Packages changed: ModemManager (1.14.8 -> 1.18.6) avahi dracut (055+suse.226.g44139dde -> 055+suse.238.gacab0df5) file haproxy (2.5.1+git0.86b093a51 -> 2.5.4+git0.e55ab4208) installation-images-MicroOS (17.44 -> 17.45) kernel-source (5.16.10 -> 5.16.11) keylime (6.3.0 -> 6.3.1) libcap libglvnd libselinux libzypp (17.29.4 -> 17.29.5) ncurses (6.3.20220212 -> 6.3.20220219) psmisc selinux-policy setools systemd systemd-presets-common-SUSE vim (8.2.4375 -> 8.2.4456) zypper (1.14.51 -> 1.14.52) === Details === ==== ModemManager ==== Version update (1.14.8 -> 1.18.6) Subpackages: libmm-glib0 - Update to version 1.18.6: + The ModemManager.service file for systemd integration provided in the sources is updated as follows: ++ 'CAP_NET_ADMIN' is now required in the 'CapabilityBoundingSet' field. ++ 'AF_NETLINK' and 'AF_QIPCRTR' are now required in the 'RestrictAddressFamilies' field. + The LEGACY and PARANOID filter types that were allowed options in the '--filter-policy' option in the ModemManager daemon were deprecated in version 1.16.0 and have now been completely removed, along with the vid:pid blacklist of devices and the vid:pid greylist of RS232<->USB adapters. + The ModemManager daemon can run now in a 'quick suspend/resume' mode, in which no explicit data disconnection is triggered on suspend, and no explicit device re-probing from scratch is launched on resume. Instead, the daemon will try to refresh the state of all interfaces upon suspend, e.g. to see if the module keeps registered to the same operator, to see if it is still connected, and so on. + core: added support for the new 'WWAN' subsystem in Linux kernel 5.13, enabling PCIe-only modules. + core: The charset conversion methods rework, including the avoiding of the iconv() + qmi: the logic managing allowed/preferred modes was fixed for multimode devices like the MC7304, making sure the acquisition order preference always had the same items. + serial: when modem is connected with AT+PPP, ignore forced disconnections, so that we don't take ownership of the PPP port before pppd has released it. + foxconn: added support for the T99W175 (SDX55) module, including built-in FCC unlock procedure. + foxconn: added new MBIM QDU firmware update method. - Move the dbus-1 system.d file to /usr (bsc#1196170) - Use source verification - Update Supplements to new format - Add BRs needed for new tests: * python3-gobject-Gdk * python3-dbus-python ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 - switch to use _multibuild - delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete - use https urls ==== dracut ==== Version update (055+suse.226.g44139dde -> 055+suse.238.gacab0df5) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 055+suse.238.gacab0df5: * fix(cpio): correct dev_t -> rmajor/rminor mapping (bsc#1195808) * ci(cpio): add test_archive_dev_maj_min (bsc#1195808) * ci(cpio): add TempWorkDir.create_tmp_mknod helper (bsc#1195808) - Update to version 055+suse.234.gbdaf66ff: * fix(tpm2-tss): install SUSE specific files (bsc#1195984) * fix(systemd-sysusers): override systemd-sysusers.service (bsc#1195983) - Update to version 055+suse.230.g3fdde49a: * fix(dasd_rules): correct udev dasd rules parsing (bsc#1195309) * revert(lvm): remove 69-dm-lvm-metad.rules (bsc#1195604) ==== file ==== Subpackages: file-magic libmagic1 - Reenable libseccomp sandboxing - Fix previous entry: remove stray pkg-config call in CFLAGS (as it was called without parameters, it only made output on stderr, which did not impact CFLAGS; so de facto only a cleanup change). - Drop pkgconfig(libseccomp) BuildRequires and stop injecting libseccomp cflags into CFLAGS: libseccomp has been disabled for a long time already. - Move the special 'check' part from install to %check. ==== haproxy ==== Version update (2.5.1+git0.86b093a51 -> 2.5.4+git0.e55ab4208) - Update to version 2.5.4+git0.e55ab4208: * [RELEASE] Released version 2.5.4 * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * CI: github: enable pool debugging by default * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() * DOC: Fix usage/examples of deprecated ACLs * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message - apparmor: profile now needs access to /sys/devices/system/node/ - Update to version 2.5.3+git0.abf078b15: * [RELEASE] Released version 2.5.3 * DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected * BUG/MEDIUM: httpclient: limit transfers to the maximum available room * BUG/MINOR: tools: url2sa reads ipv4 too far * CLEANUP: httpclient/cli: fix indentation alignment of the help message * BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print * BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command * BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * BUG/MINOR: httpclient: reinit flags in httpclient_start() * MINOR: httpclient: Don't limit data transfer to 1024 bytes * BUG/MAJOR: compiler: relax alignment constraints on certain structures * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: sink: Use the right field in appctx context in release callback * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function - Update to version 2.5.2+git0.042feec44: (CVE-2022-0711 boo#1196408) * [RELEASE] Released version 2.5.2 * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change * REGTESTS: peers: leave a bit more time to peers to synchronize * REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MINOR: httpclient/cli: display junk characters in vsn * BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls * BUG/MINOR: jwt: Missing pkey free during cleanup * BUG/MINOR: jwt: Double free in deinit function * BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response " output * BUG/MEDIUM: httpclient: Xfer the request when the stream is created * BUG/MINOR: httpclient: Revisit HC request and response buffers allocation * BUG/MEDIUM: listener: read-lock the listener during accept() * MINOR: listener: replace the listener's spinlock with an rwlock * DEBUG: fd: make sure we never try to insert/delete an impossible FD number * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * DEBUG: pools: replace the link pointer with the caller's address on pool_free() * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool * DEBUG: pools: add extra sanity checks when picking objects from a local cache * BUG/MINOR: pools: always flush pools about to be destroyed * BUG/MINOR: mworker: does not add the -sf in wait mode * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY * BUILD: debug/cli: condition test of O_ASYNC to its existence * DEBUG: cli: add a new "debug dev fd" expert command * BUG/MINOR: stream: make the call_rate only count the no-progress calls * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MEDIUM: cli: Never wait for more data on client shutdown * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * DOC: management: mark "set server ssl" as deprecated * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl * BUILD/MINOR: fix solaris build with clang. * BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers * BUG/MINOR: httpclient: set default Accept and User-Agent headers * BUG/MINOR: httpclient: don't send an empty body * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: connection: properly leave stopping list on error ==== installation-images-MicroOS ==== Version update (17.44 -> 17.45) - merge gh#openSUSE/installation-images#580 - fix user/group creation in initrd (bsc#1196331) - 17.45 ==== kernel-source ==== Version update (5.16.10 -> 5.16.11) - Update config files. A vanilla fix for commit 17ec1907657a (simplefb: Enable boot time VESA graphic mode selection (bsc#1193250).) - commit 90630c5 - Linux 5.16.11 (bsc#1012628). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (bsc#1012628). - bpf: Introduce composable reg, ret and arg types (bsc#1012628). - bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL (bsc#1012628). - bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL (bsc#1012628). - bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL (bsc#1012628). - bpf: Introduce MEM_RDONLY flag (bsc#1012628). - bpf: Convert PTR_TO_MEM_OR_NULL to composable types (bsc#1012628). - bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM (bsc#1012628). - bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem (bsc#1012628). - bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1012628). - HID:Add support for UGTABLET WP5540 (bsc#1012628). - Revert "svm: Add warning message for AVIC IPI invalid target" (bsc#1012628). - parisc: Show error if wrong 32/64-bit compiler is being used (bsc#1012628). - serial: parisc: GSC: fix build when IOSAPIC is not set (bsc#1012628). - parisc: Drop __init from map_pages declaration (bsc#1012628). - parisc: Fix data TLB miss in sba_unmap_sg (bsc#1012628). - parisc: Fix sglist access in ccio-dma.c (bsc#1012628). - mmc: block: fix read single on recovery logic (bsc#1012628). - mm: don't try to NUMA-migrate COW pages that have other uses (bsc#1012628). - HID: amd_sfh: Add illuminance mask to limit ALS max value (bsc#1012628). - HID: i2c-hid: goodix: Fix a lockdep splat (bsc#1012628). - HID: amd_sfh: Increase sensor command timeout (bsc#1012628). - selftests: kvm: Remove absent target file (bsc#1012628). - HID: amd_sfh: Correct the structure field name (bsc#1012628). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1012628). - parisc: Add ioread64_lo_hi() and iowrite64_lo_hi() (bsc#1012628). - HID: apple: Set the tilde quirk flag on the Wellspring 5 and later (bsc#1012628). - btrfs: don't hold CPU for too long when defragging a file (bsc#1012628). - btrfs: send: in case of IO error log it (bsc#1012628). - btrfs: defrag: don't try to defrag extents which are under writeback (bsc#1012628). - ASoC: mediatek: fix unmet dependency on GPIOLIB for SND_SOC_DMIC (bsc#1012628). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (bsc#1012628). - platform/x86: ISST: Fix possible circular locking dependency detected (bsc#1012628). - platform/x86: amd-pmc: Correct usage of SMU version (bsc#1012628). - kunit: tool: Import missing importlib.abc (bsc#1012628). - selftests: rtc: Increase test timeout so that all tests run (bsc#1012628). - kselftest: signal all child processes (bsc#1012628). - selftests: netfilter: reduce zone stress test running time (bsc#1012628). - net: ieee802154: at86rf230: Stop leaking skb's (bsc#1012628). - selftests/zram: Skip max_comp_streams interface on newer kernel (bsc#1012628). - selftests/zram01.sh: Fix compression ratio calculation (bsc#1012628). - selftests/zram: Adapt the situation that /dev/zram0 is being used (bsc#1012628). - selftests: openat2: Print also errno in failure messages (bsc#1012628). - selftests: openat2: Add missing dependency in Makefile (bsc#1012628). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (bsc#1012628). - selftests: skip mincore.check_file_mmap when fs lacks needed support (bsc#1012628). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (bsc#1012628). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1012628). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (bsc#1012628). - vfs: make freeze_super abort when sync_filesystem returns error (bsc#1012628). - vfs: make sync_filesystem return errors from ->sync_fs (bsc#1012628). - quota: make dquot_quota_sync return errors from ->sync_fs (bsc#1012628). - scsi: pm80xx: Fix double completion for SATA devices (bsc#1012628). - kselftest: Fix vdso_test_abi return status (bsc#1012628). - scsi: core: Reallocate device's budget map on queue depth change (bsc#1012628). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (bsc#1012628). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1012628). - drm/amd: Warn users about potential s0ix problems (bsc#1012628). - mailmap: update Christian Brauner's email address (bsc#1012628). - nvme: fix a possible use-after-free in controller reset during load (bsc#1012628). - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1012628). - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1012628). - net: sparx5: do not refer to skb after passing it on (bsc#1012628). - drm/amd: add support to check whether the system is set to s3 (bsc#1012628). - drm/amd: Only run s3 or s0ix if system is configured properly (bsc#1012628). - drm/amdgpu: fix logic inversion in check (bsc#1012628). - x86/Xen: streamline (and fix) PV CPU enumeration (bsc#1012628). - Revert "module, async: async_synchronize_full() on module init iff async is used" (bsc#1012628). - gcc-plugins/stackleak: Use noinstr in favor of notrace (bsc#1012628). - random: wake up /dev/random writers after zap (bsc#1012628). - KVM: x86/xen: Fix runstate updates to be atomic when preempting vCPU (bsc#1012628). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (bsc#1012628). - KVM: x86: SVM: don't passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (bsc#1012628). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (bsc#1012628). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (bsc#1012628). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1012628). - iwlwifi: fix use-after-free (bsc#1012628). - drm/mediatek: mtk_dsi: Avoid EPROBE_DEFER loop with external bridge (bsc#1012628). - drm/radeon: Fix backlight control on iMac 12,1 (bsc#1012628). - drm/atomic: Don't pollute crtc_state->mode_blob with error pointers (bsc#1012628). - drm/amd/pm: correct the sequence of sending gpu reset msg (bsc#1012628). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (bsc#1012628). - drm/i915/opregion: check port number bounds for SWSCI display power state (bsc#1012628). - drm/i915: Fix dbuf slice config lookup (bsc#1012628). - drm/i915: Fix mbus join config lookup (bsc#1012628). - vsock: remove vsock from connected table when connect is interrupted by a signal (bsc#1012628). - tee: export teedev_open() and teedev_close_context() (bsc#1012628). - optee: use driver internal tee_context for some rpc (bsc#1012628). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1012628). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (bsc#1012628). - drm/i915/ttm: tweak priority hint selection (bsc#1012628). - iwlwifi: pcie: fix locking when "HW not ready" (bsc#1012628). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (bsc#1012628). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1012628). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1012628). - iwlwifi: mvm: don't send SAR GEO command for 3160 devices (bsc#1012628). - selftests: netfilter: fix exit value for nft_concat_range (bsc#1012628). - netfilter: nft_synproxy: unregister hooks on init error path (bsc#1012628). - selftests: netfilter: disable rp_filter on router (bsc#1012628). - ipv4: fix data races in fib_alias_hw_flags_set (bsc#1012628). - ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt (bsc#1012628). - ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1012628). - ipv6: per-netns exclusive flowlabel checks (bsc#1012628). - Revert "net: ethernet: bgmac: Use devm_platform_ioremap_resource_byname" (bsc#1012628). - mac80211: mlme: check for null after calling kmemdup (bsc#1012628). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (bsc#1012628). - cfg80211: fix race in netlink owner interface destruction (bsc#1012628). - net: dsa: lan9303: fix reset on probe (bsc#1012628). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (bsc#1012628). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (bsc#1012628). - net: dsa: lan9303: handle hwaccel VLAN tags (bsc#1012628). - net: dsa: lan9303: add VLAN IDs to master device (bsc#1012628). - net: ieee802154: ca8210: Fix lifs/sifs periods (bsc#1012628). - ping: fix the dif and sdif check in ping_lookup (bsc#1012628). - bonding: force carrier update when releasing slave (bsc#1012628). - mctp: fix use after free (bsc#1012628). - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit (bsc#1012628). - net_sched: add __rcu annotation to netdev->qdisc (bsc#1012628). - crypto: af_alg - get rid of alg_memory_allocated (bsc#1012628). - bonding: fix data-races around agg_select_timer (bsc#1012628). - nfp: flower: netdev offload check for ip6gretap (bsc#1012628). - net/smc: Avoid overwriting the copies of clcsock callback functions (bsc#1012628). - net: phy: mediatek: remove PHY mode check on MT7531 (bsc#1012628). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (bsc#1012628). - tipc: fix wrong publisher node address in link publications (bsc#1012628). - dpaa2-switch: fix default return of dpaa2_switch_flower_parse_mirror_key (bsc#1012628). - dpaa2-eth: Initialize mutex used in one step timestamping path (bsc#1012628). - net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() (bsc#1012628). - net: bridge: multicast: notify switchdev driver whenever MC processing gets disabled (bsc#1012628). - perf bpf: Defer freeing string after possible strlen() on it (bsc#1012628). - selftests/exec: Add non-regular to TEST_GEN_PROGS (bsc#1012628). - arm64: Correct wrong label in macro __init_el2_gicv3 (bsc#1012628). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (bsc#1012628). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (bsc#1012628). - ALSA: hda: Fix regression on forced probe mask option (bsc#1012628). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (bsc#1012628). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (bsc#1012628). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (bsc#1012628). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (bsc#1012628). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (bsc#1012628). - cifs: fix set of group SID via NTSD xattrs (bsc#1012628). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1012628). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (bsc#1012628). - powerpc/603: Fix boot failure with DEBUG_PAGEALLOC and KFENCE (bsc#1012628). - powerpc/lib/sstep: fix 'ptesync' build error (bsc#1012628). - mtd: rawnand: gpmi: don't leak PM reference in error path (bsc#1012628). - smb3: fix snapshot mount option (bsc#1012628). - tipc: fix wrong notification node addresses (bsc#1012628). - scsi: ufs: Remove dead code (bsc#1012628). - scsi: ufs: Fix a deadlock in the error handler (bsc#1012628). - ASoC: tas2770: Insert post reset delay (bsc#1012628). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (bsc#1012628). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1012628). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (bsc#1012628). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (bsc#1012628). - NFS: Do not report writeback errors in nfs_getattr() (bsc#1012628). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (bsc#1012628). - block: fix surprise removal for drivers calling blk_set_queue_dying (bsc#1012628). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (bsc#1012628). - mtd: parsers: qcom: Fix kernel panic on skipped partition (bsc#1012628). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (bsc#1012628). - mtd: phram: Prevent divide by zero bug in phram_setup() (bsc#1012628). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (bsc#1012628). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1012628). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1012628). - x86/ptrace: Fix xfpregs_set()'s incorrect xmm clearing (bsc#1012628). - ucounts: Base set_cred_ucounts changes on the real user (bsc#1012628). - ucounts: Handle wrapping in is_ucounts_overlimit (bsc#1012628). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1012628). - rlimit: Fix RLIMIT_NPROC enforcement failure caused by capability calls in set_user (bsc#1012628). - ucounts: Move RLIMIT_NPROC handling after set_user (bsc#1012628). - net: sched: limit TC_ACT_REPEAT loops (bsc#1012628). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (bsc#1012628). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (bsc#1012628). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (bsc#1012628). - tests: fix idmapped mount_setattr test (bsc#1012628). - i2c: qcom-cci: don't delete an unregistered adapter (bsc#1012628). - i2c: qcom-cci: don't put a device tree node before i2c_add_adapter() (bsc#1012628). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (bsc#1012628). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1012628). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (bsc#1012628). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1012628). - ice: enable parsing IPSEC SPI headers for RSS (bsc#1012628). - i2c: brcmstb: fix support for DSL and CM variants (bsc#1012628). - lockdep: Correct lock_classes index mapping (bsc#1012628). - HID: elo: fix memory leak in elo_probe (bsc#1012628). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (bsc#1012628). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (bsc#1012628). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (bsc#1012628). - KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a perf event (bsc#1012628). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (bsc#1012628). - ARM: OMAP2+: hwmod: Add of_node_put() before break (bsc#1012628). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (bsc#1012628). - phy: usb: Leave some clocks running during suspend (bsc#1012628). - staging: vc04_services: Fix RCU dereference check (bsc#1012628). - phy: phy-mtk-tphy: Fix duplicated argument in phy-mtk-tphy (bsc#1012628). - irqchip/sifive-plic: Add missing thead,c900-plic match string (bsc#1012628). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (bsc#1012628). - netfilter: conntrack: don't refresh sctp entries in closed state (bsc#1012628). - ksmbd: fix same UniqueId for dot and dotdot entries (bsc#1012628). - ksmbd: don't align last entry offset in smb2 query directory (bsc#1012628). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1012628). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (bsc#1012628). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (bsc#1012628). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (bsc#1012628). - pidfd: fix test failure due to stack overflow on some arches (bsc#1012628). - selftests: fixup build warnings in pidfd / clone3 tests (bsc#1012628). - mm: io_uring: allow oom-killer from io_uring_setup (bsc#1012628). - ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems" (bsc#1012628). - kconfig: let 'shell' return enough output for deep path names (bsc#1012628). - ata: libata-core: Disable TRIM on M88V29 (bsc#1012628). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (bsc#1012628). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (bsc#1012628). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (bsc#1012628). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (bsc#1012628). - display/amd: decrease message verbosity about watermarks table failure (bsc#1012628). - drm/amdgpu: add utcl2_harvest to gc 10.3.1 (bsc#1012628). - drm/amd/display: Cap pflip irqs per max otg number (bsc#1012628). - drm/amd/display: fix yellow carp wm clamping (bsc#1012628). - net: usb: qmi_wwan: Add support for Dell DW5829e (bsc#1012628). - net: macb: Align the dma and coherent dma masks (bsc#1012628). - kconfig: fix failing to generate auto.conf (bsc#1012628). - Update config files. - commit 607a2b1 - Refresh patches.suse/libsubcmd-Fix-use-after-free-for-realloc-.-0.patch. Update upstream status. - commit 1c604e1 - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - Update config files. - commit 4e672b2 - simplefb: Enable boot time VESA graphic mode selection (bsc#1193250). - Update config files. - commit 17ec190 - libsubcmd: Fix use-after-free for realloc(..., 0) (gcc 12). - commit 6e98c6d ==== keylime ==== Version update (6.3.0 -> 6.3.1) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Drop patches beacuse merged upstream: * version.diff * cloud_verifier_tornado-use-fork_processes.patch - Drop binaries not used anymore: * keylime_provider_platform_init * keylime_provider_registrar * keylime_provider_vtpm_add - Update to version v6.3.1: * revocation_notifier: mark webhook threads as daemon and add timeout * Fix Packit CI test plan Summary * Enable Packit CI testing on CentOS Stream 8 * Enable Packit CI testing on Fedora Rawhide * Remove last trace of TPM 1.2 (hopefully) * verifier: remove start_tornado() function * verifier: wait for connections to be closed before stopping ioloop * revocation_notifier: kill ZeroMQ broker if it blocks more than 5s * Add more e2e tests to Packit CI * Enable EPEL repo on CentOS Stream in packit.yaml * agent, crypto: add localhost, server and contact ip to agent certificate * Add better default repo path for run_local.sh * Fix incorrect variable name in test_restful * Run existing agent tests against the rust-keylime agent * Fix small wording mistakes caught while reading the code * agent: move key and certificate logging levels from debug to info * agent: allow absolute paths for rsa_keyname and mtls_cert * Add missing backend parameter * cloud_verifier_tornado: use fork_processes * ci: automatically push release to PyPI * setup.{py,cfg}: Move setup configuration to setup.cfg * Add iproute tool to Dockerfile * Pylint does not like single-line functions. * A small beauty fix * This is a small fix to proactively fix Issue #840 by identifying non-escaped double quotes in the tpm2-tools output * setup.py: add version number and new Python versions, drop unsed binaries * setup.py, config: install default configuration into package path * ci: move old keylime.conf to keylime.conf.orig before running tests * retry: fix pylint issue * Adding Infineon Optiga 034 RSA and ECC certificates for Infineon SLB9675 devices. * Ensure columns "mb_refstate" and "allowlist" are of type LONGTEXT in table "verifiermain" * tenant: add exponential backoff option to retry timings * cloud verifier: add exponential backoff option to retry timings * tpm: add exponential backoff option to retry timings * test, retry: add unit test for retry algorithm * common: add algorithm for retry time calculation * registrar, tpm_main: ensure that correct types are commited to DB. * Fix typo for config param listen_notifications * Lint is _really_ unhappy today. * Linty fixes * Adding a unit test file for tpm_main * tpm_main: check if PCRs for the hash algorithm are available * tpm_main: handle if tpm2_checkquote returns no PCRs for a hash algorithm * agent: output supported_version as result not as a status * Add missing subcommands to -c help message * tests: fix mtls_cert generation in test_restful.py * revocation_notifier: fix socket path permission check * Remove unused database_query config param * Move umask calls only on entry points * config: move directory utilities to fs_util ==== libcap ==== - Use "or" in the license tag to avoid confusion (bsc#1180073) ==== libglvnd ==== - Update libglvnd-add-bti.patch from latest upstream submission ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Add Requires for exact libselinux1 version for selinux-tools - Simplyfied check for correct boot paramaters in selinux-ready (bsc#1195361) ==== libzypp ==== Version update (17.29.4 -> 17.29.5) - Hint on ptf<>patch resolver conflicts (bsc#1194848) - version 17.29.5 (22) ==== ncurses ==== Version update (6.3.20220212 -> 6.3.20220219) Subpackages: libncurses6 ncurses-utils terminfo-base - Avoid lto-bytecode error on static libraries - Add ncurses patch 20220219 + expanded description in man/resizeterm.3x + additional workaround for ImageMagick in test/picsmap.c ==== psmisc ==== - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Determine the namespace of a process only once to speed up the parsing of fdinfo (bsc#1194172). - Adopt patch 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch ==== selinux-policy ==== Subpackages: selinux-policy-targeted - use %license tag for COPYING file ==== setools ==== - Add make-networkx-optional.patch to cut down installation requirements - Change python3-networkx from require into recommend ==== systemd ==== Subpackages: libsystemd0 libudev1 udev - Fix a regression caused by the split of the sysusers config files shipped by systemd (bsc#1196322) Calls to %sysusers_create were not updated accordingly. - spec: fix dependencies for mini variants (follow-up) systemd-mini-container is one of the sub-package that relies systemd-mini to conflict with kiwi and to not be installed on real systems. ==== systemd-presets-common-SUSE ==== - enable vgauthd service for VMWare by default (bsc#1195251) ==== vim ==== Version update (8.2.4375 -> 8.2.4456) Subpackages: vim-data-common vim-small - Updated to version 8.2.4456, fixes the following problems - boo#1196361 - CVE-2022-0696 - boo#1196358 - CVE-2022-0714 * ctx_imports is not used. * Not enough tests for command line completion. * CI steps for Windows are a bit unorganized. * Incsearch highlight broken when calling searchcount() in 'tabLine' function. (Mirko Palmer) * An empty change is reported to a listener. * Small differences between Chinese translation files. * Translation file listed twice. * A custom 'tabline' may cause Esc to work like Enter on the command line when the popup menu is displayed. * Vim9: unused code lines. * Vim9: error message not tested, some code not tested. * Cannot build tiny version. * Still cannot build tiny version. * Command line completion doesn't always work properly. * Dead code in op_insert(). * screenpos() does not handle a position in a closed fold. * Vim9: list from declaration with inferred type does not set the type on the value. * Command line executed when typing Esc in the GUI. * MS-Windows with VIMDLL: Escaping CSI is wrong. * Possible number overflow with nested folds. * UTF8 select mode test fails on MS-Windows. * Some code lines not covered by tests. * Python3 test fails. * Crash when using many composing characters in error message. * Some command completion functions are too long. * Crash after ml_get error. * MS-Windows: cannot use the mouse in the console with VIMDLL. * Map listing does not clear the rest of the command line. * Missing parenthesis may cause unexpected problems. * ml_get error with nested folds and deleting lines. * Vim9: some code not covered by tests. * Compiler warning for unused variable without the +folding feature. (Tony Mechelynck) * Expand functions use confusing argument names. * Vim9: some code not covered by tests. * Bicep files are not recognized. * Translation cleanup script does not remove empty lines at end. * Vim9: Coverity warns for using NULL pointer. * Solidity files are not recognized. * Function argument name conflicts with C++ keyword. * Vim9: using a script-local function requires using "s:" when setting 'completefunc'. * Using NULL pointer. * Crash when using special multi-byte character. * Illegal memory access when using exactly 20 highlights. * Menu translations are inconsistent. * Some installed files and directories have wrong permissions. * Autochdir test fails on MS-Windows. * "make nvcmdidxs" fails. * ".gts" and ".gjs" files are not recognized. * map() function does not check function arguments at compile time. * map() function on string and blob does not check argument types at compile time. * getchar() may return modifiers if no character is available. * Crash when switching tabpage while in the cmdline window. * Using script-local function from the wrong script when using a partial. (Yegappan Lakshmanan) * GTK: crash when using 'guiligatures' and reading from stdin. * Unnecessary condition when assigning to a variable. * Cannot use settabvar() while the cmdline window is open. * CI: cannot see interface versions for MS-Windows. * Duplicate check for cmdline window. * Dead code in checking map() arguments. (Dominique Pellé) * Crash with weird 'vartabstop' value. * Vartabs test fails on MS-Windows. * Crash on exit when using cmdline window. * Accepting "iso8859" 'encoding' as "iso-8859-". * Crash with specific regexp pattern and string. * Vim9: function argument of filter() not checked like map(). * Test for error reading input fails on MS-Windows. * Regexp pattern test fails on Mac. * Beep caused by test. ASAN reports leaks. * Exit test fails on MS-Windows anyway. * Vim9: cannot refer to a global function like a local one. * Vim9: can still use s:var in a compiled function. * Filetype detection is failing. * vim9: function argument of sort() not checked at compile time. * List sort test fails. * sort() fails when ignoring case. * Test for what 8.2.4436 fixes does not check for regression. * :helpgrep may free an option that was not allocated. (Yegappan Lakshmanan) * Resetting cmdwin_type only for one situation. * Accepting one and zero for the second sort() argument is strange. ==== zypper ==== Version update (1.14.51 -> 1.14.52) Subpackages: zypper-needs-restarting - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) - version 1.14.52