Packages changed:
ceph (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716)
cockpit-podman
curl (7.81.0 -> 7.82.0)
dbus-1 (1.12.22 -> 1.14.0)
etcd (3.4.16 -> 3.5.2)
gnutls
helm
kbd
kernel-source (5.16.11 -> 5.16.14)
kubernetes1.22
libnvme (1.0~5 -> 1.0~6)
logrotate
lua54
lvm2
lvm2-device-mapper
mozilla-nss (3.74 -> 3.75)
nfs-utils
nvme-cli (2.0~5 -> 2.0~6)
openssl-1_1
pam
permissions (1599_20210901 -> 1599_20220309)
python-PyYAML
python-SQLAlchemy (1.4.31 -> 1.4.32)
qemu
rdma-core
util-linux (2.37.3 -> 2.37.4)
util-linux-systemd (2.37.3 -> 2.37.4)
vim (8.2.4456 -> 8.2.4542)
yast2 (4.4.45 -> 4.4.47)
=== Details ===
==== ceph ====
Version update (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716)
Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw
- Update to 16.2.7-596-g7d574789716
+ Update Prometheus Container image paths (pr #459)
+ mgr/dashboard: Fix documentation URL (pr #456)
+ mgr/dashboard: Adapt downstream branded navigation page (pr #454)
- Update to 16.2.7-577-g3e3603b5dd1
+ Update prometheus-server version
- Update to 16.2.7-37-gb3be69440db:
+ (bsc#1194353) Downstream branding breaks dashboard npm build
==== cockpit-podman ====
- Add source-offest to _service to fix build error in Leap.
==== curl ====
Version update (7.81.0 -> 7.82.0)
Subpackages: libcurl4
- Fix: openssl: fix CN check error code
* Add curl-fix-verifyhost.patch
- Update to 7.82.0:
* curl: add --json command line option
* curl: make it so that sensitive command line arguments do not
show as easily in the output of ps(1)
* curl_multi_socket.3: remove callback and typical usage descriptions
* ftp: provide error message for control bytes in path
* ldap: return CURLE_URL_MALFORMAT for bad URL
* lib: remove support for CURL_DOES_CONVERSIONS
* mqtt: plug some memory leaks
* multi: allow user callbacks to call curl_multi_assign
* multi: remember connection_id before returning connection to pool
* multi: set in_callback for multi interface callbacks
* netware: remove support
* ngtcp2: adapt to changed end of headers callback proto
* openldap: implement SASL authentication
* openssl: return error if TLS 1.3 is requested when not supported
* sectransp: mark a 3DES cipher as weak
* smb: pass socket for writing and reading data instead of FIRSTSOCKET
* tool_getparam: DNS options that need c-ares now fail without it
* TPF: drop support
* url: given a user in the URL, find pwd for that user in netrc
* url: keep trailing dot in host name
* urlapi: handle "redirects" smarter
* urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
* urldata: remove conn->bits.user_passwd
==== dbus-1 ====
Version update (1.12.22 -> 1.14.0)
Subpackages: libdbus-1-3
- Update to version 1.14.0:
+ Dependencies:
- dbus now requires at least a basic level of support for C99
variadic macros, as implemented in gcc >= 3, all versions of
Clang, and MSVC >= 2005. In practice this requirement has
existed since version 1.9.2, but it is now official.
- dbus now requires a C99-compatible va_copy() macro
(or a __va_copy() macro with the same behaviour), except when
building for Windows using MSVC and CMake.
- On Unix platforms, if getpwnam_r() and getgrnam_r() are
implemented, they must be POSIX-conformant. The non-POSIX
signature seen in ancient Solaris versions will no longer
work.
- GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
- Building using CMake now requires CMake 3.4.
- Building documentation using CMake now requires xsltproc,
Docbook DTDs (for example docbook-xml on Debian derivatives),
and Docbook XSLT stylesheets (for example docbook-xsl on
Debian derivatives). Using KDE's meinproc4 documentation
processor is no longer supported.
+ Build-time configuration changes: Move CMake build system to
top level, matching normal practice for CMake projects
+ Deprecations:
- Third-party software should install default dbus policies for
the system bus into ${datadir}/dbus-1/system.d (this has been
supported since dbus 1.10, released in August 2015).
Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be
deprecated. Policy files in ${sysconfdir}/dbus-1/system.d
continue to be read, but this directory should only be used
by system administrators wishing to override the default
policies.
- The ${datadir} applicable to dbus is usually /usr/share and
the ${sysconfdir} is usually /etc.
- A similar pattern applies to the session bus policies in
session.d.
- The dbus-send(1) man page now documents --bus and --peer
instead of the old --address synonym for --peer, which has
been deprecated since the introduction of --bus and --peer in
1.7.6
- The dbus-daemon man page now has scarier warnings about
and non-local TCP, which are insecure and
should not be used, particularly for the standard system and
session buses.
- DBusServer (and hence the dbus-daemon) no longer accepts
usernames (login names) for the recommended EXTERNAL
authentication mechanism, only numeric user IDs or the empty
string. See 1.13.0 release notes for full details.
+ New features:
- On Linux 4.13 or later when built against a suitable glibc
version, GetConnectionCredentials() now includes
UnixGroupIDs, the effective group IDs of the initiator of the
connection, taken from SO_PEERGROUPS.
- On Linux 4.13 or later, now uses the
SO_PEERGROUPS credentials-passing socket option to get the
effective group IDs of the initiator of the connection. See
1.13.4 release notes for details.
- Add a --sender option to dbus-send, which requests a name and
holds it until the signal has been sent
- dbus-daemon and rules can now specify a
send_destination_prefix attribute, which is like a
combination of send_destination and the arg0namespace keyword
in match rules. See 1.13.12 release notes for more details.
- The dbus-daemon now filters the messages that it relays,
removing header fields that it does not understand. Clients
must not rely on this behaviour unless they have confirmed
that they are connected to a suitable message bus
implementation, for example by querying its Features
property.
- The dbus-daemon now emits a signal,
ActivatableServicesChanged, when the list of activatable
services may have changed. Support for this signal can be
discovered by querying the Features property.
- It is now possible to disable traditional (non-systemd)
service activation at build-time (Autotools:
- -disable-traditional-activation, CMake:
- DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release
notes for details.
- The API reference manual can be built as a Qt compiled help
file if qhelpgenerator(-qt5) is available. See 1.13.16
release notes for details.
+ Miscellaneous behaviour changes:
- When using the "user bus" (--enable-user-session), put the
dbus-daemon in the session slice
- Several environment variables set by systemd are no longer
passed on to activated services
- If the dbus-daemon is compiled for Linux with systemd
support, it now informs systemd that it is ready for use via
the sd_notify() mechanism.
- Tarball releases no longer contain pre-2007 changelogs and
are now compressed with xz, making them around 35% smaller.
- Drop conditionals for old obsolete versions of openSUSE.
- Rebase patches with quilt.
- Use https for source and sig URL.
==== etcd ====
Version update (3.4.16 -> 3.5.2)
- Add vendor-update.sh as a source to pass obs-service-source_validator
- Drop ETCD_UNSUPPORTED_ARCH=arm64 from sysconfig as ARM64 is now officially supported
- Update go version to 1.16
- Update etcd.conf variables
- Add the new etcdutl into separate subpackage
- Update vendor.tar.gz to include vendoring for server, etcdctl and etcdutl
* see ./vendor-update.sh
- Update to version 3.5.2:
* version: bump up to 3.5.2
* Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254.
* fix runlock bug
* server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL
* etcdserver,integration: Store remaining TTL on checkpoint
* lease,integration: add checkpoint scheduling after leader change
* set the backend again after recovering v3 backend from snapshot
* *: implement a retry logic for auth old revision in the client
* client/v3: refresh the token when ErrUserEmpty is received while retrying
* server/etcdserver/api/etcdhttp: exclude the same alarm type activated by multiple peers
* storage/backend: Add a gauge to indicate if defrag is active (backport from 3.6)
- Update to version 3.5.1:
* version: 3.5.1
* Dockerfile: bump debian bullseye-20210927
* client: Use first endpoint as http2 authority header
* tests: Add grpc authority e2e tests
* client: Add grpc authority header integration tests
* tests: Allow configuring integration tests to use TCP
* test: Use unique number for grpc port
* tests: Cleanup member interface by exposing Bridge directly
* tests: Make using bridge optional
* tests: Rename grpcAddr to grpcURL to imply that it includes schema
* tests: Remove bridge dependency on unix
* Decouple prefixArgs from os.Env dependency
* server: Ensure that adding and removing members handle storev2 and backend out of sync
* Stop using tip golang version in CI
* fix self-signed-cert-validity parameter cannot be specified in the config file
* fix health endpoint not usable when authentication is enabled
* workflows: remove ARM64 job for maintenance
- Update to version 3.5.0:
* See link below, diff is too big
https://github.com/etcd-io/etcd/compare/v3.4.16...v3.5.0
==== gnutls ====
- build with lto
- build with -Wl,-z,now -Wl,-z,relro
- build without -fanalyzer, which cuts build time in ~ half
==== helm ====
- avoid CGO to workaround missing gold dependency (bsc#1183043)
==== kbd ====
Subpackages: kbd-legacy
- Refresh kbdsettings-nox86.patch to fix build on non-x86*
architectures
- [kbdsettings] try to run numlockbios from /usr/libexec/kbd/ first
as Tumbleweed moved to this location a while ago (boo#1179295)
- Fix build without %_distconfdir (see bsc#1195679)
==== kernel-source ====
Version update (5.16.11 -> 5.16.14)
- Linux 5.16.14 (bsc#1012628).
- Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC
GPE" (bsc#1012628).
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1012628).
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1012628).
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1012628).
- xen/9p: use alloc/free_pages_exact() (bsc#1012628).
- xen: remove gnttab_query_foreign_access() (bsc#1012628).
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1012628).
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1012628).
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1012628).
- ARM: fix build warning in proc-v7-bugs.c (bsc#1012628).
- arm64: Do not include __READ_ONCE() block in assembly files
(bsc#1012628).
- ARM: Do not use NOCROSSREFS directive with ld.lld (bsc#1012628).
- ARM: fix co-processor register typo (bsc#1012628).
- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1012628).
- arm64: proton-pack: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- arm64: Use the clearbhb instruction in mitigations
(bsc#1012628).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
and migrated (bsc#1012628).
- arm64: Mitigate spectre style branch history side channels
(bsc#1012628).
- Update config files.
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
of Spectre-v2 (bsc#1012628).
- arm64: Add percpu vectors for EL1 (bsc#1012628).
- arm64: entry: Add macro for reading symbol addresses from the
trampoline (bsc#1012628).
- arm64: entry: Add vectors that have the bhb mitigation sequences
(bsc#1012628).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
mitigations (bsc#1012628).
- arm64: entry: Allow the trampoline text to occupy multiple pages
(bsc#1012628).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
(bsc#1012628).
- arm64: entry: Move trampoline macros out of ifdef'd section
(bsc#1012628).
- arm64: entry: Don't assume tramp_vectors is the start of the
vectors (bsc#1012628).
- arm64: entry: Allow tramp_alias to access symbols after the
4K boundary (bsc#1012628).
- arm64: entry: Move the trampoline data page before the text page
(bsc#1012628).
- arm64: entry: Free up another register on kpti's tramp_exit path
(bsc#1012628).
- arm64: entry: Make the trampoline cleanup optional
(bsc#1012628).
- KVM: arm64: Allow indirect vectors to be used without
SPECTRE_V3A (bsc#1012628).
- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
(bsc#1012628).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_RPRES (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_AFP (bsc#1012628).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1012628).
- ARM: include unprivileged BPF status in Spectre V2 reporting
(bsc#1012628).
- ARM: Spectre-BHB workaround (bsc#1012628).
- Update config files.
- ARM: use LOADADDR() to get load address of sections
(bsc#1012628).
- ARM: early traps initialisation (bsc#1012628).
- ARM: report Spectre v2 status through sysfs (bsc#1012628).
- Update config files.
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
SMT (bsc#1012628).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
(bsc#1012628).
- x86/speculation: Update link to AMD speculation whitepaper
(bsc#1012628).
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1012628).
- x86/speculation: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- Documentation/hw-vuln: Update spectre doc (bsc#1012628).
- x86/speculation: Add eIBRS + Retpoline options (bsc#1012628).
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1012628).
- commit 80acc65
- Bluetooth: btusb: Add missing Chicony device for Realtek
RTL8723BE (bsc#1196779).
- commit 714ef34
- Linux 5.16.13 (bsc#1012628).
- mac80211_hwsim: report NOACK frames in tx_status (bsc#1012628).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
(bsc#1012628).
- i2c: bcm2835: Avoid clock stretching timeouts (bsc#1012628).
- ASoC: rt5682s: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5668: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5682: do not block workqueue if card is unbound
(bsc#1012628).
- regulator: core: fix false positive in regulator_late_cleanup()
(bsc#1012628).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (bsc#1012628).
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1012628).
- KVM: arm64: vgic: Read HW interrupt pending state from the HW
(bsc#1012628).
- block: loop:use kstatfs.f_bsize of backing file to set discard
granularity (bsc#1012628).
- tipc: fix a bit overflow in tipc_crypto_key_rcv() (bsc#1012628).
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1012628).
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1012628).
- HID: amd_sfh: Handle amd_sfh work buffer in PM ops
(bsc#1012628).
- HID: amd_sfh: Add functionality to clear interrupts
(bsc#1012628).
- HID: amd_sfh: Add interrupt handler to process interrupts
(bsc#1012628).
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1012628).
- selftests/seccomp: Fix seccomp failure by adding missing headers
(bsc#1012628).
- drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish
and Beige Goby (bsc#1012628).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
(bsc#1012628).
- dmaengine: shdma: Fix runtime PM imbalance on error
(bsc#1012628).
- i2c: cadence: allow COMPILE_TEST (bsc#1012628).
- i2c: imx: allow COMPILE_TEST (bsc#1012628).
- i2c: qup: allow COMPILE_TEST (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(bsc#1012628).
- block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern (bsc#1012628).
- exfat: reuse exfat_inode_info variable instead of calling
EXFAT_I() (bsc#1012628).
- exfat: fix i_blocks for files truncated over 4 GiB
(bsc#1012628).
- tracing: Add test for user space strings when filtering on
string pointers (bsc#1012628).
- arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
(bsc#1012628).
- serial: stm32: prevent TDR register overwrite when sending
x_char (bsc#1012628).
- KVM: arm64: Workaround Cortex-A510's single-step and PAC trap
errata (bsc#1012628).
- ext4: drop ineligible txn start stop APIs (bsc#1012628).
- ext4: simplify updating of fast commit stats (bsc#1012628).
- ext4: fast commit may not fallback for ineligible commit
(bsc#1012628).
- ext4: fast commit may miss file actions (bsc#1012628).
- sched/fair: Fix fault in reweight_entity (bsc#1012628).
- KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (bsc#1012628).
- ata: pata_hpt37x: fix PCI clock detection (bsc#1012628).
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
(bsc#1012628).
- tracing: Add ustring operation to filtering string pointers
(bsc#1012628).
- ipv6: fix skb drops in igmp6_event_query() and
igmp6_event_report() (bsc#1012628).
- btrfs: defrag: bring back the old file extent search behavior
(bsc#1012628).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1012628).
- ALSA: intel_hdmi: Fix reference to PCM buffer address
(bsc#1012628).
- ucounts: Fix systemd LimitNPROC with private users regression
(bsc#1012628).
- binfmt_elf: Avoid total_mapping_size for ET_EXEC (bsc#1012628).
- riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
(bsc#1012628).
- riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
(bsc#1012628).
- riscv: Fix config KASAN && DEBUG_VIRTUAL (bsc#1012628).
- iwlwifi: mvm: check debugfs_dir ptr before use (bsc#1012628).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(bsc#1012628).
- iommu/vt-d: Fix double list_add when enabling VMD in scalable
mode (bsc#1012628).
- iommu/amd: Recover from event log overflow (bsc#1012628).
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1012628).
- drm/amd/display: Reduce dmesg error to a debug print
(bsc#1012628).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
(bsc#1012628).
- thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
(bsc#1012628).
- mac80211: fix EAPoL rekey fail in 802.3 rx path (bsc#1012628).
- blktrace: fix use after free for struct blk_trace (bsc#1012628).
- ntb: intel: fix port config status offset for SPR (bsc#1012628).
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
(bsc#1012628).
- xfrm: fix MTU regression (bsc#1012628).
- netfilter: fix use-after-free in __nf_register_net_hook()
(bsc#1012628).
- bpf, sockmap: Do not ignore orig_len parameter (bsc#1012628).
- xfrm: fix the if_id check in changelink (bsc#1012628).
- xfrm: enforce validity of offload input flags (bsc#1012628).
- e1000e: Correct NVM checksum verification flow (bsc#1012628).
- net: fix up skbs delta_truesize in UDP GRO frag_list
(bsc#1012628).
- netfilter: nf_queue: don't assume sk is full socket
(bsc#1012628).
- netfilter: nf_queue: fix possible use-after-free (bsc#1012628).
- netfilter: nf_queue: handle socket prefetch (bsc#1012628).
- batman-adv: Request iflink once in batadv-on-batadv check
(bsc#1012628).
- batman-adv: Request iflink once in batadv_get_real_netdevice
(bsc#1012628).
- batman-adv: Don't expect inter-netns unique iflink indices
(bsc#1012628).
- net: ipv6: ensure we call ipv6_mc_down() at most once
(bsc#1012628).
- net: dcb: flush lingering app table entries for unregistered
devices (bsc#1012628).
- net: ipa: fix a build dependency (bsc#1012628).
- net: ipa: add an interconnect dependency (bsc#1012628).
- net/smc: fix connection leak (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated
by client (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause
by server (bsc#1012628).
- btrfs: fix ENOSPC failure when attempting direct IO write into
NOCOW range (bsc#1012628).
- platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer
wakeup (bsc#1012628).
- net: dsa: microchip: fix bridging with more than two member
ports (bsc#1012628).
- mac80211: fix forwarded mesh frames AC & queue selection
(bsc#1012628).
- net: stmmac: fix return value of __setup handler (bsc#1012628).
- mac80211: treat some SAE auth steps as final (bsc#1012628).
- iavf: Fix missing check for running netdev (bsc#1012628).
- net: sxgbe: fix return value of __setup handler (bsc#1012628).
- ibmvnic: register netdev after init of adapter (bsc#1012628).
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
(bsc#1012628).
- ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc() (bsc#1012628).
- iavf: Fix deadlock in iavf_reset_task (bsc#1012628).
- efivars: Respect "block" flag in efivar_entry_set_safe()
(bsc#1012628).
- auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
(bsc#1012628).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
(bsc#1012628).
- ASoC: cs4265: Fix the duplicated control name (bsc#1012628).
- auxdisplay: lcd2s: Fix memory leak in ->remove() (bsc#1012628).
- auxdisplay: lcd2s: Use proper API to free the instance of
charlcd object (bsc#1012628).
- can: gs_usb: change active_channels's type from atomic_t to u8
(bsc#1012628).
- iommu/tegra-smmu: Fix missing put_device() call in
tegra_smmu_find (bsc#1012628).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
(bsc#1012628).
- igc: igc_read_phy_reg_gpy: drop premature return (bsc#1012628).
- ARM: Fix kgdb breakpoint for Thumb2 (bsc#1012628).
- mips: setup: fix setnocoherentio() boolean setting
(bsc#1012628).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
functions (bsc#1012628).
- mptcp: Correctly set DATA_FIN timeout when number of retransmits
is large (bsc#1012628).
- selftests: mlxsw: tc_police_scale: Make test more robust
(bsc#1012628).
- pinctrl: sunxi: Use unique lockdep classes for IRQs
(bsc#1012628).
- igc: igc_write_phy_reg_gpy: drop premature return (bsc#1012628).
- ibmvnic: free reset-work-item when flushing (bsc#1012628).
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
(bsc#1012628).
- s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE
(bsc#1012628).
- s390/extable: fix exception table sorting (bsc#1012628).
- sched: Fix yet more sched_fork() races (bsc#1012628).
- arm64: dts: rockchip: drop pclk_xpcs from gmac0 on rk3568
(bsc#1012628).
- arm64: dts: juno: Remove GICv2m dma-range (bsc#1012628).
- arm64: dts: rockchip: fix Quartz64-A ddr regulator voltage
(bsc#1012628).
- arm64: dts: imx8mm: Fix VPU Hanging (bsc#1012628).
- iommu/amd: Fix I/O page table memory leak (bsc#1012628).
- MIPS: ralink: mt7621: do memory detection on KSEG1
(bsc#1012628).
- ARM: dts: switch timer config to common devkit8000 devicetree
(bsc#1012628).
- ARM: dts: Use 32KiHz oscillator on devkit8000 (bsc#1012628).
- soc: fsl: guts: Revert commit 3c0d64e867ed (bsc#1012628).
- soc: fsl: guts: Add a missing memory allocation failure check
(bsc#1012628).
- soc: fsl: qe: Check of ioremap return value (bsc#1012628).
- soc: imx: gpcv2: Fix clock disabling imbalance in error path
(bsc#1012628).
- netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
(bsc#1012628).
- ARM: tegra: Move panels to AUX bus (bsc#1012628).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
(bsc#1012628).
- can: etas_es58x: change opened_channel_cnt's type from atomic_t
to u8 (bsc#1012628).
- net: stmmac: enhance XDP ZC driver level switching performance
(bsc#1012628).
- net: stmmac: only enable DMA interrupts when ready
(bsc#1012628).
- ibmvnic: initialize rc before completing wait (bsc#1012628).
- ibmvnic: define flush_reset_queue helper (bsc#1012628).
- ibmvnic: complete init_done on transport events (bsc#1012628).
- ibmvnic: Update driver return codes (bsc#1012628).
- ibmvnic: init init_done_rc earlier (bsc#1012628).
- ibmvnic: clear fop when retrying probe (bsc#1012628).
- ibmvnic: Allow queueing resets during probe (bsc#1012628).
- net: chelsio: cxgb3: check the return value of
pci_find_capability() (bsc#1012628).
- net: sparx5: Fix add vlan when invalid operation (bsc#1012628).
- iavf: Add trace while removing device (bsc#1012628).
- iavf: Rework mutexes for better synchronisation (bsc#1012628).
- iavf: Add waiting so the port is initialized in remove
(bsc#1012628).
- iavf: Fix init state closure on remove (bsc#1012628).
- iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS
(bsc#1012628).
- iavf: Fix race in init state (bsc#1012628).
- iavf: Fix __IAVF_RESETTING state usage (bsc#1012628).
- drm/i915/guc/slpc: Correct the param count for unset param
(bsc#1012628).
- drm/bridge: ti-sn65dsi86: Properly undo autosuspend
(bsc#1012628).
- e1000e: Fix possible HW unit hang after an s0ix exit
(bsc#1012628).
- MIPS: ralink: mt7621: use bitwise NOT instead of logical
(bsc#1012628).
- nl80211: Handle nla_memdup failures in handle_nan_filter
(bsc#1012628).
- ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments
(bsc#1012628).
- drm/amdgpu: fix suspend/resume hang regression (bsc#1012628).
- net: dcb: disable softirqs in dcbnl_flush_dev() (bsc#1012628).
- selftests: mlxsw: resource_scale: Fix return value
(bsc#1012628).
- net: stmmac: perserve TX and RX coalesce value during XDP setup
(bsc#1012628).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (bsc#1012628).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (bsc#1012628).
- Input: samsung-keypad - properly state IOMEM dependency
(bsc#1012628).
- HID: add mapping for KEY_DICTATE (bsc#1012628).
- HID: add mapping for KEY_ALL_APPLICATIONS (bsc#1012628).
- tracing/histogram: Fix sorting on old "cpu" value (bsc#1012628).
- tracing: Fix return value of __setup handlers (bsc#1012628).
- btrfs: fix lost prealloc extents beyond eof after full fsync
(bsc#1012628).
- btrfs: fix relocation crash due to premature return from
btrfs_commit_transaction() (bsc#1012628).
- btrfs: subpage: fix a wrong check on subpage->writers
(bsc#1012628).
- btrfs: do not WARN_ON() if we have PageError set (bsc#1012628).
- btrfs: qgroup: fix deadlock between rescan worker and remove
qgroup (bsc#1012628).
- btrfs: add missing run of delayed items after unlink during
log replay (bsc#1012628).
- btrfs: fallback to blocking mode when doing async dio over
multiple extents (bsc#1012628).
- btrfs: do not start relocation until in progress drops are done
(bsc#1012628).
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for
ipv6" (bsc#1012628).
- proc: fix documentation and description of pagemap
(bsc#1012628).
- x86/kvmclock: Fix Hyper-V Isolated VM's boot issue when vCPUs >
64 (bsc#1012628).
- s390/ftrace: fix arch_ftrace_get_regs implementation
(bsc#1012628).
- s390/ftrace: fix ftrace_caller/ftrace_regs_caller generation
(bsc#1012628).
- KVM: x86/mmu: Passing up the error state of
mmu_alloc_shadow_roots() (bsc#1012628).
- Update config files.
- commit bd40cb2
- Update
patches.kernel.org/5.16.11-207-lib-iov_iter-initialize-flags-in-new-pipe_buf.patch
(bsc#1012628 bsc#1196584 CVE-2022-0847).
Add references.
- commit 82f40a9
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit b002fe2
- config: ppc64{,le}: build vmx-crypto as module (bsc#1195768)
Building CONFIG_CRYPTO_DEV_VMX_ENCRYPT as module is the default in
mainline since v4.8, we use it in SLES and already in
config/ppc64/default. Thus unify it in the other configs.
There are build dependencies which has been fixed in mainline
647d41d3952d ("crypto: vmx - add missing dependencies")
(currently still at maintainer herbert/cryptodev-2.6 tree)
But instead of waiting commit to be accepted or backporting it we just
unify configs, which is useful anyway
- commit 70a0d71
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.")
- commit 68fa069
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- Linux 5.16.12 (bsc#1012628).
- memblock: use kfree() to release kmalloced memblock regions
(bsc#1012628).
- gpio: tegra186: Fix chip_data type confusion (bsc#1012628).
- pinctrl: k210: Fix bias-pull-up (bsc#1012628).
- pinctrl: fix loop in k210_pinconf_get_drive() (bsc#1012628).
- tty: n_gsm: fix deadlock in gsmtty_open() (bsc#1012628).
- tty: n_gsm: fix wrong modem processing in convergence layer
type 2 (bsc#1012628).
- tty: n_gsm: fix wrong tty control line for flow control
(bsc#1012628).
- tty: n_gsm: fix NULL pointer access due to DLCI release
(bsc#1012628).
- tty: n_gsm: fix proper link termination after failed open
(bsc#1012628).
- tty: n_gsm: fix encoding of command/response bit (bsc#1012628).
- tty: n_gsm: fix encoding of control signal octet bit DV
(bsc#1012628).
- hugetlbfs: fix a truncation issue in hugepages parameter
(bsc#1012628).
- mm/hugetlb: fix kernel crash with hugetlb mremap (bsc#1012628).
- riscv: fix oops caused by irqsoff latency tracer (bsc#1012628).
- riscv: fix nommu_k210_sdcard_defconfig (bsc#1012628).
- IB/qib: Fix duplicate sysfs directory name (bsc#1012628).
- tps6598x: clear int mask on probe failure (bsc#1012628).
- staging: fbtft: fb_st7789v: reset display before initialization
(bsc#1012628).
- thermal: int340x: fix memory leak in int3400_notify()
(bsc#1012628).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1012628).
- btrfs: reduce extent threshold for autodefrag (bsc#1012628).
- btrfs: autodefrag: only scan one inode once (bsc#1012628).
- btrfs: defrag: allow defrag_one_cluster() to skip large extent
which is not a target (bsc#1012628).
- btrfs: prevent copying too big compressed lzo segment
(bsc#1012628).
- btrfs: defrag: remove an ambiguous condition for rejection
(bsc#1012628).
- btrfs: defrag: don't defrag extents which are already at max
capacity (bsc#1012628).
- btrfs: defrag: don't try to merge regular extents with
preallocated extents (bsc#1012628).
- driver core: Free DMA range map when device is released
(bsc#1012628).
- mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- xhci: Prevent futile URB re-submissions due to incorrect return
value (bsc#1012628).
- xhci: re-initialize the HC during resume if HCE was set
(bsc#1012628).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
halves (bsc#1012628).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (bsc#1012628).
- usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay
Trail (bsc#1012628).
- usb: dwc2: drd: fix soft connect when gadget is unconfigured
(bsc#1012628).
- USB: serial: option: add Telit LE910R1 compositions
(bsc#1012628).
- USB: serial: option: add support for DW5829e (bsc#1012628).
- tracefs: Set the group ownership in apply_options() not
parse_options() (bsc#1012628).
- USB: gadget: validate endpoint index for xilinx udc
(bsc#1012628).
- usb: gadget: rndis: add spinlock for rndis response list
(bsc#1012628).
- Revert "USB: serial: ch341: add new Product ID for CH341A"
(bsc#1012628).
- ata: pata_hpt37x: disable primary channel on HPT371
(bsc#1012628).
- sc16is7xx: Fix for incorrect data being transmitted
(bsc#1012628).
- iio: Fix error handling for PM (bsc#1012628).
- iio: imu: st_lsm6dsx: wait for settling time in
st_lsm6dsx_read_oneshot (bsc#1012628).
- iio: accel: fxls8962af: add padding to regmap for SPI
(bsc#1012628).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
bits (bsc#1012628).
- iio: adc: tsc2046: fix memory corruption by preventing array
overflow (bsc#1012628).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
path (bsc#1012628).
- iio:imu:adis16480: fix buffering for devices with no burst mode
(bsc#1012628).
- tracing: Have traceon and traceoff trigger honor the instance
(bsc#1012628).
- tracing: Dump stacktrace trigger to the corresponding instance
(bsc#1012628).
- bpf: Fix crash due to out of bounds access into reg2btf_ids
(bsc#1012628).
- bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support
(bsc#1012628).
- RDMA/ib_srp: Fix a deadlock (bsc#1012628).
- configfs: fix a race in configfs_{,un}register_subsystem()
(bsc#1012628).
- bnxt_en: Increase firmware message response DMA wait time
(bsc#1012628).
- RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
(bsc#1012628).
- RDMA/rtrs-clt: Fix possible double free in error case
(bsc#1012628).
- net-timestamp: convert sk->sk_tskey to atomic_t (bsc#1012628).
- net: use sk_is_tcp() in more places (bsc#1012628).
- regmap-irq: Update interrupt clear register for proper reset
(bsc#1012628).
- gpio: rockchip: Reset int_bothedge when changing trigger
(bsc#1012628).
- PCI: mvebu: Fix device enumeration regression (bsc#1012628).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (bsc#1012628).
- net/mlx5e: Add missing increment of count (bsc#1012628).
- net/mlx5: Update log_max_qp value to be 17 at most
(bsc#1012628).
- net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
(bsc#1012628).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
packets (bsc#1012628).
- net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
(bsc#1012628).
- net/mlx5: DR, Fix the threshold that defines when pool sync
is initiated (bsc#1012628).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
(bsc#1012628).
- net/mlx5: Fix possible deadlock on rule deletion (bsc#1012628).
- net/mlx5: DR, Don't allow match on IP w/o matching on full
ethertype/ip_version (bsc#1012628).
- ibmvnic: schedule failover only if vioctl fails (bsc#1012628).
- net/mlx5: DR, Cache STE shadow memory (bsc#1012628).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(bsc#1012628).
- surface: surface3_power: Fix battery readings on batteries
without a serial number (bsc#1012628).
- net/smc: Use a mutex for locking "struct smc_pnettable"
(bsc#1012628).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1012628).
- net: mdio-ipq4019: add delay after clock enable (bsc#1012628).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(bsc#1012628).
- net: dsa: avoid call to __dev_set_promiscuity() while rtnl_mutex
isn't held (bsc#1012628).
- netfilter: nf_tables: unregister flowtable hooks on netns exit
(bsc#1012628).
- net: Force inlining of checksum functions in net/checksum.h
(bsc#1012628).
- net: ll_temac: check the return value of devm_kmalloc()
(bsc#1012628).
- net/sched: act_ct: Fix flow table lookup after ct clear or
switching zones (bsc#1012628).
- drm/amd/display: For vblank_disable_immediate, check PSR is
really used (bsc#1012628).
- drm/i915/dg2: Print PHY name properly on calibration error
(bsc#1012628).
- drm/vc4: crtc: Fix runtime_pm reference counting (bsc#1012628).
- block: clear iocb->private in blkdev_bio_end_io_async()
(bsc#1012628).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(bsc#1012628).
- net/mlx5e: TC, Reject rules with forward and drop actions
(bsc#1012628).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(bsc#1012628).
- drm/edid: Always set RGB444 (bsc#1012628).
- openvswitch: Fix setting ipv6 fields causing hw csum failure
(bsc#1012628).
- net: mv643xx_eth: process retval from of_get_mac_address
(bsc#1012628).
- gso: do not skip outer ip header in case of ipip and
net_failover (bsc#1012628).
- clk: qcom: gcc-msm8994: Remove NoC clocks (bsc#1012628).
- tipc: Fix end of loop tests for list_for_each_entry()
(bsc#1012628).
- nvme: also mark passthrough-only namespaces ready in
nvme_update_ns_info (bsc#1012628).
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor
friends (bsc#1012628).
- io_uring: add a schedule point in io_add_buffers()
(bsc#1012628).
- bpf: Add schedule points in batch ops (bsc#1012628).
- bpf: Fix a bpf_timer initialization issue (bsc#1012628).
- selftests: bpf: Check bpf_msg_push_data return value
(bsc#1012628).
- bpf: Do not try bpf_msg_push_data with len 0 (bsc#1012628).
- bpf: Fix crash due to incorrect copy_map_value (bsc#1012628).
- net/mlx5: Update the list of the PCI supported devices
(bsc#1012628).
- ice: initialize local variable 'tlv' (bsc#1012628).
- ice: check the return of ice_ptp_gettimex64 (bsc#1012628).
- ice: fix concurrent reset and removal of VFs (bsc#1012628).
- ice: fix setting l4 port flag when adding filter (bsc#1012628).
- net/mlx5: Fix tc max supported prio for nic mode (bsc#1012628).
- hwmon: Handle failure to register sensor with thermal zone
correctly (bsc#1012628).
- bnxt_en: Restore the resets_reliable flag in bnxt_open()
(bsc#1012628).
- bnxt_en: Fix incorrect multicast rx mask setting when not
requested (bsc#1012628).
- bnxt_en: Fix occasional ethtool -t loopback test failures
(bsc#1012628).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
(bsc#1012628).
- bnxt_en: Fix active FEC reporting to ethtool (bsc#1012628).
- bnxt_en: Fix devlink fw_activate (bsc#1012628).
- bnx2x: fix driver load from initrd (bsc#1012628).
- selftests: mptcp: be more conservative with cookie MPJ limits
(bsc#1012628).
- selftests: mptcp: fix diag instability (bsc#1012628).
- mptcp: add mibs counter for ignored incoming options
(bsc#1012628).
- mptcp: fix race in incoming ADD_ADDR option processing
(bsc#1012628).
- perf data: Fix double free in perf_session__delete()
(bsc#1012628).
- perf evlist: Fix failed to use cpu list for uncore events
(bsc#1012628).
- gpu: host1x: Always return syncpoint value when waiting
(bsc#1012628).
- Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
(bsc#1012628).
- ping: remove pr_err from ping_lookup (bsc#1012628).
- netfilter: nf_tables_offload: incorrect flow offload action
array size (bsc#1012628).
- netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES
dependency (bsc#1012628).
- netfilter: xt_socket: fix a typo in socket_mt_destroy()
(bsc#1012628).
- CDC-NCM: avoid overflow in sanity checking (bsc#1012628).
- USB: zaurus: support another broken Zaurus (bsc#1012628).
- sr9700: sanity check for packet length (bsc#1012628).
- drm/i915: Fix bw atomic check when switching between SAGV
vs. no SAGV (bsc#1012628).
- drm/i915: Correctly populate use_sagv_wm for all pipes
(bsc#1012628).
- drm/i915: Disconnect PHYs left connected by BIOS on disabled
ports (bsc#1012628).
- drm/i915: Widen the QGV point mask (bsc#1012628).
- drm/amdgpu: do not enable asic reset for raven2 (bsc#1012628).
- drm/amdgpu: disable MMHUB PG for Picasso (bsc#1012628).
- drm/amd: Check if ASPM is enabled from PCIe subsystem
(bsc#1012628).
- drm/amd/pm: fix some OEM SKU specific stability issues
(bsc#1012628).
- drm/amd/display: Protect update_bw_bounding_box FPU code
(bsc#1012628).
- drm/amd/display: Fix stream->link_enc unassigned during stream
removal (bsc#1012628).
- KVM: x86: nSVM: disallow userspace setting of
MSR_AMD64_TSC_RATIO to non default value when tsc scaling
disabled (bsc#1012628).
- KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1012628).
- parisc/unaligned: Fix ldw() and stw() unalignment handlers
(bsc#1012628).
- parisc/unaligned: Fix fldd and fstd unaligned handlers on
32-bit kernel (bsc#1012628).
- vhost/vsock: don't check owner in vhost_vsock_stop() while
releasing (bsc#1012628).
- selinux: fix misuse of mutex_is_locked() (bsc#1012628).
- io_uring: disallow modification of rsrc_data during quiesce
(bsc#1012628).
- io_uring: don't convert to jiffies for waiting on timeouts
(bsc#1012628).
- clk: jz4725b: fix mmc0 clock gating (bsc#1012628).
- slab: remove __alloc_size attribute from __kmalloc_track_caller
(bsc#1012628).
- btrfs: tree-checker: check item_size for dev_item (bsc#1012628).
- btrfs: tree-checker: check item_size for inode_item
(bsc#1012628).
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1012628).
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu
hotplug (bsc#1012628).
- mm/filemap: Fix handling of THPs in generic_file_buffered_read()
(bsc#1012628).
- commit 9b89dd3
==== kubernetes1.22 ====
- avoid bashism in client-common postinstall script (bsc#1195391)
==== libnvme ====
Version update (1.0~5 -> 1.0~6)
- Update to version 1.0-rc6:
* tree: add nvme_ctrl_get_ana_state() (bsc#1195938)
* tree: link paths to namespaces in nvme_subsystem_scan_namespace() (bsc#1195938)
* ioctl.h: ns list bug fix (wrong cns value)
* types.h: Key Value Command Set Identifier added (NVME_CSI_KV)
* types: fix status code type bug (wrong masking)
==== logrotate ====
- Added own logrotate.service file in order to define a new order
of parsed config files:
/usr/etc/logrotate.conf Default configuration file defined by
the vendor.
/usr/etc/logrotate.d/* Directory for additional configuration
files defined by the vendor.
/etc/logrotate.conf Default configuration file defined by
the administrator. (optional)
/etc/logrotate.d/* Directory for additional configuration
files defined by the administrator.
(optional)
- drop logrotate-3.19.0-systemd_add_home_env.patch:
- included in new logrotate.service
- Adapted man page: logrotate-3.19.0-man_logrotate.patch
==== lua54 ====
- Added patches from upstream:
* luabugs1.patch
* luabugs2.patch
- Adjust buildsystem so that it matches upstream git (testes??)
- Drop the lua_docdir define, package docs in the standard
location. Instead just silently drop packaging the README with
the path that does not makes sense for a rpm package, but for a
source tarball install. Simpler solution to boo#1186233.
==== lvm2 ====
Subpackages: liblvm2cmd2_03
- Udev database has incomplete information about device /dev/sda. (bsc#1181242)
+ 0024-pvscan-don-t-use-udev-for-external-device-info.patch
==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03
- Udev database has incomplete information about device /dev/sda. (bsc#1181242)
+ 0024-pvscan-don-t-use-udev-for-external-device-info.patch
==== mozilla-nss ====
Version update (3.74 -> 3.75)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client
- add reenable-nfsv2.patch for reverting nfsv2 deprecation until
test coverage is fixed (poo#106679)
- Add gcc12-fix.patch upstream fix for GCC 12 compiler.
- Update to version 2.6.1
- https://kernel.org/pub/linux/utils/nfs-utils/2.6.1/2.6.1-Changelog
- remove patches from this release:
- 0001-gssd-fix-crash-in-debug-message.patch,
- Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch
==== nvme-cli ====
Version update (2.0~5 -> 2.0~6)
- Update to version 2.0-rc6:
* nvme: print out ANA state for 'list-subsys' (bsc#1195938)
* nvme: Explicit initialize all command line options (bsc#1195945)
* nvme: Explicit initialize passthru command line options
* nvme: list_ns bug fix (csi option enable)
* nvme: nvme write bug fix (no parse for option)
* documenation updates
==== openssl-1_1 ====
Subpackages: libopenssl1_1
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
==== pam ====
Subpackages: pam_unix
- pam-hostnames-in-access_conf.patch: update with upstream
submission. Fixes several bugs including memory leaks.
- Move group.conf and faillock.conf to /usr/etc/security
- Update to current git for enhanced vendordir support (pam-git.diff)
Obsoletes:
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
==== permissions ====
Version update (1599_20210901 -> 1599_20220309)
Subpackages: chkstat permissions-config
- Update to version 20220309:
* apptainer whitelisting (bsc#1196145)
- Update to version 20220202:
* mount.nfs: switch from migration mode to fixed path in /usr/sbin
* changed gendered pronouns
* mgetty: faxq-helper now finally reside in /usr/libexec
==== python-PyYAML ====
- do not use setup.py test construct
https://trello.com/c/me9Z4sIv/121-setuppy-test-leftovers
==== python-SQLAlchemy ====
Version update (1.4.31 -> 1.4.32)
- update to version 1.4.32:
* orm
+ [orm] [bug] [regression] Fixed regression where the ORM
exception that is to be raised when an INSERT silently fails to
actually insert a row (such as from a trigger) would not be
reached, due to a runtime exception raised ahead of time due to
the missing primary key value, thus raising an uninformative
exception rather than the correct one. For 1.4 and above, a new
FlushError is added for this case that?s raised earlier than the
previous ?null identity? exception was for 1.3, as a situation
where the number of rows actually INSERTed does not match what
was expected is a more critical situation in 1.4 as it prevents
batching of multiple objects from working correctly. This is
separate from the case where a newly fetched primary key is
fetched as NULL, which continues to raise the existing ?null
identity? exception. References: #7594
+ [orm] [bug] Fixed issue where using a fully qualified path for
the classname in relationship() that nonetheless contained an
incorrect name for path tokens that were not the first token,
would fail to raise an informative error and would instead fail
randomly at a later step. References: #7697
* engine
+ [engine] [bug] Adjusted the logging for key SQLAlchemy
components including Engine, Connection to establish an
appropriate stack level parameter, so that the Python logging
tokens funcName and lineno when used in custom logging
formatters will report the correct information, which can be
useful when filtering log output; supported on Python 3.8 and
above. Pull request courtesy Markus Gerstel. References: #7612
* sql
+ [sql] [bug] Fixed type-related error messages that would fail
for values that were tuples, due to string formatting syntax,
including compile of unsupported literal values and invalid
boolean values. References: #7721
+ [sql] [bug] [mysql] Fixed issues in MySQL SET datatype as well
as the generic Enum datatype where the __repr__() method would
not render all optional parameters in the string output,
impacting the use of these types in Alembic autogenerate. Pull
request for MySQL courtesy Yuki Nishimine. References: #7598,
[#7720], #7789
+ [sql] [bug] The Enum datatype now emits a warning if the
Enum.length argument is specified without also specifying
Enum.native_enum as False, as the parameter is otherwise
silently ignored in this case, despite the fact that the Enum
datatype will still render VARCHAR DDL on backends that don?t
have a native ENUM datatype such as SQLite. This behavior may
change in a future release so that ?length? is honored for all
non-native ?enum? types regardless of the ?native_enum? setting.
+ [sql] [bug] Fixed issue where the HasCTE.add_cte() method as
called upon a TextualSelect instance was not being accommodated
by the SQL compiler. The fix additionally adds more
?SELECT?-like compiler behavior to TextualSelect including that
DML CTEs such as UPDATE and INSERT may be accommodated.
References: #7760
* asyncio
+ [asyncio] [bug] Fixed issues where a descriptive error message
was not raised for some classes of event listening with an async
engine, which should instead be a sync engine instance.
+ [asyncio] [bug] Fixed issue where the AsyncSession.execute()
method failed to raise an informative exception if the
Connection.execution_options.stream_results execution option
were used, which is incompatible with a sync-style Result object
when using an asyncio calling style, as the operation to fetch
more rows would need to be awaited. An exception is now raised
in this scenario in the same way one was already raised when the
Connection.execution_options.stream_results option would be used
with the AsyncConnection.execute() method. Additionally, for
improved stability with state-sensitive database drivers such as
asyncmy, the cursor is now closed when this error condition is
raised; previously with the asyncmy dialect, the connection
would go into an invalid state with unconsumed server side
results remaining. References: #7667
* postgresql
+ [postgresql] [usecase] Added compiler support for the PostgreSQL
NOT VALID phrase when rendering DDL for the CheckConstraint,
ForeignKeyConstraint and ForeignKey schema constructs. Pull
request courtesy Gilbert Gilb?s. References: #7600
* mysql
+ [mysql] [bug] [regression] Fixed regression caused by #7518
where changing the syntax ?SHOW VARIABLES? to ?SELECT @@? broke
compatibility with MySQL versions older than 5.6, including
early 5.0 releases. While these are very old MySQL versions, a
change in compatibility was not planned, so version-specific
logic has been restored to fall back to ?SHOW VARIABLES? for
MySQL server versions < 5.6. References: #7518
* mariadb
+ [mariadb] [bug] [regression] Fixed regression in
mariadbconnector dialect as of mariadb connector 1.0.10 where
the DBAPI no longer pre-buffers cursor.lastrowid, leading to
errors when inserting objects with the ORM as well as causing
non-availability of the CursorResult.inserted_primary_key
attribute. The dialect now fetches this value proactively for
situations where it applies. References: #7738
* sqlite
+ [sqlite] [usecase] Added support for reflecting SQLite inline
unique constraints where the column names are formatted with
SQLite ?escape quotes? [] or `, which are discarded by the
database when producing the column name. References: #7736
+ [sqlite] [bug] Fixed issue where SQLite unique constraint
reflection would fail to detect a column-inline UNIQUE
constraint where the column name had an underscore in its name.
References: #7736
* oracle
+ [oracle] [bug] Fixed issue in Oracle dialect where using a
column name that requires quoting when written as a bound
parameter, such as "_id", would not correctly track a Python
generated default value due to the bound-parameter rewriting
missing this value, causing an Oracle error to be raised.
References: #7676
+ [oracle] [bug] [regression] Added support to parse ?DPI? error
codes from cx_Oracle exception objects such as DPI-1080 and
DPI-1010, both of which now indicate a disconnect scenario as of
cx_Oracle 8.3. References: #7748
* tests
+ [tests] [bug] Improvements to the test suite?s integration with
pytest such that the ?warnings? plugin, if manually enabled,
will not interfere with the test suite, such that third parties
can enable the warnings plugin or make use of the -W parameter
and SQLAlchemy?s test suite will continue to pass. Additionally,
modernized the detection of the ?pytest-xdist? plugin so that
plugins can be globally disabled using
PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 without breaking the test suite
if xdist were still installed. Warning filters that promote
deprecation warnings to errors are now localized to
SQLAlchemy-specific warnings, or within SQLAlchemy-specific
sources for general Python deprecation warnings, so that
non-SQLAlchemy deprecation warnings emitted from pytest plugins
should also not impact the test suite. References: #7599
+ [tests] [bug] Made corrections to the default pytest
configuration regarding how test discovery is configured, to fix
issue where the test suite would not configure warnings
correctly and also attempt to load example suites as tests, in
the specific case where the SQLAlchemy checkout were located in
an absolute path that had a super-directory named ?test?.
References: #7045
==== qemu ====
- Build PPC firmwares from sources on non-PPC builds as well
(bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
logic and code
* Patches added:
Makefile-define-endianess-for-cross-buil.patch
Makefile-fix-build-with-binutils-2.38.patch
- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
bus adapter (bsc#1180432, CVE-2020-35503)
* Patches added:
hw-scsi-megasas-check-for-NULL-frame-in-.patch
==== rdma-core ====
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1
- Update spec file from upstream
- install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
- fix build support for riscv
- Added cmake-Make-modprobe.d-path-configurable.patch
- Backport from upstream to allow modprobe files to be installed in a
configurable directory
==== util-linux ====
Version update (2.37.3 -> 2.37.4)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Update to version 2.37.4:
* Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
SUSE is not affected (bsc#1196241).
- Fix "su -s" bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
==== util-linux-systemd ====
Version update (2.37.3 -> 2.37.4)
- Update to version 2.37.4:
* Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
SUSE is not affected (bsc#1196241).
- Fix "su -s" bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- update to 2.37.3 (bsc#1194976):
This release fixes two security mount(8) and umount(8) issues:
* CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
* CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
==== vim ====
Version update (8.2.4456 -> 8.2.4542)
Subpackages: vim-data-common vim-small
- Updated to version 8.2.4542, fixes the following problems
* Terminal test may fail on some machines.
* The GPM library can only be linked statically.
* Vim9: compiling filter() call fails with funcref that has unknown
arguments.
* Vim9: compiling sort() call fails with a funcref that has unknown
arguments.
* Vim9: wrong error for defining dict function.
* Not enough testing for quickfix code.
* Completion only uses strict matching.
* Dtrace files are recognized as filetype D.
* Fuzzy completion does not order matches properly.
"create-directories" as the final argument.
* Running filetype test leaves file behind.
* Coverity warns for uninitialized struct member.
* Coverity warns for uninitialized variable.
* Coverity warns for use of a freed function name.
* Coverity warnds for not checking return value of ftell().
* Memory allocation failures not tested in quickfix code.
* Fuzzy cmdline completion does not work for lower case.
* Operator name spelled wrong.
* Crash when using fuzzy completion.
* No fuzzy completieon for maps and abbreviations.
* Suspending with CTRL-Z does not work on Android.
* Cmdline popup menu not removed when 'lazyredraw' is set.
* No fuzzy cmdline completion for user defined completion.
* Command completion makes two rounds to collect matches.
* Vim9: some error messages are not tested.
* Compiler warning for uninitialized variable.
* Vim9: cannot compare with v:null.
* Build error with +eval but without +channel or +job.
* Failing test for comparing v:null with number.
* Terminal focus reporting only works for xterm-like terminals. (Jonathan
Rascher)
* MS-Windows makefile dependencies are outdated.
* No error if an option is given an invalid value with ":let &opt = val".
* Options test fails in the GUI.
* The find_tags() function is much too long.
* Help test fails in 24 line terminal.
* Coverity gives warnings after tags code refactoring.
* Wrong color for half of wide character next to pum scrollbar.
* Using with "noremap" does not work.
* Vim9: at the script level declarations leak from try block to catch and
finally block.
* Vim9: can declare a global variable on the command line.
* With 'showbreak' set and after the end of the line the cursor may be
displayed in the wrong position.
* In the GUI a modifier is not recognized for the key typed after CTRL-X,
which may result in a mapping to be used. (Daniel Steinberg)
* Vim9: there is no point in supporting :Print and :mode.
* When there is a partially matching map and modifyOtherKeys is active a
full map may not work.
* Vim9: outdated "autocmd nested" still works.
* "pattern not found" for :global is not an error message.
* Test fails because of new error message.
* Vim9: cannot assign to a global variable on the command line.
* Vim9: can declare a variable with ":va".
* Vim9: shortening commands leads to confusing script.
* Filetype test fails.
* The find_tags_in_file() function is much too long.
* Window-local directory is not applied if 'acd' fails.
* Vim9: some flow commands can be shortened.
* Old subsitute syntax is still supported.
* Build failure without the +eval feature.
* The binary tag search feature is always enabled.
* Vim9: Can still use ":fini" and ":finis" for ":finish".
* Using wrong highlight for cursor line number.
* Build failure without the +diff feature. (John Marriott)
* GUI test fails with Motif. (Dominique Pellé)
* When gvim is started maximized the 'window' option isn't set
properly. (Christian J. Robinson)
* Some GUI tests don't work on Athena.
* Vim9: cannot set variables to a null value.
* The Athena GUI is old and does not work well.
* Crash when using null_function for a partial.
* Vim9: comparing partial with function fails.
* Making comparison with null work changes legacy behavior.
* LGTM warnings for condition always true and buffer size too small.
* Suspending with CTRL-Z does not work on OpenBSD.
* Vim9: no test that after assigning null the type is still checked.
* Vim9: "is" operator with empty string and null returns true.
* Filename modifer ":8" removes the filename.
* Debugger test fails when breaking on expression.
* Output from linter and language server shows up in git.
* The find_tags_in_file() function is too long.
* When comparing special v:none and v:null are handled the same when
compiling.
* Line number for error is off by one.
* Crash in debugger when a variable is not available in the current block.
* Vim9: "break" inside try/catch not handled correctly.
==== yast2 ====
Version update (4.4.45 -> 4.4.47)
- Extend the Package module to force using PackageSystem or
PackageAI without having the mode into account.
- AutoYaST: properly detect whether firewalld, bind and
yast2-dns-server packages are installed when cloning a system
(bsc#1196963).
- 4.4.47
- Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326)
- 4.4.46
- New doc: Invoking External Commands in YaST (in doc/)