressl (3.2.3 -> 3.2.4) libselinux logrotate (3.17.0 -> 3.18.0) nfs-client-provisioner (2.3.0+git20200220.a14bfd72 -> 4.0.0+git20210204.23ecb30) nghttp2 (1.42.0 -> 1.43.0) openssh perl-Bootloader (0.932 -> 0.933) pigz (2.4 -> 2.6) pinentry procps (3.3.16 -> 3.3.17) python-Jinja2 (2.11.2 -> 2.11.3) python-cffi (1.14.4 -> 1.14.5) python-cryptography (3.3.1 -> 3.3.2) python-idna (2.10 -> 3.1) python-networkx python-pyrsistent python-pytz (2020.5 -> 2021.1) python-pyzmq (20.0.0 -> 22.0.3) python-requests python38 python38-core reiserfs rpm salt supportutils (3.1.13 -> 3.1.14) system-users sysuser-tools transactional-update (2.28.3 -> 3.1.4) util-linux util-linux-systemd weave (2.7.0 -> 2.8.1) wpa_supplicant === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - merge libapparmor.changes into apparmor.changes ==== boost-base ==== Subpackages: boost-license1_75_0 libboost_thread1_75_0 - Fix HPC build on ARM. It seems boost_serialization libraries are no longer implicitly build with this setup. - Add build support for gcc10 to HPC build (bsc#1174439). - Add openmpi4 flavors (jsc#SLE-16462). ==== btrfsmaintenance ==== - Require libzypp plugin only if zypper is used (Required for e.g. image based systems). ==== ceph ==== Version update (16.0.0.5613+gb1a0951432 -> 16.1.0.46+g571704f730) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 16.1.0-46-g571704f730 + rebase on top of upstream v16.1.0 (Pacific release candidate) + drop obsolete downstream patches that were causing conflicts: * cephadm: use registry.suse.com by default * cephadm: add global flag --container-init * mgr/cephadm: append --container-init to basecommand * cephadm: remove container-init subparser from "deploy" - Update to 16.0.0-7500-g78f6791981: + cephadm: add global flag --container-init + mgr/cephadm: append --container-init to basecommand + cephadm: remove container-init subparser from "deploy" - Update to 16.0.0-7497-g63a0682c7e: + rebase on tip of upstream "master" branch, SHA1 8c6b533ee85e7fe2cd19e5dbb6f0363898f5a2ee - Update to 16.0.0-6239-g0c2e605e78: + rebase on tip of upstream "master" branch, SHA1 6d1f1f63b711797e21ff8ff12662d07d86546e66 * cephadm: Fix error setting 'mgr/cephadm/container_init' config (PR #37500) - Update to 16.0.0-6229-g71574673b0: + rebase on tip of upstream "master" branch, SHA1 f68197eca4b4dceef9fbf497d640b4600663d3ed * ceph-volume: don't exit before empty report can be printed (PR #37591) - Update to 16.0.0-6177-g01e4ab745b: + rebase on tip of upstream "master" branch, SHA1 f8ea1f38aee3d8715186a756331a23d4b51121f2 * ceph-volume: pass filter_for_batch as keyword argument (PR #37545) - Update to 16.0.0-6162-g892bfa3fef: + drop the following commits: + lvmcache: refactor argument parsing and add -h flag + ceph-volume: install lvmcache plugin + ceph-volume: add lvmcache plugin and its tests + rebase on tip of upstream "master" branch, SHA1 0a92d5094fc0baae3af223aa16b271d2e5e6f349 + mgr/devicehealth: device_health_metrics pool gets created even without any OSDs in the cluster (bsc#1173079) ==== containers-systemd ==== Version update (0.0+git20210118.1366ecb -> 0.0+git20210205.a4b07b6) - Update to version 0.0+git20210205.a4b07b6: * Add container-nfs-service files ==== dhcp ==== Version update (4.3.5 -> 4.4.2) Subpackages: dhcp-client - update to 4.4.2: * Please note that that ISC DHCP is now licensed under the Mozilla Public License, MPL 2.0. In general, the areas of focus for ISC DHCP 4.4 were: 1. Dynamic DNS additions 2. dhclient improvements 3. Support for dynamic shared libraries * Added the interface name to socket initialization failure log messages. Prior to this the log messages stated only the error reason without stating the target interface. * Corrected buffer pointer logic in dhcrelay functions that manipulate agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities & Mitigations for reporting the issue. * Corrected unresolved symbol errors building relay_unittests when configured to build using libtool. * A new configuration parameter, ping-cltt-secs (v4 operation only), has been added to allow the user to specify the number of seconds that must elapse since CLTT before a ping check is conducted. Prior to this, the value was hard coded at 60 seconds. Please see the server man pages for a more detailed discussion. * A new configuration parameter, ping-timeout-ms (v4 operation only), has been added that allows the user to specify the amount of time the server waits for a ping-check response in milliseconds rather than in seconds (via ping-timeout). When greater than zero, the value of ping-timeout-ms will override the value of ping-timeout. Thanks to Jay Doran from Bluecat Networks for suggesting this feature. * An experimental tool called, Keama (KEA Migration Assistant), which helps translate ISC DHCP configurations to Kea configurations, is now included in the distribution. * Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be carried out over TCP rather than UDP. The coding error was exposed by migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for reporting the issue. * Bind9 now defaults to requiring python to build. The Makefile for building Bind9 when bundled with ISC DHCP was modified to turn off this dependency. * Corrected a dual-stack mixed-mode issue that occurs when both ddns-guard-id-must-match and ddns-other-guard-is-dynamic are enabled and that caused the server to incorrectly interpret the presence of a guard record belonging to another client as a case of no guard record at all. Thanks to Fernando Soto from BlueCat Networks for reporting this issue. * Corrected a compilation issue that occurred when building without DNS update ability (e.g. by undefining NSUPDATE). * Corrected an issue that was causing the server, when running in DHPCv4 mode, to segfault when class lease limits are reached. Thanks to Peter Nagy at Porion-Digital for reporting the matter and submitting a patch. * Made minor changes to eliminate warnings when compiled with GCC 9. Thanks to Brett Neumeier for bringing the matter to our attention. * Fixed potential memory leaks in parser error message generation spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195 * Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks to Tommy Smith for contributing the patch. * Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for reporting the issue. * Applied a patch from OpenBSD to always set the scope id of outbound DHPCv6 packets. Note this change only applies when compiling under OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our attention. * Modified dhclient to not discard config file leases that are duplicates of server-provided leases and to retain such leases after they have been used as the fallback active lease and DHCP service has been restored. This allows them to be used more than once during the lifetime of a dhclient instance. This applies to DHCPv4 operation only. * Corrected a number of reference counter and zero-length buffer leaks. Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for pointing them out. * Closed a small window of time between the installation of graceful shutdown signal handlers and application context startup, during which the receipt of shutdown signal would cause a REQUIRE() assertion to occur. Note this issue is only visible when compiling with ENABLE_GENTLE_SHUTDOWN defined. * Corrected a buffer overflow that can occur when retrieving zone names that are more than 255 characters in length. * The "d" domain name option format was incorrectly handled as text instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks for reporting this issue. * Improved the error message issued when a host declaration has both a uid and a dhcp-client-identifier. Server configuration parsing will now fail if a host declaration specifies more than one uid. * Updated developer's documentation on building and running unit tests. Removed support for --with-atf=bind as BIND9 no longer bundles in ATF source. * Fixed a syntax error in ldap.c which cropped up under Ubuntu 18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out. * Added clarification to dhcp-options.5 section on ip-address values describing the first-use DNS resolution of options with hostnames as values (e.g. next-server). * The option format for the server option omapi-key was changed to a format type 'k' (key name); while server options ldap-port and ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These three options were inadvertantly broken when the 'd' format content was changed to comply with RFC 1035 wire format (see Gitlab #2). * A delayed-ack value of 0 (the default), now correctly disables the delayed feature. A change in 4.4.0 prohibited lease updates marking leases active from be written to the lease file when delayed-ack is 0. This in turn, caused servers to lose active lease assignments upon restart. ! Option reference count was not correctly decremented in error path when parsing buffer for options. Reported by Felix Wilhelm, Google Security Team. CVE: CVE-2018-5733 ! Corrected an issue where large sized 'X/x' format options were causing option handling logic to overwrite memory when expanding them to human readable form. Reported by Felix Wilhelm, Google Security Team. CVE: CVE-2018-5732 * Added use of new Bind9 compatibility header files, that are now necessary to supply type definitions for primitive data types, removed from Bind9 proper. Altered util/bind.sh to pull from Bind9 repo on gitlab. * Duplicate address detection when binding to a new IPv6 address was added to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos. The scripts will check for DAD errors after binding to a new IPv6 address for at most --dad-wait-time seconds. If a DAD error is detected the script will exit with a value of 3, instructing dhclient to decline the address. If dad-wait-time is zero (the default), DAD error checking is not peformed. * Support for sending and receiving additional DHCP4 options has been added to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97 (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071). Beyond configuring, sending, requesting, and receiving these options neither server nor client apply any additional logic based on their values. Thanks to Peter Lewis for requesting this change. * Added clarifying text to dhcpd.conf.5 explaining the class match expressions cannot rely on the results of executable statements. * Fixed a bug which causes dhcpd and dhclient to crash on certain systems when given relative path names for lease or pid files on the command line. Affected systems are those on which the C library function, realpath() does not support a second parameter value of NULL (see manpages for realpath(3)). * Fixed a build issue when building with embedded BIND9 under OpenBSD that was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h. * Added /m4/README to the distribution tarball. Some versions of ac_local() treat the absence of the m4 subdirectory as error rather than warning. This was causing the call to autoreconf, necessary for building with libtool, to fail. * Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt) feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be enabled at compile time via --enable-relay-port and is fully backward compatible (i.e. works with previous implementations of servers and relays using the standard ports). A new --rp command line option specifies to dhcrelay an alternate source port for upstream (i.e. toward the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco systems for submitting these patches. * Added --release-on-roam to dhcpd server. When enabled and the server detects that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release the pre-existing leases on the old network and emit a log statement similar to the following: "Client: roamed to new network, releasing lease:
" The server will carry out all of the same steps that would normally occur when a client explicitly releases a lease. This behavior is disabled by default and may only be specified globally. Prior to this the server renders the leases unavailable until they expire or the server is restarted. Clients that need leases in multiple networks must supply a unique IAID in each IA. When release-on-roam is disabled (the default) the server maintains the prior behavior of making such leases unavailable until they expire or the server is restarted. Clients that need leases in multiple networks must supply a unique IAID in each IA. This parameter may only be specified at the global level. Thanks to Fernando Soto from BlueCat Networks for suggesting this change. * Support for delayed-ack is now compiled in by default. Prior to this it had to be enabled at compile time via --enable-delayed-acks. The default value for delayed-ack, however, has been changed from 28 to 0 (i.e. disabled). This was done to minimize the impact on users not currently using the feature. Please note that the delayed-ack feature is not currently compatible with support for DHPCv4-over-DHCPv6 so when a 4to6 port command line argument enables this in the server the delayed-ack value is reset to 0. * Added to the server (-6) a new statement, local-address6, which specifies the source address of packets sent by the server. An additional flag, bind-local-address6, disabled by default, binds the service socket to to local-address6. Note that bind-local-address does not work with direct clients: a relay has to forward packets to the server using the local-address6 destination. * The server now recognizes environment variables PATH_DHCPD_DB and PATH_DHCPD_PID. These had been incorrectly compiled out of the code unless DHCPv6 support was disabled. Additionally, the server man pages were corrected to accurately reflect how the server chooses file names (see lease-file-name and pid-file-name statements). Thanks to Fernando Soto at Bluecat Networks for bringing this matter to our attention. * Removed an "Impossible condition" error upon exit in the dhcpd server that has been shutdown via OMAPI. This condition was only apparent under Solaris when building with --enable-use-sockets and --enable-ipv4-pktinfo. * Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057. * Added missing text to dhclient.8 and expanded release note coverage for --address-prefix-len changes. - remove dhcp-CVE-2019-6470.patch, 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream - 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch 0009-dhcp-4.2.6-close-on-exec.patch 0016-infiniband-support.patch 0018-client-fail-on-script-pre-init-error-bsc-912098.patch 0021-dhcp-ip-family-symlinks.patch: refresh against newer code base - build with --enable-log-pid (log pid) and enable-binary-leases (faster binary looup for large leases files) ==== dosfstools ==== Version update (4.1+git.1610658652.9443732 -> 4.2) - update to 4.2: * mkfs.fat: Allow to specify disk geometry via new -g option * fsck.fat: Add code for fixing first FAT cluster * fatlabel: Do not call parts of fsck repair procedure * Update warning message about lowercase labels * mkfs.fat: Read geom_start from sysfs * Add missing files into distribution tarball ==== elfutils ==== Version update (0.182 -> 0.183) Subpackages: libasm1 libdw1 libelf1 - Update to version 0.183: debuginfod: New thread-busy metric and more detailed error metrics. New --fdcache-mintmp and tracking of filesystem freespace. New increased webapi concurrency while grooming. debuginfod-client: DEBUGINFOD_SONAME macro added to debuginfod.h which can be used to dlopen the libdebuginfod.so library. New function debuginfod_set_verbose_fd and DEBUGINFOD_VERBOSE environment variable. config: profile.sh and profile.csh won't export DEBUGINFOD_URLS unless configured --enable-debuginfod-urls[=URLS] elflint, readelf: Recognize SHF_GNU_RETAIN. Handle SHT_X86_64_UNWIND as valid relocation target. - Remove config-do-not-define-DEBUGINFOD_URLS-environment-var.patch patch. ==== fuse3 ==== Version update (3.10.1 -> 3.10.2) - Update to release 3.10.2 * Allow "nonempty" as a mount option, for backwards compatibility with fusermount 2. The option has no effect since mounting over non-empty directories is allowed by default. * FUSE filesystems can now be mounted underneath EXFAT mountpoints. ==== gcc11 ==== Version update (11.0.0+git182924 -> 11.0.0+git183291) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Bump to efcd941e86b507d77e90a1b13f621e036eacdb45. - Bump to 7a18bc4ae62081021f4fd90d591a588cac931f77. - New package, inherits from gcc10 * gcc-add-defaultsspec.diff, add the ability to provide a specs file that is read by default * tls-no-direct.diff, avoid direct %fs references on x86 to not slow down Xen * gcc43-no-unwind-tables.diff, do not produce unwind tables for CRT files * gcc41-ppc32-retaddr.patch, fix expansion of __builtin_return_addr for ppc, just a testcase * gcc44-textdomain.patch, make translation files version specific and adjust textdomain to find them * gcc44-rename-info-files.patch, fix cross-references in info files when renaming them to be version specific * gcc48-libstdc++-api-reference.patch, fix link in the installed libstdc++ html documentation * gcc48-remove-mpfr-2.4.0-requirement.patch, make GCC work with earlier mpfr versions on old products * gcc5-no-return-gcc43-workaround.patch, make build work with host gcc 4.3 * gcc7-remove-Wexpansion-to-defined-from-Wextra.patch, removes new warning from -Wextra * gcc7-avoid-fixinc-error.diff * gcc9-reproducible-builds-buildid-for-checksum.patch * gcc9-reproducible-builds.patch * gcc10-amdgcn-llvm-as.patch * gcc10-foffload-default.patch - libgccjit subpackage is added. - HWASAN is built for aarch64 target. ==== glib2 ==== Version update (2.66.4 -> 2.66.7) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.66.7: + Fix various regressions caused by rushed security fixes in 2.66.6. + Fix a silent integer truncation when calling `g_byte_array_new_take()` for byte arrays bigger than `G_MAXUINT`. + Disallow using currently-undefined D-Bus connection or server flags to prevent forward-compatibility problems with new security-sensitive flags likely to be released in GLib 2.68. + Bugs fixed: glgo#GNOME/GLib!1933, glgo#GNOME/GLib!1943, glgo#GNOME/GLib!1944, glgo#GNOME/GLib!1945. - Update to version 2.66.6: + Fix various instances within GLib where `g_memdup()` was vulnerable to a silent integer truncation and heap overflow problem (glgo#GNOME/GLib#2319). - Update to version 2.66.5: + Fix some issues with handling over-long (invalid) input when parsing for `GDate`. + Don?t load GIO modules or parse other GIO environment variables when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap process). GIO has always been documented as not being safe to use in privileged processes, but people persist in using it unsafely, so these changes should harden things against potential attacks at least a little. Unfortunately they break a couple of projects which were relying on reading `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for setgid/setcap (but not setuid) processes. This loophole will be closed in GLib 2.70 (see issue #2316), which should give modules 6 months to change their behaviour. + Fix `g_spawn()` searching `PATH` when it wasn?t meant to. + Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820, glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831, glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864, glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913, glgo#GNOME/GLib!1922. - Rebase/refresh patches: + glib2-dbus-socket-path.patch + glib2-fate300461-gettext-gkeyfile-suse.patch + glib2-gdbus-codegen-version.patch + glib2-suppress-schema-deprecated-path-warning.patch + glib2-bgo569829-gettext-gkeyfile.patch ==== glibc ==== Version update (2.32 -> 2.33) Subpackages: glibc-locale glibc-locale-base - Update to glibc 2.33 * The dynamic linker accepts the --list-tunables argument which prints all the supported tunables. * The dynamic linker accepts the --argv0 argument and provides opportunity to change argv[0] string. * The dynamic linker loads optimized implementations of shared objects from subdirectories under the glibc-hwcaps directory on the library search path if the system's capabilities meet the requirements for that subdirectory. * The new --help option of the dynamic linker provides usage and information and library search path diagnostics. * The mallinfo2 function is added to report statistics as per mallinfo, but with larger field widths to accurately report values that are larger than fit in an integer. * Add to provide query macros for x86 CPU features. * A new fortification level _FORTIFY_SOURCE=3 is available. * The mallinfo function is marked deprecated. * When dlopen is used in statically linked programs, alternative library implementations from HWCAP subdirectories are no longer loaded. * The deprecated header and the function vtimes have been removed. * On s390(x), the type float_t is now derived from the macro __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being hardcoded to double. * A future version of glibc will stop loading shared objects from the "tls" subdirectories on the library search path, the subdirectory that corresponds to the AT_PLATFORM system name, and also stop employing the legacy AT_HWCAP search mechanism. * CVE-2021-3326: An assertion failure during conversion from the ISO-20220-JP-3 character set using the iconv function has been fixed. - Remove obsolete, unused /etc/default/nss - aarch64-static-pie.patch, euc-kr-overrun.patch, get-nprocs-cpu-online-parsing.patch, iconv-redundant-shift.patch, iconv-ucs4-loop-bounds.patch, ifunc-fma4.patch, intl-codeset-suffixes.patch, nscd-gc-cycle.patch, printf-long-double-non-normal.patch, strerrorname-np.patch, syslog-locking.patch, sysvipc.patch: Removed - Remove support for %optimize_power - Move to power4 baseline on ppc ==== gptfdisk ==== Version update (1.0.5 -> 1.0.6) - Update to 1.0.6 * Fixed bug that could cause segfault if GPT header claimed partition entries are oversized. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0256 * Fixed bug that could cause a crash if a badly-formatted MBR disk was read. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0308 * Renamed the partition type "Freedesktop $BOOT" to "XBOOTLDR partition". * Added several more Freedesktop partition table type codes (0x8312 through 0x831C). * Fixed type code definition in diskio-unix.cc that prevented 32-bit builds from correctly handling disks over 4 TiB in size. * Minor tweaks to get the software to compile on FreeBSD; that seems to have fallen into disrepair. ==== haproxy ==== Version update (2.3.4+git0.10189c965 -> 2.3.5+git0.5902ad99b) - Update to version 2.3.5+git0.5902ad99b: * [RELEASE] Released version 2.3.5 * MINOR: config: Deprecate and ignore tune.chksize global option * BUG/MINOR: sock: Unclosed fd in case of connection allocation failure * BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED * BUG/MEDIUM: mux-h2: handle remaining read0 cases * BUILD: Makefile: move REGTESTST_TYPE default setting * MINOR: cli/show_fd: report local and report ports when known * BUILD: ssl: fix build breakage with last commit * BUG/MINOR: ssl: do not try to use early data if not configured * BUG/MINOR: xxhash: make sure armv6 uses memcpy() * BUG/MINOR: mux_h2: fix incorrect stat titles * BUG/MEDIUM: ssl: check a connection's status before computing a handshake * BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store * BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list * DOC: management: fix "show resolvers" alphabetical ordering * MINOR: h1: Raise the chunk size limit up to (2^52 - 1) * MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls * MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls * MINOR: ssl/show_fd: report some FDs as suspicious when possible * MINOR: cli/show_fd: report some easily detectable suspicious states * MINOR: cli: give the show_fd helpers the ability to report a suspicious entry * MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known * MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known * MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known * MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them * MINOR: ssl: provide a "show fd" helper to report important SSL information * MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps. * MINOR: cli: make "show fd" also report the xprt and xprt_ctx * CLEANUP: cli: make "show fd" use a const connection to access other fields * CLEANUP: tools: make resolve_sym_name() take a const pointer * MINOR: contrib: Make the wireshark peers dissector compile for more distribs. * BUG/MINOR: backend: check available list allocation for reuse * BUG/MEDIUM: backend: never reuse a connection for tcp mode * REORG: backend: simplify conn_backend_get * BUG/MEDIUM: session: only retrieve ready idle conn from session * BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() * BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name * BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown * DOC: Improve documentation of the various hdr() fetches * BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX * BUG/MEDIUM: mux-h2: fix read0 handling on partial frames * BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context * BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() * BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper * BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. * MINOR: build: discard echoing in help target * BUG/MINOR: peers: Possible appctx pointer dereference. * BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition * BUILD: peers: fix build warning about unused variable * BUG/MINOR: dns: SRV records ignores duplicated AR records (v2) * MINOR: peers: Add traces for peer control messages. * BUG/MINOR: threads: Fixes the number of possible cpus report for Mac. * MINOR: server: Forbid server definitions in frontend sections * MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities * BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable ==== helm ==== Version update (3.4.2 -> 3.5.2) - Update to version 3.5.2: * Upgrade to oras v0.9.0 (#9269) * Adding missing replace directive for oras * chore(go.mod): bump Masterminds/{spring,goutils} and deislabs/oras * fix(*): Validate metadata semver and printable characters * Fix dep build with OCI based charts * bump version to * Adding apiserver to mod/sum * Reduce linting severity for users of out-of-date kubernetes (#8608) * Bumping kubernetes to 1.20.1 * Add explanatory comments to action.List and action.History * Address error on deletion of old dependencies * Fixed bug - The flags --cert-file/--key-file where ignored when --insecure-skip-tls-verify flag is set (#9070) * Replace Helm Hub with Artifact Hub (#8626) * fix(pkg/chartutil): Remove warning for nils * Updating to sprig 3.2.0 * Updating to Kuberentes 1.20 packages * Bump github.com/Masterminds/semver/v3 from 3.1.0 to 3.1.1 (#9109) * Bump github.com/Masterminds/squirrel from 1.4.0 to 1.5.0 (#9108) * Bump github.com/lib/pq from 1.8.0 to 1.9.0 (#9107) * Remove OCI boolean from struct * Clean up imports and add doc comments * Implement `helm pull` for OCI registries * Adds the option kube-cafile and env variable HELM_KUBECAFILE for a overwrite of the certificate authority file * Builds with go 1.15 * Updating to Kubernetes 1.19.4 package versions * Add CodeQL Security Scanning * Fix test * Fixes #9083 * [COMMENT]fix comment * Fix typo * fix: ingress path issue * Revert "Add support to judge whether desired version is available or not" * Cleanup tempfiles introduced by unit tests under pkg/ * bump actions/stale to v3.0.14 * increase number of operations per run to 100 * feat(helm): Allow generating markdown docs headers * chore(comp): Remove unnecessary completion code * Added tests for PR 8948 * add unittes for 'helm dep build' with --skip-refresh flag. * Updating to k8s 1.19.3 based packages * lint: lint all documents in a multi-doc yaml file * fix(helm): flag descriptions start with lowercase * List either incubator or stable. * add waitwithjobs instead of changing wait api * add wait-for-jobs flag * fix style conformance * fix test-style error * add test cases * helm upgrade with --wait support jobs in manifest to be completed * completion: move to native zshCompletion * Add remaining tests in TestDependentChartAliases * Clarifies action needed to list new stable repo * feat: Allow helm test to run a subset of tests * Fix that the invalid version number of the helm package command will escape * Updating descriptions * Add support to judge whether desired version is available or not * Add test case for LoadFiles * Fixes Error: could not find protocol handler for * [#7696] Avoid crash in chart loader on unexpected file sequence * helm search supports semver pre version numbers starting with 0 * added test for https://github.com/helm/helm/pull/8913 related to https://github.com/helm/helm/issues/8621 * [#7696] Avoid crash in chart loader on unexpected file sequence * feat(test): Adapt completion tests to Cobra 1.1 * Bump github.com/spf13/cobra from 1.0.0 to 1.1.1 * Update err message to use the regex pattern directly * Fix the lint error message for valid names * do not check YAML if nothing was parsed * fix(test): display error message * bump version to v3.4.0 * Skip tests when running helm template * Add --skip-refresh option in helm dep build * Adjusted import * Reuse kube-client * fix(helm): allow skipping manifests in tests directories * prepare testdata * Bugfix: panic when chart contains requirements.lock ==== json-glib ==== Version update (1.6.0 -> 1.6.2) - Update to version 1.6.2: + Fix build reproducibility. + Fix parsing of UTF-16 surrogate pairs. + Ignore UTF-8 BOM. ==== kbd ==== Version update (2.3.0 -> 2.4.0) Subpackages: kbd-legacy - Update to version 2.4.0: * po: Update cs and sr translations (from translationproject.org) * libkfont: Use only KDFONTOP * Added support for a few derivatives of neo * Fix use-after-free of pipe_cmd * Update solar24x32 font * vlock's pam config added to destination directory * Update sun12x22.psfu * libkeymap: unify non/unicode accent_table generation * libkeymap: note about --unicode use * libkeymap: remove last ushort * fi.map: use newly added deadkeys * Do not install internal library * Additional deadkeys - Remove kbd-1.15.2-setfont-no-cruft.patch The old ioctls were finally dropped. ==== kernel-default-base ==== Version update (5.10.12 -> 5.10.16) - Add modules which got lost when migrating away from supported.conf (bsc#1182110): * am53c974 had a typo * cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress - Also add vport-* modules for Open vSwitch ==== kernel-firmware ==== Version update (20210119 -> 20210208) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20210208 (commit b79d2396bc63): * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304 * linux-firmware: add firmware for MT7921 * rtw88: RTL8821C: Update firmware to v24.8 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * i915: Add DMC v2.01 for ADL-S * i915: Add HuC v7.7.1 for DG1 * i915: Add GuC v49.0.1 for DG1 * qcom: Add venus firmware files for VPU-1.0 * qcom: Add SM8250 Compute DSP firmware * qcom: Add SM8250 Audio DSP firmware * qcom: add firmware files for Adreno a650 ==== kernel-source ==== Version update (5.10.12 -> 5.10.16) - Linux 5.10.16 (bsc#1012628). - squashfs: add more sanity checks in xattr id lookup (bsc#1012628). - squashfs: add more sanity checks in inode lookup (bsc#1012628). - squashfs: add more sanity checks in id lookup (bsc#1012628). - squashfs: avoid out of bounds writes in decompressors (bsc#1012628). - Revert "mm: memcontrol: avoid workload stalls when lowering memory.high" (bsc#1012628). - nilfs2: make splice write available again (bsc#1012628). - drm/i915: Skip vswing programming for TBT (bsc#1012628). - drm/i915: Fix ICL MG PHY vswing handling (bsc#1012628). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1012628). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1012628). - bpf: Fix verifier jmp32 pruning decision logic (bsc#1012628). - regulator: Fix lockdep warning resolving supplies (bsc#1012628). - blk-cgroup: Use cond_resched() when destroy blkgs (bsc#1012628). - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (bsc#1012628). - SUNRPC: Handle 0 length opaque XDR object data properly (bsc#1012628). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (bsc#1012628). - iwlwifi: queue: bail out on invalid freeing (bsc#1012628). - iwlwifi: mvm: guard against device removal in reprobe (bsc#1012628). - iwlwifi: pcie: add rules to match Qu with Hr2 (bsc#1012628). - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (bsc#1012628). - iwlwifi: pcie: fix context info memory leak (bsc#1012628). - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (bsc#1012628). - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (bsc#1012628). - iwlwifi: mvm: skip power command when unbinding vif during CSA (bsc#1012628). - ASoC: Intel: sof_sdw: set proper flags for Dell TGL-H SKU 0A5E (bsc#1012628). - ASoC: ak4458: correct reset polarity (bsc#1012628). - ALSA: hda: intel-dsp-config: add PCI id for TGL-H (bsc#1012628). - pNFS/NFSv4: Improve rejection of out-of-order layouts (bsc#1012628). - pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() (bsc#1012628). - chtls: Fix potential resource leak (bsc#1012628). - ASoC: Intel: Skylake: Zero snd_ctl_elem_value (bsc#1012628). - mac80211: 160MHz with extended NSS BW in CSA (bsc#1012628). - drm/nouveau/nvif: fix method count when pushing an array (bsc#1012628). - ASoC: wm_adsp: Fix control name parsing for multi-fw (bsc#1012628). - regulator: core: avoid regulator_resolve_supply() race condition (bsc#1012628). - af_key: relax availability checks for skb size calculation (bsc#1012628). - powerpc/64/signal: Fix regression in __kernel_sigtramp_rt64() semantics (bsc#1012628). - gpiolib: cdev: clear debounce period if line set to output (bsc#1012628). - io_uring: drop mm/files between task_work_submit (bsc#1012628). - io_uring: reinforce cancel on flush during exit (bsc#1012628). - io_uring: fix sqo ownership false positive warning (bsc#1012628). - io_uring: fix list corruption for splice file_get (bsc#1012628). - io_uring: fix flush cqring overflow list while TASK_INTERRUPTIBLE (bsc#1012628). - io_uring: fix cancellation taking mutex while TASK_UNINTERRUPTIBLE (bsc#1012628). - io_uring: replace inflight_wait with tctx->wait (bsc#1012628). - io_uring: fix __io_uring_files_cancel() with TASK_UNINTERRUPTIBLE (bsc#1012628). - io_uring: if we see flush on exit, cancel related tasks (bsc#1012628). - io_uring: account io_uring internal files as REQ_F_INFLIGHT (bsc#1012628). - io_uring: fix files cancellation (bsc#1012628). - io_uring: always batch cancel in *cancel_files() (bsc#1012628). - io_uring: pass files into kill timeouts/poll (bsc#1012628). - io_uring: don't iterate io_uring_cancel_files() (bsc#1012628). - io_uring: add a {task,files} pair matching helper (bsc#1012628). - io_uring: simplify io_task_match() (bsc#1012628). - commit 11381f3 - Update config files: enable CONFIG_SERIAL_DEV_CTRL_TTYPORT on x86 (bsc#1182035) For supporting MS Surface devices. This required CONFIG_SERIAL_DEV_BUS to be built-in. Also this allowed CONFIG_BT_HCIUART_BCM=y as well. - commit 2d8fb7a - media: pwc: Use correct device for DMA (bsc#1181133). - commit 4a7417d - Drop pwc fix patch; it'll be replaced with the upstream fix (bsc#1181133) - commit 2202405 - Update config files: armv7hl: Set ledtrig-default-on as builtin (bsc#1182128) - commit d24d9b2 - btrfs: fix crash after non-aligned direct IO write with O_DSYNC (bsc#1181605). - commit 9e44573 - Update config files: Set ledtrig-default-on as builtin (bsc#1182128) - commit 7119d5a - Update config files. Enable DWC3 on x86_64 DWC3 is now needed on x86_64, too, with the added benefit of making x86_64 and ARM64 closer (jsc#SLE-14042) - commit 7cc21b5 - Linux 5.10.15 (bsc#1012628). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (bsc#1012628). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (bsc#1012628). - USB: serial: option: Adding support for Cinterion MV31 (bsc#1012628). - usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada 3720 (bsc#1012628). - USB: gadget: legacy: fix an error code in eth_bind() (bsc#1012628). - usb: gadget: aspeed: add missing of_node_put (bsc#1012628). - USB: usblp: don't call usb_set_interface if there's a single alt (bsc#1012628). - usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() (bsc#1012628). - usb: dwc2: Fix endpoint direction check in ep_from_windex (bsc#1012628). - usb: dwc3: fix clock issue during resume in OTG mode (bsc#1012628). - usb: xhci-mtk: fix unreleased bandwidth data (bsc#1012628). - usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints (bsc#1012628). - usb: xhci-mtk: break loop when find the endpoint to drop (bsc#1012628). - ARM: OMAP1: OSK: fix ohci-omap breakage (bsc#1012628). - arm64: dts: qcom: c630: keep both touchpad devices enabled (bsc#1012628). - Input: i8042 - unbreak Pegatron C15B (bsc#1012628). - arm64: dts: amlogic: meson-g12: Set FL-adj property value (bsc#1012628). - arm64: dts: rockchip: fix vopl iommu irq on px30 (bsc#1012628). - arm64: dts: rockchip: Use only supported PCIe link speed on Pinebook Pro (bsc#1012628). - ARM: dts: stm32: Fix polarity of the DH DRC02 uSD card detect (bsc#1012628). - ARM: dts: stm32: Connect card-detect signal on DHCOM (bsc#1012628). - ARM: dts: stm32: Disable WP on DHCOM uSD slot (bsc#1012628). - ARM: dts: stm32: Disable optional TSC2004 on DRC02 board (bsc#1012628). - ARM: dts: stm32: Fix GPIO hog flags on DHCOM DRC02 (bsc#1012628). - vdpa/mlx5: Fix memory key MTT population (bsc#1012628). - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1012628). - bpf, cgroup: Fix problematic bounds check (bsc#1012628). - bpf, inode_storage: Put file handler if no storage was found (bsc#1012628). - um: virtio: free vu_dev only with the contained struct device (bsc#1012628). - bpf, preload: Fix build when $(O) points to a relative path (bsc#1012628). - arm64: dts: meson: switch TFLASH_VDD_EN pin to open drain on Odroid-C4 (bsc#1012628). - r8169: work around RTL8125 UDP hw bug (bsc#1012628). - rxrpc: Fix deadlock around release of dst cached on udp tunnel (bsc#1012628). - arm64: dts: ls1046a: fix dcfg address range (bsc#1012628). - SUNRPC: Fix NFS READs that start at non-page-aligned offsets (bsc#1012628). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (bsc#1012628). - igc: check return value of ret_val in igc_config_fc_after_link_up (bsc#1012628). - i40e: Revert "i40e: don't report link up for a VF who hasn't enabled queues" (bsc#1012628). - ibmvnic: device remove has higher precedence over reset (bsc#1012628). - net/mlx5: Fix leak upon failure of rule creation (bsc#1012628). - net/mlx5e: Update max_opened_tc also when channels are closed (bsc#1012628). - net/mlx5e: Release skb in case of failure in tc update skb (bsc#1012628). - net: lapb: Copy the skb before sending a packet (bsc#1012628). - net: mvpp2: TCAM entry enable should be written after SRAM data (bsc#1012628). - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (bsc#1012628). - net: ipa: pass correct dma_handle to dma_free_coherent() (bsc#1012628). - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (bsc#1012628). - nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs (bsc#1012628). - vdpa/mlx5: Restore the hardware used index after change map (bsc#1012628). - memblock: do not start bottom-up allocations with kernel_end (bsc#1012628). - kbuild: fix duplicated flags in DEBUG_CFLAGS (bsc#1012628). - thunderbolt: Fix possible NULL pointer dereference in tb_acpi_add_link() (bsc#1012628). - ovl: fix dentry leak in ovl_get_redirect (bsc#1012628). - ovl: avoid deadlock on directory ioctl (bsc#1012628). - ovl: implement volatile-specific fsync error behaviour (bsc#1012628). - mac80211: fix station rate table updates on assoc (bsc#1012628). - gpiolib: free device name on error path to fix kmemleak (bsc#1012628). - fgraph: Initialize tracing_graph_pause at task creation (bsc#1012628). - tracing/kprobe: Fix to support kretprobe events on unloaded modules (bsc#1012628). - kretprobe: Avoid re-registration of the same kretprobe earlier (bsc#1012628). - tracing: Use pause-on-trace with the latency tracers (bsc#1012628). - tracepoint: Fix race between tracing and removing tracepoint (bsc#1012628). - libnvdimm/namespace: Fix visibility of namespace resource attribute (bsc#1012628). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1012628). - genirq: Prevent [devm_]irq_alloc_desc from returning irq 0 (bsc#1012628). - genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set (bsc#1012628). - scripts: use pkg-config to locate libcrypto (bsc#1012628). - xhci: fix bounce buffer usage for non-sg list case (bsc#1012628). - RISC-V: Define MAXPHYSMEM_1GB only for RV32 (bsc#1012628). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1012628). - iommu: Check dev->iommu in dev_iommu_priv_get() before dereferencing it (bsc#1012628). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1012628). - smb3: fix crediting for compounding when only one request in flight (bsc#1012628). - mmc: sdhci-pltfm: Fix linking err for sdhci-brcmstb (bsc#1012628). - mmc: core: Limit retries when analyse of SDIO tuples fails (bsc#1012628). - Fix unsynchronized access to sev members through svm_register_enc_region (bsc#1012628). - drm/dp/mst: Export drm_dp_get_vc_payload_bw() (bsc#1012628). - drm/i915: Fix the MST PBN divider calculation (bsc#1012628). - drm/i915/gem: Drop lru bumping on display unpinning (bsc#1012628). - drm/i915/gt: Close race between enable_breadcrumbs and cancel_breadcrumbs (bsc#1012628). - drm/i915/display: Prevent double YUV range correction on HDR planes (bsc#1012628). - drm/i915: Extract intel_ddi_power_up_lanes() (bsc#1012628). - drm/i915: Power up combo PHY lanes for for HDMI as well (bsc#1012628). - drm/amd/display: Revert "Fix EDID parsing after resume from suspend" (bsc#1012628). - io_uring: don't modify identity's files uncess identity is cowed (bsc#1012628). - nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs (bsc#1012628). - KVM: SVM: Treat SVM as unsupported when running as an SEV guest (bsc#1012628). - KVM: x86/mmu: Fix TDP MMU zap collapsible SPTEs (bsc#1012628). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1012628). - KVM: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl (bsc#1012628). - KVM: x86: Update emulator context mode if SYSENTER xfers to 64-bit mode (bsc#1012628). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1012628). - DTS: ARM: gta04: remove legacy spi-cs-high to make display work again (bsc#1012628). - ARM: dts; gta04: SPI panel chip select is active low (bsc#1012628). - ARM: footbridge: fix dc21285 PCI configuration accessors (bsc#1012628). - ARM: 9043/1: tegra: Fix misplaced tegra_uart_config in decompressor (bsc#1012628). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (bsc#1012628). - mm: hugetlb: fix a race between freeing and dissolving the page (bsc#1012628). - mm: hugetlb: fix a race between isolating and freeing page (bsc#1012628). - mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active (bsc#1012628). - mm, compaction: move high_pfn to the for loop scope (bsc#1012628). - mm/vmalloc: separate put pages and flush VM flags (bsc#1012628). - mm: thp: fix MADV_REMOVE deadlock on shmem THP (bsc#1012628). - mm/filemap: add missing mem_cgroup_uncharge() to __add_to_page_cache_locked() (bsc#1012628). - x86/build: Disable CET instrumentation in the kernel (bsc#1012628). - x86/debug: Fix DR6 handling (bsc#1012628). - x86/debug: Prevent data breakpoints on __per_cpu_offset (bsc#1012628). - x86/debug: Prevent data breakpoints on cpu_dr7 (bsc#1012628). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1012628). - Input: goodix - add support for Goodix GT9286 chip (bsc#1012628). - Input: xpad - sync supported devices with fork on GitHub (bsc#1012628). - Input: ili210x - implement pressure reporting for ILI251x (bsc#1012628). - md: Set prev_flush_start and flush_bio in an atomic way (bsc#1012628). - igc: Report speed and duplex as unknown when device is runtime suspended (bsc#1012628). - neighbour: Prevent a dead entry from updating gc_list (bsc#1012628). - net: ip_tunnel: fix mtu calculation (bsc#1012628). - udp: ipv4: manipulate network header of NATed UDP GRO fraglist (bsc#1012628). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (bsc#1012628). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1012628). - commit 24c2efe - Update patches.kernel.org/5.10.13-143-vsock-fix-the-race-conditions-in-multi-transp.patch (bsc#1012628 bsc#1181806 CVE-2021-26708). Add CVE number. - commit bf327d1 - config: arm64: Use y for CLK_RK3399 This is to fix booting on RK3399 systems (JeOS-rockpi4) When compiled as 'm' there are lots of errors related to clk and no host mmc controler initialized. - commit 52fdc54 - Linux 5.10.14 (bsc#1012628). - workqueue: Restrict affinity change to rescuer (bsc#1012628). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1012628). - x86/cpu: Add another Alder Lake CPU to the Intel family (bsc#1012628). - objtool: Don't fail the kernel build on fatal errors (bsc#1012628). - habanalabs: disable FW events on device removal (bsc#1012628). - habanalabs: fix backward compatibility of idle check (bsc#1012628). - habanalabs: zero pci counters packet before submit to FW (bsc#1012628). - drm/amd/display: Fixed corruptions on HPDRX link loss restore (bsc#1012628). - drm/amd/display: Use hardware sequencer functions for PG control (bsc#1012628). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (bsc#1012628). - drm/amd/display: Allow PSTATE chnage when no displays are enabled (bsc#1012628). - drm/amd/display: Update dram_clock_change_latency for DCN2.1 (bsc#1012628). - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1012628). - platform/x86: thinkpad_acpi: Add P53/73 firmware to fan_quirk_table for dual fan control (bsc#1012628). - nvmet: set right status on error in id-ns handler (bsc#1012628). - nvme-pci: allow use of cmb on v1.4 controllers (bsc#1012628). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1012628). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1012628). - nvme: check the PRINFO bit before deciding the host buffer length (bsc#1012628). - udf: fix the problem that the disc content is not displayed (bsc#1012628). - i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO (bsc#1012628). - ALSA: hda: Add Cometlake-R PCI ID (bsc#1012628). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1012628). - mac80211: fix encryption key selection for 802.3 xmit (bsc#1012628). - mac80211: fix fast-rx encryption check (bsc#1012628). - mac80211: fix incorrect strlen of .write in debugfs (bsc#1012628). - objtool: Don't add empty symbols to the rbtree (bsc#1012628). - ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid (bsc#1012628). - ASoC: SOF: Intel: hda: Resume codec to do jack detection (bsc#1012628). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (bsc#1012628). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1012628). - scsi: scsi_transport_srp: Don't block target in failfast state (bsc#1012628). - x86: __always_inline __{rd,wr}msr() (bsc#1012628). - locking/lockdep: Avoid noinstr warning for DEBUG_LOCKDEP (bsc#1012628). - habanalabs: fix dma_addr passed to dma_mmap_coherent (bsc#1012628). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (bsc#1012628). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (bsc#1012628). - tools/power/x86/intel-speed-select: Set higher of cpuinfo_max_freq or base_frequency (bsc#1012628). - tools/power/x86/intel-speed-select: Set scaling_max_freq to base_frequency (bsc#1012628). - phy: cpcap-usb: Fix warning for missing regulator_disable (bsc#1012628). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1012628). - ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD (bsc#1012628). - Revert "x86/setup: don't remove E820_TYPE_RAM for pfn 0" (bsc#1012628). - arm64: Do not pass tagged addresses to __is_lm_address() (bsc#1012628). - arm64: Fix kernel address detection of __is_lm_address() (bsc#1012628). - arm64: dts: meson: Describe G12b GPU as coherent (bsc#1012628). - drm/panfrost: Support cache-coherent integrations (bsc#1012628). - iommu/io-pgtable-arm: Support coherency for Mali LPAE (bsc#1012628). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1012628). - net: switchdev: don't set port_obj_info->handled true when - EOPNOTSUPP (bsc#1012628). - net: dsa: bcm_sf2: put device node before return (bsc#1012628). - mlxsw: spectrum_span: Do not overwrite policer configuration (bsc#1012628). - stmmac: intel: Configure EHL PSE0 GbE and PSE1 GbE to 32 bits DMA addressing (bsc#1012628). - net: octeontx2: Make sure the buffer is 128 byte aligned (bsc#1012628). - net: fec: put child node on error path (bsc#1012628). - net: stmmac: dwmac-intel-plat: remove config data on error (bsc#1012628). - net: dsa: microchip: Adjust reset release timing to match reference reset circuit (bsc#1012628). - commit 0a69f62 - Update patches.kernel.org/5.10.13-143-vsock-fix-the-race-conditions-in-multi-transp.patch (bsc#1012628 bsc#1181806). Add bsc reference. - commit 64ec974 - net/mlx5: Fix function calculation for page trees (git-fixes). - commit e976b88 - Linux 5.10.13 (bsc#1012628). - iwlwifi: provide gso_type to GSO packets (bsc#1012628). - nbd: freeze the queue while we're adding connections (bsc#1012628). - tty: avoid using vfs_iocb_iter_write() for redirected console writes (bsc#1012628). - ACPI: sysfs: Prefer "compatible" modalias (bsc#1012628). - ACPI: thermal: Do not call acpi_thermal_check() directly (bsc#1012628). - kernel: kexec: remove the lock operation of system_transition_mutex (bsc#1012628). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (bsc#1012628). - parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES (bsc#1012628). - media: cec: add stm32 driver (bsc#1012628). - media: cedrus: Fix H264 decoding (bsc#1012628). - media: hantro: Fix reset_raw_fmt initialization (bsc#1012628). - media: rc: fix timeout handling after switch to microsecond durations (bsc#1012628). - media: rc: ite-cir: fix min_timeout calculation (bsc#1012628). - media: rc: ensure that uevent can be read directly after rc device register (bsc#1012628). - ARM: dts: tbs2910: rename MMC node aliases (bsc#1012628). - ARM: dts: ux500: Reserve memory carveouts (bsc#1012628). - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (bsc#1012628). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (bsc#1012628). - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1012628). - ASoC: AMD Renoir - refine DMI entries for some Lenovo products (bsc#1012628). - Revert "drm/amdgpu/swsmu: drop set_fan_speed_percent (v2)" (bsc#1012628). - drm/nouveau/kms/gk104-gp1xx: Fix > 64x64 cursors (bsc#1012628). - drm/i915: Always flush the active worker before returning from the wait (bsc#1012628). - drm/i915/gt: Always try to reserve GGTT address 0x0 (bsc#1012628). - drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes (bsc#1012628). - bcache: only check feature sets when sb->version >= BCACHE_SB_VERSION_CDEV_WITH_FEATURES (bsc#1012628). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (bsc#1012628). - s390: uv: Fix sysfs max number of VCPUs reporting (bsc#1012628). - s390/vfio-ap: No need to disable IRQ after queue reset (bsc#1012628). - PM: hibernate: flush swap writer after marking (bsc#1012628). - x86/entry: Emit a symbol for register restoring thunk (bsc#1012628). - efi/apple-properties: Reinstate support for boolean properties (bsc#1012628). - crypto: marvel/cesa - Fix tdma descriptor on 64-bit (bsc#1012628). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (bsc#1012628). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (bsc#1012628). - btrfs: fix lockdep warning due to seqcount_mutex on 32bit arch (bsc#1012628). - btrfs: fix possible free space tree corruption with online conversion (bsc#1012628). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (bsc#1012628). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (bsc#1012628). - KVM: arm64: Filter out v8.1+ events on v8.0 HW (bsc#1012628). - KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit (bsc#1012628). - KVM: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX (bsc#1012628). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1012628). - KVM: x86: get smi pending status correctly (bsc#1012628). - KVM: Forbid the use of tagged userspace addresses for memslots (bsc#1012628). - io_uring: fix wqe->lock/completion_lock deadlock (bsc#1012628). - xen: Fix XenStore initialisation for XS_LOCAL (bsc#1012628). - leds: trigger: fix potential deadlock with libata (bsc#1012628). - arm64: dts: broadcom: Fix USB DMA address translation for Stingray (bsc#1012628). - mt7601u: fix kernel crash unplugging the device (bsc#1012628). - mt76: mt7663s: fix rx buffer refcounting (bsc#1012628). - mt7601u: fix rx buffer refcounting (bsc#1012628). - iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit (bsc#1012628). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (bsc#1012628). - drm/i915/pmu: Don't grab wakeref when enabling events (bsc#1012628). - net/mlx5e: Fix IPSEC stats (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight (bsc#1012628). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (bsc#1012628). - drm/vc4: Correct lbm size and calculation (bsc#1012628). - drm/vc4: Correct POS1_SCL for hvs5 (bsc#1012628). - drm/i915: Check for all subplatform bits (bsc#1012628). - drm/i915/selftest: Fix potential memory leak (bsc#1012628). - uapi: fix big endian definition of ipv6_rpl_sr_hdr (bsc#1012628). - KVM: Documentation: Fix spec for KVM_CAP_ENABLE_CAP_VM (bsc#1012628). - tee: optee: replace might_sleep with cond_resched (bsc#1012628). - xen-blkfront: allow discard-* nodes to be optional (bsc#1012628). - blk-mq: test QUEUE_FLAG_HCTX_ACTIVE for sbitmap_shared in hctx_may_queue (bsc#1012628). - clk: imx: fix Kconfig warning for i.MX SCU clk (bsc#1012628). - clk: mmp2: fix build without CONFIG_PM (bsc#1012628). - clk: qcom: gcc-sm250: Use floor ops for sdcc clks (bsc#1012628). - ARM: imx: build suspend-imx6.S with arm instruction set (bsc#1012628). - ARM: zImage: atags_to_fdt: Fix node names on added root nodes (bsc#1012628). - netfilter: nft_dynset: add timeout extension to template (bsc#1012628). - Revert "RDMA/mlx5: Fix devlink deadlock on net namespace deletion" (bsc#1012628). - Revert "block: simplify set_init_blocksize" to regain lost performance (bsc#1012628). - xfrm: Fix oops in xfrm_replay_advance_bmp (bsc#1012628). - xfrm: fix disable_xfrm sysctl when used on xfrm interfaces (bsc#1012628). - selftests: xfrm: fix test return value override issue in xfrm_policy.sh (bsc#1012628). - xfrm: Fix wraparound in xfrm_policy_addr_delta() (bsc#1012628). - arm64: dts: ls1028a: fix the offset of the reset register (bsc#1012628). - ARM: imx: fix imx8m dependencies (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (bsc#1012628). - ARM: dts: imx6qdl-sr-som: fix some cubox-i platforms (bsc#1012628). - arm64: dts: imx8mp: Correct the gpio ranges of gpio3 (bsc#1012628). - firmware: imx: select SOC_BUS to fix firmware build (bsc#1012628). - RDMA/cxgb4: Fix the reported max_recv_sge value (bsc#1012628). - ASoC: dt-bindings: lpass: Fix and common up lpass dai ids (bsc#1012628). - ASoC: qcom: Fix incorrect volatile registers (bsc#1012628). - ASoC: qcom: Fix broken support to MI2S TERTIARY and QUATERNARY (bsc#1012628). - ASoC: qcom: lpass-ipq806x: fix bitwidth regmap field (bsc#1012628). - spi: altera: Fix memory leak on error path (bsc#1012628). - ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete (bsc#1012628). - powerpc/64s: prevent recursive replay_soft_interrupts causing superfluous interrupt (bsc#1012628). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (bsc#1012628). - pNFS/NFSv4: Update the layout barrier when we schedule a layoutreturn (bsc#1012628). - ASoC: SOF: Intel: soundwire: fix select/depend unmet dependencies (bsc#1012628). - ASoC: qcom: lpass: Fix out-of-bounds DAI ID lookup (bsc#1012628). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1012628). - iwlwifi: pnvm: don't skip everything when not reloading (bsc#1012628). - iwlwifi: pnvm: don't try to load after failures (bsc#1012628). - iwlwifi: pcie: set LTR on more devices (bsc#1012628). - iwlwifi: pcie: use jiffies for memory read spin time limit (bsc#1012628). - iwlwifi: pcie: reschedule in long-running memory reads (bsc#1012628). - mac80211: pause TX while changing interface type (bsc#1012628). - ice: fix FDir IPv6 flexbyte (bsc#1012628). - ice: Implement flow for IPv6 next header (extension header) (bsc#1012628). - ice: update dev_addr in ice_set_mac_address even if HW filter exists (bsc#1012628). - ice: Don't allow more channels than LAN MSI-X available (bsc#1012628). - ice: Fix MSI-X vector fallback logic (bsc#1012628). - i40e: acquire VSI pointer only after VF is initialized (bsc#1012628). - igc: fix link speed advertising (bsc#1012628). - net/mlx5: Fix memory leak on flow table creation error flow (bsc#1012628). - net/mlx5e: E-switch, Fix rate calculation for overflow (bsc#1012628). - net/mlx5e: free page before return (bsc#1012628). - net/mlx5e: Reduce tc unsupported key print level (bsc#1012628). - net/mlx5: Maintain separate page trees for ECPF and PF functions (bsc#1012628). - net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled (bsc#1012628). - net/mlx5e: Fix CT rule + encap slow path offload and deletion (bsc#1012628). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (bsc#1012628). - net/mlx5e: Revert parameters on errors when changing trust state without reset (bsc#1012628). - net/mlx5e: Revert parameters on errors when changing MTU and LRO state without reset (bsc#1012628). - net/mlx5: CT: Fix incorrect removal of tuple_nat_node from nat rhashtable (bsc#1012628). - can: dev: prevent potential information leak in can_fill_info() (bsc#1012628). - ACPI/IORT: Do not blindly trust DMA masks from firmware (bsc#1012628). - of/device: Update dma_range_map only when dev has valid dma-ranges (bsc#1012628). - iommu/amd: Use IVHD EFR for early initialization of IOMMU features (bsc#1012628). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1012628). - nvme-multipath: Early exit if no path is available (bsc#1012628). - selftests: forwarding: Specify interface when invoking mausezahn (bsc#1012628). - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1012628). - NFC: fix resource leak when target index is invalid (bsc#1012628). - NFC: fix possible resource leak (bsc#1012628). - ASoC: mediatek: mt8183-da7219: ignore TDM DAI link by default (bsc#1012628). - ASoC: mediatek: mt8183-mt6358: ignore TDM DAI link by default (bsc#1012628). - ASoC: topology: Properly unregister DAI on removal (bsc#1012628). - ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values() (bsc#1012628). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1012628). - team: protect features update by RCU to avoid deadlock (bsc#1012628). - tcp: make TCP_USER_TIMEOUT accurate for zero window probes (bsc#1012628). - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN (bsc#1012628). - vsock: fix the race conditions in multi-transport support (bsc#1012628). - Update patches.suse/acpi_thermal_passive_blacklist.patch (bsc#333043). - commit 3527948 ==== kmod ==== Subpackages: libkmod2 - Fix tests to not test disabled features. Disable zstd again. + kmod-populate-modules-Use-more-bash-more-quotes.patch + kmod-testsuite-compress-modules-if-feature-is-enabled.patch + kmod-also-test-xz-compression.patch ==== kustomize ==== Version update (3.9.2 -> 3.10.0) - Update to version 3.10.0 - Pin to api v0.8.0 - Delete dependence on k8s.io/... - Unpin from api. - Refresh vendor.tar.xz ==== libapparmor ==== - merge libapparmor.changes into apparmor.changes - define %_pamdir for <= 15.x to fix the build on those releases - add apache-extra-profile-include-if-exists.diff: make include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) - prepare usrmerge (boo#1029961) * use %_pamdir ==== libcap ==== Version update (2.47 -> 2.48) - update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0 ==== libevent ==== - Drop insserv_prereq and fillup_prereq macros: there are no pre-scripts that would justify these dependencies. ==== libressl ==== Version update (3.2.3 -> 3.2.4) Subpackages: libcrypto46 libssl48 libtls20 - Update to release 3.2.4 * Switch back to certificate verification code from LibreSSL 3.1.x. The new verifier is not bug compatible with the old verifier causing issues with applications expecting behavior of the old verifier. * Unbreak DTLS retransmissions for flights that include a CCS. * Implement autochain for the TLSv1.3 server. * Use the legacy verifier for autochain. * Implement exporter for TLSv1.3. * Plug leak in x509_verify_chain_dup(). ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Add Recommends: selinux-autorelabel, which is very important for healthy use of the SELinux on the system (/.autorelabel mechanism) (bsc#1181837). ==== logrotate ==== Version update (3.17.0 -> 3.18.0) - Update to 3.18.0: * Allow UIDs and GIDs to be specified numerically * Add support for Zstandard compressed files * Make delaycompress not to fail with rotate 0 ==== nfs-client-provisioner ==== Version update (2.3.0+git20200220.a14bfd72 -> 4.0.0+git20210204.23ecb30) - Switch to kubernetes-sigs/nfs-subdir-external-provisioner - Update to version 4.0.0+git20210204.23ecb30: * Fix typo in CHANGELOG and change provisioner name to use the sigs namespace * Change the helm chart kubeVersion semver to include pre-releases * Update the README and deploy objects with better class names as examples ==== nghttp2 ==== Version update (1.42.0 -> 1.43.0) - update to 1.43.0: * doc: Make doc generation work with sphinx v3.3 * python: Require python3 for python bindings * python: Require python3 for python scripts * nghttpx: Make sure that Pool gets cleared when all buffers are returned * nghttpx: Choose ECDSA cert if compatible signature algorithm available * nghttpx: Add workaround to include ':' in backend pattern ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Add openssh-whitelist-syscalls.patch (bsc#1182232), fixing failure to accept connections on 32-bit platforms with glibc 2.33+. ==== perl-Bootloader ==== Version update (0.932 -> 0.933) - merge gh#openSUSE/perl-bootloader#133 - use shim on aarch64 (jsc#SLE-15823, jsc#SLE-15020) - 0.933 ==== pigz ==== Version update (2.4 -> 2.6) - update to 2.6: * Add --huffman/-H and --rle/U strategy options * Fix issue when compiling for no threads * Fail silently on a broken pipe * Add --alias/-A option to set .zip name for stdin input * Add --comment/-C option to add comment in .gz or .zip * Several bug and behavior fixes - drop fortify.patch: obsolete ==== pinentry ==== - add _multibuild to separate out gui client builds ==== procps ==== Version update (3.3.16 -> 3.3.17) Subpackages: libprocps8 - Add /usr/share/man/uk dir to file list for lang sub package - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Remove obsolete conditionals. - Remove obsolete --enable-oomem option. - Run spec-cleaner. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations issue #176 * kill: Pass int to signalled process merge #32 * pgrep: Pass int to signalled process merge #32 * pgrep: Check sanity of SG_ARG_MAX issue #152 * pgrep: Add older than selection merge #79 * pidof: Quiet mode merge #83 * pidof: show worker threads Redhat #1803640 * ps.1: Mention stime alias issue #164 * ps: check also match on truncated 16 char comm names * ps: Add exe output option Redhat #1399206 * ps: A lot more sorting available merge #99 * pwait: New command waits for a process merge #97 * sysctl: Match systemd directory order Debian #950788 * sysctl: Document directory order Debian #951550 * top: ensure config file backward compatibility Debian #951335 * top: add command line 'e' for symmetry with 'E' issue #165 * top: add '4' toggle for two abreast cpu display issue #172 * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch merge #114 * vmstat: Wide mode gives wider proc columns merge #48 * watch: Add environment variable for interval merge #62 * watch: Add no linewrap option issue #182 * watch: Support more colors merge #106,#109 * free,uptime,slabtop: complain about extra ops issue #181 - Remove now obsolete upstream patches * procps-check-sanity-of-SC_ARG_MAX.patch * procps-ng-3e1c00d0.patch - Port patches * procps-ng-3.3.10-integer-overflow.patch * procps-ng-3.3.10-large_pcpu.patch * procps-ng-3.3.8-accuracy.dif * procps-ng-3.3.8-bnc634840.patch * procps-ng-3.3.8-petabytes.patch * procps-ng-3.3.8-tinfo.dif * procps-ng-3.3.9-w-notruncate.diff * procps-v3.3.3-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff ==== python-Jinja2 ==== Version update (2.11.2 -> 2.11.3) - update to 2.11.3 * Improve the speed of the urlize filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part and only word characters in the TLD (CVE-2020-28493 bsc#1181944). ==== python-cffi ==== Version update (1.14.4 -> 1.14.5) - update to 1.14.5: * Source fix for old gcc versions ==== python-cryptography ==== Version update (3.3.1 -> 3.3.2) - update to 3.3.2: * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 ==== python-idna ==== Version update (2.10 -> 3.1) - update to 3.1: - Ensure license is included in package (Thanks, Julien Schueller) - No longer mark wheel has universal (Thanks, Matthieu Darbois) - Test on PowerPC using Travis CI - Python 2 is no longer supported (the 2.x branch supports Python 2, use "idna<3" in your requirements file if you need Python 2 support) - Support for V2 UTS 46 test vectors. ==== python-networkx ==== - Disable python36 build for good. Next up is SciPy 1.6.0 dropping Python 3.6 because of NEP 29. - Mark the doc package files as doc. ==== python-pyrsistent ==== - Remove remnant requirements of six and numpy: These are neither used anywhere in the package code, nor in the tests. ==== python-pytz ==== Version update (2020.5 -> 2021.1) - update to 2021.1: * update to IANA 2021a timezone release ==== python-pyzmq ==== Version update (20.0.0 -> 22.0.3) - Update to 22.0.3 * Fix fork-safety bug in garbage collection thread (regression in 20.0) when using subprocesses. - Changes in 22.0.1 * Fix type of Frame.bytes for non-copying recvs with CFFI backend (regression in 21.0) - Changes in 22.0.0 * This is a major release due to changes in wheels and building on Windows. Code changes from 21.0 are minimal. * Some typing fixes * Bump bundled libzmq to 4.3.4 - Relevant Changes in 21.0 * pyzmq 21 is a major version bump because of dropped support for old Pythons and some changes in packaging. CPython users should not face major compatibility issues if installation works at all :) PyPy users may see issues with the new implementation of send/recv. If you do, please report them! The big changes are: * drop support for Python 3.5. Python >= 3.6 is required * mypy type stubs, which should improve static analysis of pyzmq, especially for dynamically defined attributes such as zmq constants. These are new! Let us know if you find any issues. * support for zero-copy and sending bufferables with cffi backend. This is experimental! Please report issues. Packaging updates: * Require Python >= 3.6, required for good type annotation support * rework cffi backend in setup.py New features: * zero-copy support in CFFI backend (send(copy=False) now does something). * Support sending any buffer-interface-providing objects in CFFI backend. Bugs fixed: * Errors during teardown of asyncio Sockets - Don't test numpy on python36 flavor, because python36-numpy is no longer available in Tumbleweed (NEP 29) - Make sure we use the Cython backend, not CFFI, wich is for PyPy. * fixes gh#zeromq/pyzmq#1431 and gh#zeromq/pyzmq#1432 - Remove skip_test_tracker.patch - Got an oom error on the build service: Require at least 8GB of RAM through _constraints file ==== python-requests ==== - add 5711.patch from upstream instead to remove idna<3 pin - Don't pin idna<3 in the egg-info so that depending packages can install the new idna dropping python2 ==== python38 ==== - Add Obsoletes for python3-base when primary interpreter is set to properly replace it during upgrades. (bsc#1181324) - Provide %have_ for all python flavors gh#openSUSE/python-rpm-macros#96 - Add %python3_default and %default_python3 for the primary python3 flavor ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - Add Obsoletes for python3-base when primary interpreter is set to properly replace it during upgrades. (bsc#1181324) - Provide %have_ for all python flavors gh#openSUSE/python-rpm-macros#96 - Add %python3_default and %default_python3 for the primary python3 flavor ==== reiserfs ==== - Move soname link to library package ==== rpm ==== Subpackages: librpmbuild9 - Use shipped config.sub/config.guess instead of stone-aged from libtool - auto-config-update-aarch64-ppc64le.diff: update grep regex ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when efi=True - Added: * virt-uefi-fix-backport-312.patch * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * open-suse-3002.2-xen-grub-316.patch - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Added: * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Added: * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch ==== supportutils ==== Version update (3.1.13 -> 3.1.14) - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV ) #88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR - No longer truncates boot log (bsc#1181610) ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-nobody - system-user-tss.conf: Remove group entry, not needed and did contain syntax errors - remove duplicate group entry: - system-user-tftp.conf - system-user-uuidd.conf - system-user-uucp.conf - system-user-uucp.conf - system-user-ftp.conf - system-user-games.conf - system-user-news.conf ==== sysuser-tools ==== - Don't abort on unbound first argument - Remove sysusers/nscd workaround - Use systemd-sysusers only if /proc is mounted, don't require it - Set --replace option for systemd-sysusers - Ignore nscd return code - If systemd-sysusers is used to create a new user/group, invalidate the nscd passwd and group cache to make the new user/group visible immediately as workaround [bsc#1181121]. Needs to be removed after sytemd-sysusers get's fixed, since we invalidate the cache even if the user/group file wasn't changed. - An "u" in a sysusers.d file will create an user and a group. Create provides for both, user and group. - Use systemd-sysusers as default to create and update the user account. Fixes the problem that a modified sysusers config file get's ignored by useradd and adduser [bsc#1180549]. ==== transactional-update ==== Version update (2.28.3 -> 3.1.4) Subpackages: transactional-update-zypp-config - Version 3.1.4 - SELinux: Fix syncing of SELinux attributes when using overlays - SELinux: Tag the overlay directory itself (again) - Version 3.1.3 - Fix overlay syncing on SELinux systems - Fix resuming transactions where the parent does not exist any more - Version 3.1.2 - libtukit: Report when application was terminated due to a signal, and return the signal number as a return value. This will cause the transaction to be aborted when called via `execute`. - libtukit: Set PATH variable for internal commands to fixed value to find the helper applications, as in some environments such as PolicyKit PATH wouldn't be set. - Fix compiler warnings - Version 3.1.1 - Fix hang in tukit on aarch64 [bsc#1181844] - Prevent deletion of snapshots when resuming a snapshot where no transaction is open - Make tukit work in non-dbus environments [boo#1181934] - Version 3.1.0 - t-u: Support installing RPMs from the user's directory again - Adapt selfupdate to new packaging - Implement signal handling - Remove empty text files - Add libselinux build time dependency - Remove RPM version check - Fix libstdc++ filesystem ABI incompatibility by using newer gcc version on old distributions. [boo#1181582] - Rework packaging based on Fedora packaging to separate all the components to remove the intrinsic requirement for Zypper - Version 3.0.0 - This release changes the internal structure, but should be identical to the previous release feature wise. - Major parts of the previous Bash only application have been rewritten in C++ with the goal to provide an API around transactions; the transactional-update script is using that new interface internally already, however the API should be considered experimental for now - if you are interested to use it, please notify us in https://github.com/openSUSE/transactional-update/issues/52 - A new tool called "tukit" provides a C++ tool that can be wrapped by scripts to leverage the functionality. Please consider it experimental for now, the commands may still change. - Bugfixes: - Implement support for system offline update [boo#1180808] - Add statistics files to update environment [boo#1173282] ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - libmount: don't use "symfollow" for helpers on user mounts (boo#1181750, util-linux-libmount-dont-use-symfollow.patch) - Override GTKDOCIZE with /bin/true so we can run autoreconf without needing gtk-doc as a dependency. ==== util-linux-systemd ==== - libmount: don't use "symfollow" for helpers on user mounts (boo#1181750, util-linux-libmount-dont-use-symfollow.patch) - Override GTKDOCIZE with /bin/true so we can run autoreconf without needing gtk-doc as a dependency. ==== weave ==== Version update (2.7.0 -> 2.8.1) - Add init.sh for init container - Update to version 2.8.1 - Kubernetes: move kernel and CNI setup to init container - For K8s, stop running in host PID namespace - NetworkPolicy: avoid logging dropped packets that were not actually dropped - Use go 1.15 ==== wpa_supplicant ==== - Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777)