Packages changed: Imath (3.1.2 -> 3.1.3) colord dracut (055+suse.142.g7d8c3ce3 -> 055+suse.179.g3cf989c2) gdbm (1.20 -> 1.22) gnome-shell (41.1 -> 41.2) gnome-shell-extensions (41.0 -> 41.1) gstreamer-plugins-bad hplip hwinfo (21.78 -> 21.80) installation-images-MicroOS (17.28 -> 17.30) iputils (20210722 -> 20211215) kernel-source (5.15.7 -> 5.15.8) libgcrypt libostree (2020.8 -> 2021.6) mutter (41.1 -> 41.2) ncurses (6.3.20211120 -> 6.3.20211127) neon (0.31.2 -> 0.32.1) openssl-1_1 openvpn p11-kit pam pango (1.48.10 -> 1.50.1) pangomm1_4 (2.46.1 -> 2.46.2) patterns-base pipewire (0.3.40 -> 0.3.42) polkit-default-privs (1550+20211209.8ce206c -> 1550+20211214.daf2765) python-SQLAlchemy (1.4.26 -> 1.4.27) qemu rav1e (0.5.0+0 -> 0.5.1+0) runc (1.0.3 -> 1.1.0~rc1) sensors shadow upower util-linux util-linux-systemd webkit2gtk3 webkit2gtk3-soup2 wireless-regdb (20210828 -> 20211209) wireplumber xfsprogs (5.14.0 -> 5.14.2) xorg-x11-server (21.1.1 -> 21.1.2) yast2 (4.4.27 -> 4.4.30) zxing-cpp === Details === ==== Imath ==== Version update (3.1.2 -> 3.1.3) - version update to 3.1.3 * Patch release with miscellaneous fixes * Fix undefined access of a vector when empty * Require sphinx 4.0.3 * Build sphinx/doxygen docs with CMake * Use PYIMATH_OVERRIDE_PYTHON_INSTALL_DIR to specify destination python modules * Guard `__has_attribute` for compilers that don't support it * Cuda safety fixes * Replace stray Imath:: with IMATH_INTERNAL_NAMESPACE:: ==== colord ==== Subpackages: colord-color-profiles libcolord2 libcolorhug2 - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_colord.service.patch ==== dracut ==== Version update (055+suse.142.g7d8c3ce3 -> 055+suse.179.g3cf989c2) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 055+suse.179.g3cf989c2: * fix(cpio): write zeros instead of seek for padding and alignment (bsc#1190982) * fix(dracut.sh): check kernel zstd support early * fix(dracut.sh): check availability of configured compression * fix(dracut.sh): inform user about auto-selected compression method * fix(dracut.sh): drop pointless check for module compression method * chore(suse): add dracut-cpio archiver (jsc#SLE-16157) * ci(TEST-63-DRACUT-CPIO): kernel extraction tests for dracut-cpio * feat(dracut.sh): add "--enhanced-cpio" option for calling dracut-cpio * feat(Makefile): cargo wrapper for dracut-cpio build * feat(cpio): add newc archive creation utility * feat(cpio): add rust argument parsing library from crosvm * ci(TEST-62-SKIPCPIO): add simple skipcpio test * ci(test): export basedir and testdir as absolute paths * ci(TEST-60-BONDBRIDGEVLANIFCFG): use toplevel Makefile * fix(dracut.spec): check for non-usrmerged environments * fix(zfcp_rules): add quotes around rule installation argument * fix(zipl): correct argument for uuid to device conversion * fix(fips): missing value of _vmname variable (bsc#1193267) - Update to version 055+suse.158.g51e87247: * chore(suse): add fido2 module (jsc#SLE-21070) * feat(crypt): check if fido2 module is needed in hostonly mode (jsc#SLE-21070) * feat(fido2): introducing the fido2 module (jsc#SLE-21070) * feat(crypt): check if tpm2-tss module is needed in hostonly mode (jsc#SLE-21070) * fix(dracut-functions.sh): get block device driver if in a virtual subsystem (bsc#1189776) * fix(mdraid): allow UUID comparison for more than one UUID (bsc#1192665) * fix(dracut.spec): update dependency for suse-module-tools * fix(network-legacy): route parsing issues in ifup (bsc#1182688) * fix(systemd-udevd): make collect optional (bsc#1177870) ==== gdbm ==== Version update (1.20 -> 1.22) Subpackages: libgdbm6 libgdbm_compat4 - version update to 1.22 * Fix file header validation * Fix key verification in sequential access * Fix testing with DejaGNU 1.6.3 * Fix stack overflow in print_usage * Fix a leak of avail entry on pushing a new avail block * New gdbmtool variables: errorexit, errormask, trace, timing * etc. see CHANGES - modified patches % gdbm-no-build-date.patch (refreshed) ==== gnome-shell ==== Version update (41.1 -> 41.2) Subpackages: gnome-shell-calendar - Update to version 41.2: + Fix wrongly rejected D-Bus calls after gnome-shell restarts. + magnifier: Avoid offscreen rendering if possible. + Improve handling of all-day/zero-length events in calendar. + Keep keyboard focus in notification list after deleting message. + Misc. bug fixes and cleanups. + Updated translations. - Switch to git checkout of released tag via source service. ==== gnome-shell-extensions ==== Version update (41.0 -> 41.1) Subpackages: gnome-shell-classic gnome-shell-extensions-common - Update to version 41.1: + native-window-placement: Fix distorted layout in app grid. + window-list: Fix on-screen keyboard. + Misc. bug fixes. + Updated translations. ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Add 2564.patch: Allow to build against Neon 0.32.x. ==== hplip ==== - Replace keys.openpgp.org with pgp.surf.nl (bsc#1193656) * gpg refuses to load the key from keys.openpgp.org. - Add build dependency on python-rpm-macros (bsc#1193718) - Replace pool.sks-keyservers.net by keys.openpgp.org (bsc#1193656) ==== hwinfo ==== Version update (21.78 -> 21.80) - merge gh#openSUSE/hwinfo#109 - fix logic around cdrom detection - 21.80 - merge gh#openSUSE/hwinfo#108 - Donot close the open tray after read_cdrom_info. - Donot close the open tray after read. - 21.79 ==== installation-images-MicroOS ==== Version update (17.28 -> 17.30) - merge gh#openSUSE/installation-images#555 - don't add Y2* install boot options to target system (jsc#SLE-21308) - 17.30 - merge gh#openSUSE/installation-images#552 - etc: update module.config to match 5.16 - etc/module.config: sort the network modules - kernel 5.16 update - 17.29 ==== iputils ==== Version update (20210722 -> 20211215) - Update to version 20211215 https://github.com/iputils/iputils/releases/tag/20211215 - rarpd and rdisc are going to be removed in next release (https://github.com/iputils/iputils/issues/363) therefore don't pack it since this release - Drop harden_rdisc.service.patch, which was 1) merged upstream 4bb0ace ("systemd: Add ProtectHostname, ProtectKernelLogs") for all services 2) we don't build rdisc since this release ==== kernel-source ==== Version update (5.15.7 -> 5.15.8) - Revert "- rpm/*build: use buildroot macro instead of env variable" buildroot macro is not being expanded inside a shell script. go back to the environment variable usage. This reverts parts of commit e2f60269b9330d7225b2547e057ef0859ccec155. - commit fe85f96 - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - commit a631240 - Linux 5.15.8 (bsc#1012628). - bpf: Add selftests to cover packet access corner cases (bsc#1012628). - clocksource/drivers/dw_apb_timer_of: Fix probe failure (bsc#1012628). - misc: fastrpc: fix improper packet size calculation (bsc#1012628). - irqchip: nvic: Fix offset for Interrupt Priority Offsets (bsc#1012628). - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (bsc#1012628). - aio: Fix incorrect usage of eventfd_signal_allowed() (bsc#1012628). - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (bsc#1012628). - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (bsc#1012628). - irqchip/aspeed-scu: Replace update_bits with write_bits (bsc#1012628). - csky: fix typo of fpu config macro (bsc#1012628). - bus: mhi: core: Add support for forced PM resume (bsc#1012628). - bus: mhi: pci_generic: Fix device recovery failed issue (bsc#1012628). - nvmem: eeprom: at25: fix FRAM byte_len (bsc#1012628). - misc: rtsx: Avoid mangling IRQ during runtime PM (bsc#1012628). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (bsc#1012628). - iio: ad7768-1: Call iio_trigger_notify_done() on error (bsc#1012628). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (bsc#1012628). - iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda (bsc#1012628). - iio: at91-sama5d2: Fix incorrect sign extension (bsc#1012628). - iio: dln2: Check return value of devm_iio_trigger_register() (bsc#1012628). - iio: dln2-adc: Fix lockdep complaint (bsc#1012628). - iio: itg3200: Call iio_trigger_notify_done() on error (bsc#1012628). - iio: kxsd9: Don't return error code in trigger handler (bsc#1012628). - iio: ltr501: Don't return error code in trigger handler (bsc#1012628). - iio: mma8452: Fix trigger reference couting (bsc#1012628). - iio: stk3310: Don't return error code in interrupt handler (bsc#1012628). - iio: trigger: stm32-timer: fix MODULE_ALIAS (bsc#1012628). - iio: trigger: Fix reference counting (bsc#1012628). - iio: gyro: adxrs290: fix data signedness (bsc#1012628). - xhci: avoid race between disable slot command and host runtime suspend (bsc#1012628). - usb: core: config: using bit mask instead of individual bits (bsc#1012628). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (bsc#1012628). - usb: core: config: fix validation of wMaxPacketValue entries (bsc#1012628). - Revert "usb: dwc3: dwc3-qcom: Enable tx-fifo-resize property by default" (bsc#1012628). - USB: gadget: zero allocate endpoint 0 buffers (bsc#1012628). - USB: gadget: detect too-big endpoint 0 requests (bsc#1012628). - selftests/fib_tests: Rework fib_rp_filter_test() (bsc#1012628). - net/qla3xxx: fix an error code in ql_adapter_up() (bsc#1012628). - net, neigh: clear whole pneigh_entry at alloc time (bsc#1012628). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (bsc#1012628). - net: altera: set a couple error code in probe() (bsc#1012628). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (bsc#1012628). - tools build: Remove needless libpython-version feature check that breaks test-all fast path (bsc#1012628). - dt-bindings: net: Reintroduce PHY no lane swap binding (bsc#1012628). - Documentation/locking/locktypes: Update migrate_disable() bits (bsc#1012628). - perf tools: Fix SMT detection fast read path (bsc#1012628). - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (bsc#1012628). - Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge" (bsc#1012628). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (bsc#1012628). - bpf, sockmap: Re-evaluate proto ops when psock is removed from sockmap (bsc#1012628). - mtd: rawnand: fsmc: Fix timing computation (bsc#1012628). - mtd: rawnand: fsmc: Take instruction delay into account (bsc#1012628). - i40e: Fix pre-set max number of queues for VF (bsc#1012628). - i40e: Fix failed opcode appearing if handling messages from VF (bsc#1012628). - clk: qcom: clk-alpha-pll: Don't reconfigure running Trion (bsc#1012628). - clk: imx: use module_platform_driver (bsc#1012628). - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (bsc#1012628). - RDMA/hns: Do not destroy QP resources in the hw resetting phase (bsc#1012628). - RDMA/hns: Do not halt commands during reset until later (bsc#1012628). - ASoC: codecs: wcd934x: return correct value from mixer put (bsc#1012628). - ASoC: codecs: wcd934x: handle channel mappping list correctly (bsc#1012628). - ASoC: codecs: wsa881x: fix return values from kcontrol put (bsc#1012628). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (bsc#1012628). - ASoC: rt5682: Fix crash due to out of scope stack vars (bsc#1012628). - PM: runtime: Fix pm_runtime_active() kerneldoc comment (bsc#1012628). - qede: validate non LSO skb length (bsc#1012628). - ALSA: usb-audio: Reorder snd_djm_devices[] entries (bsc#1012628). - scsi: scsi_debug: Fix buffer size of REPORT ZONES command (bsc#1012628). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (bsc#1012628). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1012628). - i2c: mpc: Use atomic read and fix break condition (bsc#1012628). - tracefs: Set all files to the same group ownership as the mount option (bsc#1012628). - aio: fix use-after-free due to missing POLLFREE handling (bsc#1012628). - aio: keep poll requests on waitqueue until completed (bsc#1012628). - signalfd: use wake_up_pollfree() (bsc#1012628). - binder: use wake_up_pollfree() (bsc#1012628). - wait: add wake_up_pollfree() (bsc#1012628). - io_uring: ensure task_work gets run as part of cancelations (bsc#1012628). - libata: add horkage for ASMedia 1092 (bsc#1012628). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (bsc#1012628). - thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL (bsc#1012628). - clk: qcom: regmap-mux: fix parent clock lookup (bsc#1012628). - mmc: renesas_sdhi: initialize variable properly when tuning (bsc#1012628). - hwmon: (pwm-fan) Ensure the fan going on in .probe() (bsc#1012628). - selftests: KVM: avoid failures due to reserved HyperTransport region (bsc#1012628). - tracefs: Have new files inherit the ownership of their parent (bsc#1012628). - nfsd: Fix nsfd startup race (again) (bsc#1012628). - nfsd: fix use-after-free due to delegation race (bsc#1012628). - md: fix update super 1.0 on rdev size change (bsc#1012628). - perf intel-pt: Fix error timestamp setting on the decoder error path (bsc#1012628). - perf intel-pt: Fix missing 'instruction' events with 'q' option (bsc#1012628). - perf intel-pt: Fix next 'err' value, walking trace (bsc#1012628). - perf intel-pt: Fix state setting when receiving overflow (OVF) packet (bsc#1012628). - perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type (bsc#1012628). - perf intel-pt: Fix sync state when a PSB (synchronization) packet is found (bsc#1012628). - perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage (bsc#1012628). - btrfs: free exchange changeset on failures (bsc#1012628). - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (bsc#1012628). - btrfs: fix re-dirty process of tree-log nodes (bsc#1012628). - btrfs: clear extent buffer uptodate when we fail to write it (bsc#1012628). - scsi: qla2xxx: Format log strings only if needed (bsc#1012628). - cifs: Fix crash on unload of cifs_arc4.ko (bsc#1012628). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (bsc#1012628). - ALSA: pcm: oss: Limit the period size to 16MB (bsc#1012628). - ALSA: pcm: oss: Fix negative period/buffer sizes (bsc#1012628). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (bsc#1012628). - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (bsc#1012628). - ALSA: ctl: Fix copy of updated id with element read/write (bsc#1012628). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1012628). - mm/slub: fix endianness bug for alloc/free_traces attributes (bsc#1012628). - mm/damon/core: fix fake load reports due to uninterruptible sleeps (bsc#1012628). - timers: implement usleep_idle_range() (bsc#1012628). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (bsc#1012628). - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req (bsc#1012628). - KVM: x86: Don't WARN if userspace mucks with RCX during string I/O exit (bsc#1012628). - net: mvpp2: fix XDP rx queues registering (bsc#1012628). - net/sched: fq_pie: prevent dismantle issue (bsc#1012628). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (bsc#1012628). - net: dsa: mv88e6xxx: error handling for serdes_power functions (bsc#1012628). - net: bcm4908: Handle dma_set_coherent_mask error codes (bsc#1012628). - devlink: fix netns refcount leak in devlink_nl_cmd_reload() (bsc#1012628). - IB/hfi1: Correct guard on eager buffer deallocation (bsc#1012628). - iavf: Fix reporting when setting descriptor count (bsc#1012628). - iavf: restore MSI state on reset (bsc#1012628). - netfilter: conntrack: annotate data-races around ct->timeout (bsc#1012628). - netfilter: nft_exthdr: break evaluation if setting TCP option fails (bsc#1012628). - udp: using datalen to cap max gso segments (bsc#1012628). - seg6: fix the iif in the IPv6 socket control block (bsc#1012628). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1012628). - bonding: make tx_rebalance_counter an atomic (bsc#1012628). - ethtool: do not perform operations on net devices being unregistered (bsc#1012628). - ice: ignore dropped packets during init (bsc#1012628). - bpf: Fix the off-by-two error in range markings (bsc#1012628). - bpf: Make sure bpf_disable_instrumentation() is safe vs preemption (bsc#1012628). - bpf, sockmap: Attach map progs to psock early for feature probes (bsc#1012628). - bpf, x86: Fix "no previous prototype" warning (bsc#1012628). - vrf: don't run conntrack on vrf with !dflt qdisc (bsc#1012628). - selftests: netfilter: add a vrf+conntrack testcase (bsc#1012628). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (bsc#1012628). - platform/x86: amd-pmc: Fix s2idle failures on certain AMD laptops (bsc#1012628). - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1012628). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (bsc#1012628). - net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's" (bsc#1012628). - can: m_can: Disable and ignore ELO interrupt (bsc#1012628). - can: m_can: pci: fix iomap_read_fifo() and iomap_write_fifo() (bsc#1012628). - can: m_can: pci: fix incorrect reference clock rate (bsc#1012628). - can: m_can: m_can_read_fifo: fix memory leak in error branch (bsc#1012628). - can: pch_can: pch_can_rx_normal: fix use after free (bsc#1012628). - can: sja1000: fix use after free in ems_pcmcia_add_card() (bsc#1012628). - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter (bsc#1012628). - can: kvaser_usb: get CAN clock frequency from device (bsc#1012628). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (bsc#1012628). - IB/hfi1: Fix early init panic (bsc#1012628). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (bsc#1012628). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1012628). - platform/x86/intel: hid: add quirk to support Surface Go 3 (bsc#1012628). - HID: Ignore battery for Elan touchscreen on Asus UX550VE (bsc#1012628). - HID: sony: fix error path in probe (bsc#1012628). - mmc: spi: Add device-tree SPI IDs (bsc#1012628). - mtd: dataflash: Add device-tree SPI IDs (bsc#1012628). - HID: check for valid USB device for many HID drivers (bsc#1012628). - HID: wacom: fix problems when device is not a valid USB device (bsc#1012628). - HID: bigbenff: prevent null pointer dereference (bsc#1012628). - HID: add USB_HID dependancy on some USB HID drivers (bsc#1012628). - HID: add USB_HID dependancy to hid-chicony (bsc#1012628). - HID: add USB_HID dependancy to hid-prodikeys (bsc#1012628). - HID: add hid_is_usb() function to make it simpler for USB detection (bsc#1012628). - HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested (bsc#1012628). - HID: google: add eel USB id (bsc#1012628). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (bsc#1012628). - usb: gadget: uvc: fix multiple opens (bsc#1012628). - commit 3f92609 - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - commit 301a3a7 - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - commit e2f6026 - Update BT fix patch for regression with 8087:0026 device (bsc#1193124) Also corrected the references and patch description - commit 634695b ==== libgcrypt ==== - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480] * gcry_mpi_sub_ui: fix subtracting from negative value * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch ==== libostree ==== Version update (2020.8 -> 2021.6) Subpackages: libostree-1-1 - Update to version 2021.6: + Most of the fixes are related to warnings highlighted by gcc - fanalyzer static source analysis. + Performance of pruning logic has been improved, avoiding unnecessary trips through redundant serialization. + A regression has been fixed so that ostree is properly behaving again when used from the initramfs, at a point where /sysroot may not be mounted yet. + A race condition related to sysroot.readonly has been addressed by directly setting up sysroot readonly in initramfs. - Changes from version 2020.8 to 2021.5 please see upstreams list https://github.com/ostreedev/ostree/releases - Switch to obs_scm from tar_scm, and use obscpio instead of generated tarball. Also stop autogeneration of .changes, upstream now have proper release notes that should be used. - Use ldconfig_scriptlets macro for post(un) handling for shared library, modernize spec. ==== mutter ==== Version update (41.1 -> 41.2) - Update to version 41.2: + Fix blank screen when unplugging docking station. + Prefer GBM over EGLStream where possible. + Fix unredirected Xwayland windows not getting updated. + Improve anti-aliasing of background corners. + Copy damage rectangles to secondary GPU + Improve Wacom tablet mapping. + Fixed crashes. + Misc. bug fixes and cleanups. + Updated translations. - Switch to git checkout of released tag via source service. ==== ncurses ==== Version update (6.3.20211120 -> 6.3.20211127) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20211127 + fix errata in description fields (report by Eric Lindblad) -TD + add x10term+sl, aixterm+sl, ncr260vp+sl, ncr260vp+vt, wyse+sl -TD - Correct offsets of patch ncurses-6.3.dif ==== neon ==== Version update (0.31.2 -> 0.32.1) - update to 0.32.1: * Fix configure CFLAGS handling in Kerberos detection. - includes changes from 0.32.0: * NE_AUTH_DIGEST now only enables RFC 2617/7616 auth by default; to enable weaker RFC 2069 Digest, use NE_AUTH_LEGACY_DIGEST (treated as a security enhancement, not an API/ABI break) * Interface additions and bug fixes - drop patches: * neon-0.31.2-sha1-tests.patch * neon-0.31.2-CA-tests.patch ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. ==== openvpn ==== - Drop 0001-preform-deferred-authentication-in-the-background.patch Upstream has meanwhile solved this differently and the two implementations interfere (boo#1193017). - Obsoleted SLE patches up to this point: * openvpn-CVE-2020-15078.patch * openvpn-CVE-2020-11810.patch * openvpn-CVE-2018-7544.patch * openvpn-CVE-2018-9336.patch ==== p11-kit ==== Subpackages: libp11-kit0 p11-kit-tools - Enable systemd support ==== pam ==== Subpackages: pam_unix - Drop pam_umask-usergroups-login_defs.patch, does more harm than helps. If not explizit specified as module option, we use UMASK from login.defs unmodified. ==== pango ==== Version update (1.48.10 -> 1.50.1) Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Update to version 1.50.1: + Fix a crash in tab handling. + Fix tab positioning without line wrapping. + Fix an assertion failure found by fuzzing. + Make underlines work again for broken fonts. - Update to version 1.50.0: + Fix glyph placement in gravity east + Fix line heights in improper gravities + Only shown selected ignorables with nicks + Support tab alignments other than left + Support custom decimal points on decimal tabs + Fix a pango-view crash + Optimize handling of many tabs + Drop json-glib dependency - Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed. - Update to version 1.49.4: + Require fontconfig 2.13 + Require harfbuzz 2.6 + Many fixes to line breaking accuracy + coretext: Correctly clamp text weights at min/max values + Add serialization api for PangoLayout, PangoFont and PangoAttrList + Require json-glib + tests: - Use serialized layouts for test cases - Include fonts in git + pango-view: Accept serialized layouts + Fix a rounding problem with font metrics + Fix visible space display using ? - Changes from version 1.49.3: + Fix hinting of glyph metrics + Fix logical glyph extents in vertical gravities + Visualize more default-ignorable glyphs + Fix advance widths in transformed contexts + Implement Small Caps and other casing variations - Changes from version 1.49.2: + Update Unicode data to Unicode 14 + Fix underlining of spaces + Round font metrics when appropriate + Fix some corner cases of cursor positioning + Handle Catalan middle-dot in text segmentation - Changes from version 1.49.1: + Only recompute log attrs when needed + Validate log attrs + Fix conformance issues in Thai and Indic linebreaking + Add pango_attr_break to support customizing line and word breaks + Add font-dependent baseline shifts and sizing for super- and subscripts + Improve hyphenation support + pango-view: - Visualize caret positions and slopes - Show glyph rects - Make --annotate easier to use + Add pango_layout_get_caret_pos to support sloped carets + Improve caret positioning for ligatures + Better under- and overline placement + layout: - Allocate a bit less - Fix cluster extents with rise + Add pango_layout_iter_get_run_baseline + Add pango_glyph_string_index_to_x_full + coretext: Set size on font descriptions + Add color information to PangoGlyphVisAttr - Changes from version 1.49.0: + Require fribidi 1.0.6 + Fix threadsafety issues with Thai + Fix a rounding problem on i386 + Fix font choice for ellipsis + New api: - pango_font_get_languages - Introspection helpers for attributes + Ignore width in horizontal context when itemizing + markup: - Allow specifying size and rise in points - Allow specifying size as percentage + Rewrite pango_layout_move_cursor_visually + Add a line-height attribute and make logical line extents respect it + Add pango_justify_last_line + Add pango_shape_item + Add a text-transform attribute and implement it + Clean up fribidi api usage + Fix a bug in the gravity data table + pango-view: Improve the --annotate option + Fix a possible crash in rendering strikethroughs - Add pkgconfig(json-glib-1.0) BuildRequires, new dependency. ==== pangomm1_4 ==== Version update (2.46.1 -> 2.46.2) - Switch back to released tarballs: Stop passing maintainer-mode=true to meson and remove m4, mm-common and perl(XML::Parser) BuildRequires, as this was all only needed to build a git-checkout. - Update to version 2.46.2: * Move to stable released tag, no code changes. - Update to version 2.46.1+7: * NMake Makefiles: Fix header installation * NMake Makefiles: Correct VS2019 toolset number * build: Support Visual Studio 2022 builds * docs/reference/Doxyfile.in: Remove obsolete entry * Don't include individual pango headers, part 2 * Don't include individual pango headers * Use pango from the main branch * 2.46.1 * Documentation: Let links point to pangomm-1.4 versions * Add dependencies to Doxygen tag files in subprojects - Switch to using a gitcheckout via source service. Pass maintainer-mode=true to meson and add m4, mm-common and perl(XML::Parser) BuildRequires, as this is needed with a git-checkout. ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Drop low-memory-monitor: It's not enabled by default, not used by any of the default applications and would conflict with other installed OOM handling daemons like earlyoom or oomd - Run pre_checkin.sh - base: favour psmisc over busybox-psmisc or other equivalents - enhanced_base: Recommend low-memory-monitor an early boot daemon to monitor memory pressure and react to low memory. - Run pre_checkin.sh to sync 32-bit patterns. ==== pipewire ==== Version update (0.3.40 -> 0.3.42) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Revert the merge of spa-plugins and modules into the library package. - Move some of the files between packages where they make more sense. - Rename the modules subpackage to modules-%{apiver_str} so it can be versioned more easily (there still are some unversioned files in the package, but it's a step in the right direction) - Remove unneccesary Conflicts with packages that are Obsoleted - Update to version 0.3.42: * Highlights - Fixes a bug in pulse-server underrun handling that broke qemu and orca. - A fix was added to pulse-server to handle quantum changes gracefully. - Fix module-echo-cancel again. - Fix a bug where the bluetooth headset capture was producing noise. - Remove the dependency on wireplumber-audio which was pulling in pulseaudio. We'll require wireplumber-audio directly from wireplumber. - Remove pipewire-rpmlintrc since the filters don't apply anymore - Merge the pipewire-spa-plugins-0_2 and pipewire-modules packages into the libpipewire package just as the fedora packages do and simplify the filelist a bit by using some recursive listing instead of explicitly listing all files. - Use the gcc9-c++ compiler in SLE/Leap so it builds successfully. - Update to version 0.3.41: * Highlights - Improved compatibility for flatpaks. Flatpaks with newer PipeWire version can connect to an older server in all cases. - A new RAOP module was added to stream to Apple Airplay devices. - OBS can now capture from the monitor devices again when using WirePlumber. - Improved JACK compatibility. Improved stability in Carla and Ardour when changing buffer size. Improved latency calculations and playback latency in Ardour. - Improved pulse-server handling of underruns and buffer size changes. - Many bugfixes and improvements. * PipeWire - The systemd service files now have better names. - client.access permission checks are improved. - Fix some memory leaks in error paths. - Objects now have a global serial number that is unique for the lifetime of the server. - Make clock.rate, clock.allowed-rates and clock.quantum runtime tunable parameters with the settings metadata. - Add some additional memory checks in client-node to avoid sending invalid memory to clients. (#1859) - Improve buffer memory allocation. If one of the nodes is a remote node, ensure we only use memory that can be shared. - Version checks when binding to objects is removed. This means that newer clients can now bind to older servers, which is a typical case for a flatpak. - A bug in the latency calculations was fixed where it would in some cases report the wrong minumum latency. * modules - module-echo-cancel has voice-detection enabled now. - module-raop-sink and module-raop-discover to stream audio to an Apple Airplay device. - module-filter-chain now has preliminary support for LV2 plugins. * SPA - The audio resampler now has improved buffer size calculations. In some cases it was too small and would cause distortions. - More checks are done when doing volume changes so that the channelmap is correct. - Audioadapter now exposes most config options with params so that they can be adjusted at runtime. - The resampler can now calculate the expected input buffer size before receiving the first buffer, which avoids some confusion when starting streams. - Support was added for some 10bit video formats. - MONO channel handling was improved. - Most plugins now set a clock name and this is configurable where it makes sense. The clock.system.monotonic clock name is used for most plugins that use the system clock for timing. * pulse-server - implement module-raop-discover - Use STREAM_CAPTURE_SINK property when capturing from a monitor source to better inform the session manager. This fixes some issues where OBS would capture from the microphone instead of the output monitor. - Limit the amount of cache messages to 16MB and don't add large memory blocks to the cache. This should fix some excessive memory usage that people reported. - Fix a potential memory leak when cleaning up a client. - Do some additional checks to avoid buffer overruns. - Improve recovery from underruns better. (#1857) This improves seeking in gnome-music. - Improve recovery when the quantum is forced larger that the stream configured latency. - The prebuf state is now handled correctly. * JACK - A per type object cache is now implemented. This ensures that port objects remain valid for a longer time because many JACK applications inspect objects after they are destroyed. This improves catia/carla compatibility. - Recompute the latencies when the buffer-size changes. Fix some cases where we would end up with negative latencies. - Handle regcomp errors to avoid some crashes later. - Latency calculations are improved a lot. - More care is taken to not call a process callback while a buffer size change is pending. This fixes some crashes in Carla, which expect that all clients are paused when one handles the buffersize callback. - Loopback links to a client are now handled correctly and without latency. This fixes playback latency in ardour6 (#1839) * ALSA - ALSA devices now keep track of the samplerate of the card and ensure that all PCM use the same rate. This is a workaround for a kernel bug that is fixed in 5.16. - Refactor the ALSA plugin a little. - The ALSA plugin now reports correct delay for a capture PCM. (#1697) - The ALSA nodes now expose all config options with params that can be changed at runtime. - The ALSA node has a configurable clock name. Adaptive resampling to match clock rates is avoided when the driver has the same clock name as the ALSA node. This can be used to link alsa devices together with a word clock. ==== polkit-default-privs ==== Version update (1550+20211209.8ce206c -> 1550+20211214.daf2765) - Update to version 1550+20211214.daf2765: * fwupd: tighten the downgrade rules (bsc#1193310) ==== python-SQLAlchemy ==== Version update (1.4.26 -> 1.4.27) - update to 1.4.27: Bugfixes * see https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.27 ==== qemu ==== - Reinstate Lin Ma's fixes for bsc#1192147 as they were submitted only to IBS. * Patches added: hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch pcie-rename-native-hotplug-to-x-native-h.patch - Rename the Guest Agent service qemu-guest-agent, like in other distros (and upstream). bsc#1185543 - disable QOM cast debug outside the testsuite as the corresponding asserts show up occassionally as top #1 in perf(1) traces under heavy virtio load - enable LTO when we'd like to use LTO ==== rav1e ==== Version update (0.5.0+0 -> 0.5.1+0) - Update to version 0.5.1+0: * Fix the dispatcher calling `avx2` code when the sub-architecture does not support it. ==== runc ==== Version update (1.0.3 -> 1.1.0~rc1) - Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has?exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. - Drop runc-rpmlintrc because we don't have runc-test anymore. ==== sensors ==== - Also remove ProtectKernelTunables from harden_fancontrol.service.patch, breaks service (boo#1193149) ==== shadow ==== Subpackages: login_defs - Really enable USERGROUPS_ENAB [bsc#1189139]. Did go lost during merges. ==== upower ==== Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 - Use libplist 2 starting from SLE15SP4 on. ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954) on released products. ==== util-linux-systemd ==== - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954) on released products. ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Typo fix for %define usegcc10. - Introduce usegcc10 %define in order to have the condition (0%{?sle_version} && 0%{?sle_version} <= 150400) only at one point. - Correct a very old "Obsoletes: webkit2gtk3-plugin-process-gtk2" to be a versioned obsoletes. - Make the earlier Obsoletes: libwebkit2gtk3-lang compliant with: https://en.opensuse.org/openSUSE:Upgrade_dependencies_explanation#Renaming_a_package ==== webkit2gtk3-soup2 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Typo fix for %define usegcc10. - Introduce usegcc10 %define in order to have the condition (0%{?sle_version} && 0%{?sle_version} <= 150400) only at one point. - Correct a very old "Obsoletes: webkit2gtk3-plugin-process-gtk2" to be a versioned obsoletes. - Make the earlier Obsoletes: libwebkit2gtk3-lang compliant with: https://en.opensuse.org/openSUSE:Upgrade_dependencies_explanation#Renaming_a_package ==== wireless-regdb ==== Version update (20210828 -> 20211209) - Update to version 20211209: * wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US ==== wireplumber ==== Subpackages: libwireplumber-0_4-0 wireplumber-audio - Remove many build dependencies which aren't really needed - Use %autosetup, apply patches unconditionally - Hard depend on wireplumber-audio if pipewire-pulseaudio is installed ==== xfsprogs ==== Version update (5.14.0 -> 5.14.2) - update to 5.14.2: - libxfs: move rogue fallthrough macro out of linux.h - libxfs: fix atomic64_t for 32-bit architectures - libfrog: fix crc32c self test code on cross builds ==== xorg-x11-server ==== Version update (21.1.1 -> 21.1.2) Subpackages: xorg-x11-server-Xvfb - Update to version 21.1.1 * This release fixes 4 recently reported security vulnerabilities and several regressions. * In particular, the real physical dimensions are no longer reported by the X server anymore as it was deemed to be a too disruptive change. X server will continue to report DPI as 96. - supersedes U_hw-xfree86-Propagate-physical-dimensions-from-DRM-co.patch - supersedes U_rendercompositeglyphs.patch - supersedes U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch - supersedes U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch - supersedes U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch - U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch * CVE-2021-4009/ZDI-CAN-14950 (bsc#1190487) The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. - U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch * CVE-2021-4010/ZDI-CAN-14951 (bsc#1190488) The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. - U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch * CVE-2021-4011/ZDI-CAN-14952 (bsc#1190489) The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. - U_rendercompositeglyphs.patch * X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access Privilege Escalation Vulnerability [CVE-2021-4008, ZDI-CAN-14192] (boo#1193030) - u_Support-configuration-files-under-run-X11-xorg.conf..patch - u_Add-udev-scripts-for-configuration-of-platform-devic.patch - u_Add-udev-rule-for-HyperV-devices.patch * Remove udev-based configuration - u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch * Restore simpledrm workaround - u_xf86-Accept-devices-with-the-hyperv_drm-driver.patch * Add workaround to support hyperv_drm ==== yast2 ==== Version update (4.4.27 -> 4.4.30) - Fixed RelURL to work properly with the FTP URLs (related to jsc#SLE-22669) - 4.4.30 - Fixed RelURL unit test randomly crashing (related to jsc#SLE-22669) - 4.4.29 - Added RelURL class for working with relative URLs ("relurl://") (jsc#SLE-22669) - 4.4.28 ==== zxing-cpp ==== - Update stb_image/stb_image_write to include the fixes for the following CVEs: CVE-2021-28021, bsc#1191743 CVE-2021-42715, bsc#1191942 CVE-2021-42716, bsc#1191944 * 269.patch