Packages changed: apparmor cockpit (250 -> 251.3) ell (0.46 -> 0.48) ethtool (5.15 -> 5.16) fcoe-utils fontconfig glib2 (2.70.2 -> 2.70.3) graphite2 gstreamer-plugins-bad installation-images-MicroOS (17.38 -> 17.39) iputils kernel-source (5.16.1 -> 5.16.2) keylime (6.2.1 -> 6.3.0) libapparmor libical (3.0.12 -> 3.0.13) libical-glib (3.0.12 -> 3.0.13) libimobiledevice (1.3.0+git.20200910 -> 1.3.0+git.20210921) libplist llvm13 mozilla-nss (3.73.1 -> 3.74) neon (0.32.1 -> 0.32.2) patterns-gnome pciutils perl-Net-HTTP (6.21 -> 6.22) perl-libwww-perl (6.60 -> 6.61) pipewire (0.3.43 -> 0.3.44) polkit procps python-py (1.10.0 -> 1.11.0) qemu raspberrypi-firmware (2021.12.01 -> 2022.01.24) raspberrypi-firmware-config (2021.12.01 -> 2022.01.24) raspberrypi-firmware-dt (2021.11.19 -> 2022.01.19) samba (4.15.3+git.219.40cc1cd8591 -> 4.15.4+git.224.dea2f6dc836) selinux-policy (20211111 -> 20220124) snapper (0.9.0 -> 0.9.1) solid suse-module-tools (16.0.18 -> 16.0.19) toolbox u-boot-rpiarm64 udisks2 userspace-rcu (0.13.0 -> 0.13.1) util-linux (2.37.2 -> 2.37.3) vim (8.2.4063 -> 8.2.4186) webkit2gtk3 webkit2gtk3-soup2 wireplumber (0.4.6 -> 0.4.7) wpa_supplicant (2.9 -> 2.10) xf86-input-libinput (1.2.0 -> 1.2.1) yast2 (4.4.39 -> 4.4.43) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ==== cockpit ==== Version update (250 -> 251.3) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA ==== ell ==== Version update (0.46 -> 0.48) - update to 0.48: * Fix issue with memory leaking from ICMPv6 RA. * Fix issue with memory leaking from DHCP leases. * Fix issue with NULL terminating of Base64 encoding. ==== ethtool ==== Version update (5.15 -> 5.16) - update to upstream release 5.16 * Feature: use memory maps for module EEPROM parsing (-m) * Feature: show CMIS diagnostic information (-m) * Fix: fix dumping advertised FEC modes (--show-fec) * Fix: ignore cable test notifications from other devices (--cable-test) * Fix: do not show duplicate options in help text (--help) ==== fcoe-utils ==== - Added upstream commit to fix gcc12 warning/errors: * fcoe-utils-Fix-GCC-12-warning.patch ==== fontconfig ==== Subpackages: libfontconfig1 - adding bug reference to this changelog [bsc#1172301] ==== glib2 ==== Version update (2.70.2 -> 2.70.3) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.70.3: + Several important fixes to FD handling in gspawn. + Several important fixes to GDBus message and GVariant parsing of invalid data. + Fix potential data loss due to missing fsync when saving files on btrfs. + Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506, glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572, glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394, glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437, glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455. + Updated translations. ==== graphite2 ==== - Fix license header so that it corresponds to SPDX abbreviation ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Add some conditionals to build as many plugins as possible in SLE-15-SP4 and move all conditional logic to the beginning of the spec file using bcond_with/without. ==== installation-images-MicroOS ==== Version update (17.38 -> 17.39) - merge gh#openSUSE/installation-images#571 - use for build proper schema flavor (jsc#SLE-18820) - 17.39 ==== iputils ==== - temporarily reintroduce rarpd and rdisc tools to get them into 15sp4 [jsc#SLE-23521] ==== kernel-source ==== Version update (5.16.1 -> 5.16.2) - Update patches.kernel.org/5.16.2-005-vfs-fs_context-fix-up-param-length-parsing-in-.patch (bsc#1012628 CVE-2022-0185 bsc#1194517). Add CVE reference. - commit 0d710a8 - s390/mm: fix 2KB pgtable release race (bsc#1188896). - commit 6f62d73 - HID: wacom: Avoid using stale array indicies to read contact count (bsc#1194667). - HID: wacom: Ignore the confidence flag when a touch is removed (bsc#1194667). - HID: wacom: Reset expected and received contact counts at the same time (bsc#1194667). - commit 07a970c - Linux 5.16.2 (bsc#1012628). - ALSA: hda/realtek: Re-order quirk entries for Lenovo (bsc#1012628). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 (bsc#1012628). - ALSA: hda/tegra: Fix Tegra194 HDA reset failure (bsc#1012628). - ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk (bsc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (bsc#1012628). - ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop (bsc#1012628). - ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices (bsc#1012628). - perf annotate: Avoid TUI crash when navigating in the annotation of recursive functions (bsc#1012628). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (bsc#1012628). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (bsc#1012628). - firmware: qemu_fw_cfg: fix sysfs information leak (bsc#1012628). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (bsc#1012628). - media: uvcvideo: fix division by zero at stream start (bsc#1012628). - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (bsc#1012628). - 9p: fix enodata when reading growing file (bsc#1012628). - 9p: only copy valid iattrs in 9P2000.L setattr implementation (bsc#1012628). - NFSD: Fix zero-length NFSv3 WRITEs (bsc#1012628). - remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP (bsc#1012628). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (bsc#1012628). - KVM: x86: don't print when fail to read/write pv eoi memory (bsc#1012628). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (bsc#1012628). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (bsc#1012628). - perf: Protect perf_guest_cbs with RCU (bsc#1012628). - vfs: fs_context: fix up param length parsing in legacy_parse_param (bsc#1012628). - remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided (bsc#1012628). - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (bsc#1012628). - drm/amd/display: explicitly set is_dsc_supported to false before use (bsc#1012628). - devtmpfs regression fix: reconfigure on each mount (bsc#1012628). - commit 6fa29ec - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - commit 68b36f0 - disable the Bluetooth patch again The kernel is currently tested whether the patch is needed at all. As 95655456e7ce in upstream might fix the issue too (but differently). - commit c3bbaae - series.conf: cleanup - move mainline patches into sorted section: - patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch - patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch - patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch - update upstream references and move into sorted section: - patches.suse/ALSA-usb-audio-Add-minimal-mute-notion-in-dB-mapping.patch - patches.suse/ALSA-usb-audio-Fix-dB-level-of-Bose-Revolve-SoundLin.patch - patches.suse/ALSA-usb-audio-Use-int-for-dB-map-values.patch No effect on expanded tree. - commit 607f978 - Refresh and reenable patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch. - commit a7b7c0d - series.conf: Add sorted section header/footer Even though we don't carry many patches in the stable or master branches, having the sorted section header/footer allows the automated tools to work. - commit 05f8150 ==== keylime ==== Version update (6.2.1 -> 6.3.0) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Drop patches beacuse merged upstream: * 0001-Drop-dataclasses-module-usage.patch * 0001-config-support-merge-multiple-config-files.patch * 0001-ca-support-back-old-cyptography-API.patch - Update to version v6.3.0: * Coordinated update to fix: + bsc#1193997 (CVE-2022-23948) + bsc#1193998 (CVE-2021-43310) + bsc#1194000 (CVE-2022-23949) + bsc#1194002 (CVE-2022-23950) + bsc#1194004 (CVE-2022-23951) + bsc#1194005 (CVE-2022-23952) * secure_mount: add umount function * secure_mount: use /proc/self/mountinfo * Validate user ID in all public interfaces * validators: add uuid and agent_id validators * validators: create validators module * revocation_notifier: move zmq socket to /var/run/keylime * Update API version from 1.0 to 2.0 * tpm: do not compress quote with zlib by default * verifier: persist AK and mTLS certificate to DB * verifier: use "supported_version" for agent connections * tenant: add support for "supported_version" option for the verifier * api_version: add the option for basic validation * verifier: add supported_version field to DB and API * agent: add /version to REST API * verifier, tenant: allow agents to not use mTLS * tenant, verifier: allow manual configuration of agent mTLS * tests: migrate to mTLS * tenant: connect to the agent via mTLS * verifier: connect to the agent via mTLS * tornado_requests: handle SSLError * web_util: add mTLS context generation for agent * agent: Enable mTLS for agent REST API * crypto: add helper function for creating self signed certs * registrar: Allow the agent to registrar with a mTLS certificate * request_client: add workaround for handling certificates * request_client: add the option to ignore hostname validation * Better docs and errors about IMA hash mismatches * tests: use JSON instead Python string for IMA tests * verifier: use json.loads(..) instead of ast.literal_eval(..) * Adding Nuvoton certificate for a post 2020 TPM device. The EK cert of the device directs to the following download site: 'https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root CA 1111.cer' (yes, including the spaces) * Improve revocation notifier IP description in keylime.conf * tornado_requests: set Content-Type header correctly for JSON * tenant: post U key to agent with correct Content-Type header * Explicitly set permissions on new keylime.conf files installed * tpm_main: close file descriptor for aik handle * verifier: do not call finish() twice * agent: fix payload execution * tests: add initial tests for web_util module * config, web_util: move get_restful_params(..) to web_util * verifier: Also retry on HTTP 500 status code * agent: improve startup and shutdown * registrar: cleanup start function * web_util: move echo_json_response(..) out of config.py * verifier: fix failure generation for V key * tornado_requests: cleanup TornadoResponse class * web_util, verifier: move mTLS SSLContext generation into separate module * ca: support back old cyptography API * Fix test branch reference in packit.yaml * ci: disable DeprecationWarning from pylint in tox * Enable new test in Packit CI * tenant: fix reactivate command * config: support merge multiple config files * ci: use only fedora-stable for packit * elchecking: harden example policy against event type manipulation * elchecking: add new tests * tests: fix stdout formatting for agent and verifier * Drop dataclasses module usage * revocation notifier: handle shutdown of process gracefully * verifier: handle SIGINT and SIGTERM correctly * ima_emulator: fix IMA hash validation and add more options * ima_ast: fix handling ToMToU errors * Remove leftovers of TPM 1.2 support * agent: improved validation for post function * agent: better validation for mask and nonce * config: add function to validate hex strings * agent: keys/verify check if challenge was provided * tpm_main: do not append /usr/local/{bin,lib} to default env * db: only set length on Text type if supported * json: do not make sqlalchemy a hard requirement * Enable functional testing with Packit CI * ima_emulator: specify sys.argv as the named parameter argv in main() * elchecking example policy: make it work with Fedora 34 * elchecking example policy: initrd* might be also called initramfs* * scripts: add mb_refstate generator for example policy * config: change tpm_hash_alg to SHA1 by default * parse_mb_bootlog: specify the used hash algorithm used for PCRs * agent: add warning that on kernels <5.10 IMA only works with SHA1 * tpm: explicitly pass hash alg to sim_extend(..) * ima emulator: use IMA AST and support multiple hash algorithms * tests: update IMA allowlist version number * ima: add option 'log_hash_alg' to IMA allowlist * ima: remove hard requirement for SHA1 PCR 10 * algorithms: extend Hash class to simplify computing hash values * config, tpm_main: explicitly handle YAML load errors * config: private_key must be set to -private.pem not -public.pem * agent: add UUID option environment * agent: drop openstack uuid option - Set /var/lib/keylime under the same permissions expected by the code ==== libapparmor ==== - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ==== libical ==== Version update (3.0.12 -> 3.0.13) - update to 3.0.13: * icalcomponent_get_dtend() return icaltime_null_time(), unless called on VEVENT, VAVAILABILITY or VFREEBUSY * icalcomponent_get_duration() for VTODO calculate with DUE instead of DTEND * Replace CMake FindBDB with FindBerleyDB * Fix finding ICU and BerkeleyDB on Mac ==== libical-glib ==== Version update (3.0.12 -> 3.0.13) - update to 3.0.13: * icalcomponent_get_dtend() return icaltime_null_time(), unless called on VEVENT, VAVAILABILITY or VFREEBUSY * icalcomponent_get_duration() for VTODO calculate with DUE instead of DTEND * Replace CMake FindBDB with FindBerleyDB * Fix finding ICU and BerkeleyDB on Mac ==== libimobiledevice ==== Version update (1.3.0+git.20200910 -> 1.3.0+git.20210921) - Add python-rpm-macros to BuildRequires (boo#1194755). - Update to version 1.3.0+git.20210921: * Remove common code in favor of new libimobiledevice-glue * tools: idevicebackup2: Exit on service startup failure and improve error messages * idevice: Reset receive length variable in internal_ssl_read retry loop and fix wrong variable in debug message * lockdown: Get DeviceClass to make sure OS version dependent code is executed correctly * Handle error cases in relevant code when retrieving pair record fails * common: Return proper error codes from userpref_read_pair_record * Add support for MbedTLS * idevice: Make sure to handle timeout condition for network connections too * installation_proxy: Ignore non-status messages instead of terminating loop * mobilesync: Set DeviceLink version to 400 to support iOS 14b4+ * tools/idevicecrashreport: Fix illegal filenames on Windows * tools: Fix entering recovery mode on iOS 14.5+ which now requires a pairing * tools: Fix delays in idevicedebugserverproxy when using SSL * debugserver: Return success when a receive timed out but actualy bytes have been read * idevice: Allow partial reads in idevice_connection_receive_timeout() and handle timeouts more adequate * Fixed bytes/strings checks in lockdown.pxi for compatibility with Python2/3 * Fixed bytes/strings check in imobiledevice.pyx for compatibility with Python2/3 * Fixed debugserver.pxi PyString_AsString compatibility with Python3 * Fixed AFC afc.pxi definitions for Python2/3 compatibility. Added missing public method 'remove_path_and_contents' * ideviceprovision: Fix date output by adding MAC_EPOCH * docs: Improve --quiet command line switch description in idevicesyslog man page * idevicescreenshot: Choose a better filename, prevent overwriting existing files * idevicedebug: Add --detach option to start an app and exit idevicedebug without killing the app * idevicebackup2: Handle DLMessagePurgeDiskSpace by sending back error code * idevicebackup2: Update errno to device error mapping * idevice: Handle -EAGAIN in case usbmuxd_send() returns it * idevicebackup2: Don't fail on restore when source backup doesn't have any application info ==== libplist ==== - Add python-rpm-macros to BuildRequires (boo#1194756). ==== llvm13 ==== - Add support for experimental targets and enable the M68k backend - Add patch to fix testsuite after enabling the M68k backend + llvm-update-extract-section-script.patch ==== mozilla-nss ==== Version update (3.73.1 -> 3.74) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.74 * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR * bmo#1721426 - NSS does not properly restrict server keys based on policy * bmo#1733003 - Set nssckbi version number to 2.54 * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate * bmo#1735407 - Replace GlobalSign ECC Root CA R4 * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3 * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate * bmo#1740095 - Add iTrusChina ECC root certificate * bmo#1740095 - Add iTrusChina RSA root certificate * bmo#1738805 - Add ISRG Root X2 root certificate * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build * bmo#1735028 - Check for missing signedData field * bmo#1737470 - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) ==== neon ==== Version update (0.32.1 -> 0.32.2) - update to 0.32.2: * Fix auth handling for request-target of "*" ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis - Do not require gnome-packagekit by gnome_x11: we have a specific sw_management_gnome pattern, which supplements the generic sw_management plus the basic gnome pattern, and that's where we also should (and do) recommend gnome-packagekit. - Do not recommend speech-dispatcher-module-espeak: we recommend speech-dispatcher, the rest is handled by dependencies from the packages (recommends and supplements). - No longer recommend gnome-menus: GNOME 3 is not using menu structures. This package is used by extension-classic, and if that extension is installed, gnome-menus comes in as a dep. - Stop recommending samba: samba is the server, which makes no sense to be recommended by the desktop pattern. ==== pciutils ==== - Set sbindir to /usr/bin to fix Steam issues (rh#1858437, gh#ValveSoftware/steam-for-linux#3306) - Add symlinks from /usr/sbin to /usr/bin ==== perl-Net-HTTP ==== Version update (6.21 -> 6.22) - updated to 6.22 see /usr/share/doc/packages/perl-Net-HTTP/Changes 6.22 2022-01-21 20:41:21Z - Format method bullet points as code in docs (GH#77) (Paul Cochrane) - Ignore automatically generated directories (GH#76) (Paul Cochrane) - Use copyright start year rather than range (issue raised by Paul Cochrane) ==== perl-libwww-perl ==== Version update (6.60 -> 6.61) - updated to 6.61 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.61 2022-01-21 21:41:18Z - Use File::Copy::move to attempt an atomic mirror (GH#401) (Andrew Fresh) - Require Getopt::Long at runtime, too (GH#402) (Ville Skyttä) ==== pipewire ==== Version update (0.3.43 -> 0.3.44) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.44: * Highlights: - It is now possible to run a minimal PipeWire server without a session manager, enough to run JACK clients. - The maximum buffer size is now configurable and can be larger than the previously hardcoded limit of 8192 samples. When using high sample rates, the larger buffer size can avoid xruns. - The default maximum latency was reduced from 170ms to 42ms. This should improve overall latency for application that ask for a large latency, such as notifications. - Better JACK compatibility. Patchbays should now get less confused about ports appearing and disappearing. - Fix some bluetooth crashes. - Fix some races in ALSA device detection. - Many bug fixes and improvements all over the place. * PipeWire: - Bump the meson requirement to 0.59.0. - pw-top now reports correct times for filter-chain and loopback. - max-quantum is now also scaled with the rate. A new quantum-limit property was added as a hard limit for the quantum. This makes it possible to configure for larger than 8192 buffer sizes. Note than many JACK applications have a hardcoded 8192 limit. - The max-quantum was reduced to 2048, This gives a 42ms default latency. - pw-filter can now return a NULL buffer from _get_dsp_buffer() - Add a PIPEWIRE_RATE and PIPEWIRE_QUANTUM env variable to set the graph rate and the graph quantum and rate respectively. - Fix a potential file descriptor leak in the connection. - A new minimal.conf file was added to demonstrate a static setup of a daemon that doesn't require a session manager and is able to run JACK applicaions. - Nice levels are now only changed on the servers, not the clients. - Add an option to suspend nodes when idle. - Make it possible to avoid quantum and rate changes with pw-metadata. This is essential in a locked down system. - Handle mixer port errors better and fail to create the link instead of silently not working. - Nodes that are moved to a driver now have all the linked nodes moved as well. This makes it possible to run some graphs without a driver, such as paplay -> zita-j2n. - pw-cli and pw-dump can now also list objects by name, serial and object.path using glob style pattern matching. * modules: - filter-chain can now also configure parameters by index. - Fix the client name of module-protocol-simple. - module-rtkit was merged into module-rt. This makes it easier to ship a default config that works on more systems by default. - module-adapter can now configure the adapter node from the config. Previously, this was a task only performed by the session manager. - module-metadata can now also create metadata object from the config file. - The ROC module should now work again. - An X11-bell module was added to handle X11 bell events. - filter-chain and loopback modules now have better unique default names for the streams, which makes it possible to save and restore their volumes independently. - module-echo-cancel now has properties to control the delay and buffer size. * ALSA: - The monitor names are now correctly parsed. - The default period size for batch devices is limited now to avoid large latency. - The unused min/max-latency properties were removed. - Internal latency is now also configurable with params at runtime. - The udev rule for TI2902 was removed because it causes problems. - Fix a race where some devices would sometimes be missing. - Add some more timeouts to work around a race in udev device permission changes when switching VTs. * SPA: - Fix potential infinite loop in audioconvert. - The spa-resample tools can now also use optimised implementations. - Fix a potential crash in resampler. - audioconvert can now also handle F64 formats. - The channelmixer now does normalization by default to avoid clipping when downmixing is active. - The channelmixer will now generate LFE channels when the lfe_cutoff frequency is set, even when upmix is disabled. - The channelmixer will now always generate FC when the target has it. - Adapter now reports latency correctly, even after linking the monitor ports. - Reduce memory usage and preallocated memory in some of the audioconvert nodes. - Many properties are now exposed in adapter, such as the resample quality. - The resampler and channelmixer can now be disabled. * V4L2: - pw-v4l2 now also works for ffplay. - Take product names from udev now that the kernel returns generic name. * JACK: - The jack pkgconfig file now has the jack_implementation=pipewire variable to be able to distinguish jack implementations. - jconvolver now starts correctly again. - The object.serial is now used for the port_id. This makes it easier to track old objects in the cache. - Add a dummy jacknet implementation. - A bug in the port allocation was fixed that would make it impossible to allocate ports at some point. * Bluetooth: - Bluetooth profiles are now saved properly by the session manager. - Improved profile detections, increased timeouts for slow devices. - Implement HFP call indicator for improved compatibility. - Handle the case where bluez does not set the adapter or address properties on the device instead of crashing. - Improved support for setting the profile from the session manager. * pulse-server: - Monitor sources now have the device.class=monitor for better compatibility. - Behaviour after seeking is improved. The algorithm for requesting bytes from the client was simplified and improved. - module-ladspa-sink implements the control argument now. - A potential memory leak in the message queue was fixed. - Use the object.serial for the pulseaudio object index. The index is not supposed to be reused and this would cause problems with some clients. - Servers should now again be able to listen in IPv4. - module-x11-bell was added. - There is now support for per-application quirks and properties in the pipewire-pulse.conf file. Per-application latency and buffering properties can also be configured. - Fix a regression in telegram sounds not playing. - Drop patches already included upstream: * 0001-alsa-improve-rate-selection.patch * 0001-audioconvert-avoid-infinite-loop.patch * 0001-bluez5-dont-create-device-if-adapter-is-missing.patch * 0001-bluez5-handle-missing-device-and-adapter-in-quirks.patch * 0001-jack-remember-last-return-from-jack_get_buffer_size.patch * 0001-loop-invoke-immediately-when-loop-is-not-running.patch * 0001-merger-also-reconfigure-when-monitor-changes.patch * 0001-pulse-server-show-monitor-sources-with-device_class_monitor.patch * 0001-pw-metadata-handle-NULL-props-from-metadata-object.patch * 0001-raop-fix-errno-check.patch ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0 - Switch from mozjs to duktape: * Add duktape-support.patch - Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 bsc#1194568) CVE-2021-4034-pkexec-fix.patch ==== procps ==== Subpackages: libprocps8 - Correct used URLs ==== python-py ==== Version update (1.10.0 -> 1.11.0) - update to 1.11.0: * Support Python 3.11 * Support ``NO_COLOR`` environment variable * Update vendored apipkg: 1.5 => 2.0 ==== qemu ==== - Enable modules for testsuite * Patches added: meson-build-all-modules-by-default.patch ==== raspberrypi-firmware ==== Version update (2021.12.01 -> 2022.01.24) - Update to 9c04ed2c1a (2022-01-24): * firmware: platform: Limit max clock-id to CLOCK_VEC for now See: #1688 - Update to 827fdd0736 (2022-01-20): * firmware: dtoverlay: Don't mix non-fatal errors and offsets See: #1686 * firmware: arm_loader: Load vl805 overlay on CM4 See: https://forums.raspberrypi.com/viewtopic.php?t=326088 * firmware: gencmdserv: Add mailbox interface to gencmd * firmware: improve firmware camera detection * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1 See: #1671 * firmware: ldconfig: Discard subsequent chunks from a truncated line See: #1669 * firmware: cec: Fail set_passive_mode when running with kms * firmware: Firmware: Remove PWM/audio traits for CM4 * firmware: usb: Fix non-BCM2711 MSD support See: raspberrypi/usbboot#102 ==== raspberrypi-firmware-config ==== Version update (2021.12.01 -> 2022.01.24) - Update to 9c04ed2c1a (2022-01-24): * firmware: platform: Limit max clock-id to CLOCK_VEC for now See: #1688 - Update to 827fdd0736 (2022-01-20): * firmware: dtoverlay: Don't mix non-fatal errors and offsets See: #1686 * firmware: arm_loader: Load vl805 overlay on CM4 See: https://forums.raspberrypi.com/viewtopic.php?t=326088 * firmware: gencmdserv: Add mailbox interface to gencmd * firmware: improve firmware camera detection * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1 See: #1671 * firmware: ldconfig: Discard subsequent chunks from a truncated line See: #1669 * firmware: cec: Fail set_passive_mode when running with kms * firmware: Firmware: Remove PWM/audio traits for CM4 * firmware: usb: Fix non-BCM2711 MSD support See: raspberrypi/usbboot#102 ==== raspberrypi-firmware-dt ==== Version update (2021.11.19 -> 2022.01.19) - Switch to 5.16 branch - boo#1194423 - Update to ffd6c6dc4dbf (2022-01-19) ==== samba ==== Version update (4.15.3+git.219.40cc1cd8591 -> 4.15.4+git.224.dea2f6dc836) Subpackages: samba-client samba-client-libs samba-libs - Update to 4.15.4 * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); ==== selinux-policy ==== Version update (20211111 -> 20220124) Subpackages: selinux-policy-targeted - Update to version 20220124. Refreshed: * fix_hadoop.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_systemd.patch * fix_systemd_watch.patch - Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987) ==== snapper ==== Version update (0.9.0 -> 0.9.1) Subpackages: libsnapper5 - added bash completion provided by community - look for most configuration files in /etc/snapper and /usr/share/snapper (bsc#1189601) - version 0.9.1 ==== solid ==== Subpackages: libKF5Solid5 solid-imports - Also use libplist-2.0 in SLE15-SP4/Leap 15.4 ==== suse-module-tools ==== Version update (16.0.18 -> 16.0.19) - Update to version 16.0.19: * Add /etc/modprobe.d/README on SLE/Leap (bsc#1195051) * rpm-script: force-copy kernel to /boot (boo#1194501) ==== toolbox ==== - Allow docker as an alternative to podman in the package Requires. This was supported since 2.2. ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2022.01 * Patches added: 0016-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch 0017-rockchip-sdhci-Fix-RK3399-eMMC-PHY-.patch ==== udisks2 ==== Subpackages: libudisks2-0 - Stop packaging libudisks_vdo standalone module, it is deprecated. Do this via passing explicit disable-vdo to configure and dropping libblockdev-vdo-devel BuildRequires. Add a libudisks2_0_vdo Obsoletes to ease updates. - No longer remove upstream config files, we want to be able to load modules on demand. Note that we move an example file to docs to keep sysconfdir clean of non-conf files. - Add a default_luks_encryption define, and set it to luks2, sed this macro into source, future versions of udisks will not need this, as upstream moves to luks2 by default. - Ghost a dir/file created by us. - Split out API docs into separate docs sub-package. ==== userspace-rcu ==== Version update (0.13.0 -> 0.13.1) - update to 0.13.1: * fix: properly detect 'cmpxchg' on x86-32 * fix: use urcu-tls compat with c++ compiler * fix: remove autoconf features default value in help message * fix: add missing pkgconfig file for memb flavour lib * Make temporary variable in _rcu_dereference non-const * Fix: x86 and s390: uatomic __hp() macro C++ support * Fix: x86 and s390: uatomic __hp() macro clang support * Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11 ==== util-linux ==== Version update (2.37.2 -> 2.37.3) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - update to 2.37.3 (bsc#1194976): This release fixes two security mount(8) and umount(8) issues: * CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. * CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. ==== vim ==== Version update (8.2.4063 -> 8.2.4186) Subpackages: vim-data-common vim-small - Updated to version 8.2.4186, fixes the following problems * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan) * Foam files are not detected. * Computation overflow with large count for :yank. * Vim9: imported autoload script loaded again. * Vim9: cannot call imported function with :call. (Drew Vogel) * Vim9: import test fails. * Vim9: import test fails on MS-Windows. * Using uninitialized memory when reading empty file. * Vim9: no detection of return in try/endtry. (Dominique Pellé) * Vim9: compiling function fails when autoload script is not loaded yet. * Coverity warns for using NULL pointer. * Going over the end of NameBuff. * Test failures. * Memory leak in autoload import. * Not all Libsensors files are recognized. * Terminal test for current directory not used on FreeBSD. * MS-Windows: "gvim --version" didn't work when build with VIMDLL. * Not sufficient test coverage for xxd. * CodeQL reports problem in if_cscope causing it to fail. * Check for autoload file name and prefix fails. (Christian J. Robinson) * Vim9: no test for "vim9script autoload' and using script variable in the same script. * Memory leak when looking for autoload prefixed variable. * Vim9: no test for using import in legacy script. * "cctx" argument of find_func_even_dead() is unused. * Cannot test items from an autoload script easily. * Xxd cannot output everything in one line. * Terminal test for current directory fails on FreeBSD. * After restoring a session buffer order can be quite different. * Virtcol is recomputed for statusline unnecessarily. * MacOS CI: unnecessarily doing "Install packages". * Cached breakindent values not initialized properly. * 'virtualedit' is window-local but using buffer-local enum. * Sed script not recognized by the first line. * Linux CI: unnecessarily installing packages * Wrong number in error message on 32 bit system. (John Paul Adrian Glaubitz) * Typing "interrupt" at debug prompt may keep exception around, causing function calls to fail. * Vim9: cannot use Vim9 syntax in mapping. * Early return when getting the 'formatlistpat' value. * Warning for unused argument in tiny version. * Vim9: import cannot be used after method. * Vim9: variable declared in for loop not initialzed. * Vim9: lower casing the autoload prefix causes problems. * Translation related comment in the wrong place. * Going over the end of the w_lines array. * Script context not restored after using . * Going over the end of the w_lines array. * MS-Windows: high dpi support is outdated. * Coverity warns for using NULL pointer. * Potential proglem when map is deleted while executing. * Function not deleted at end of test. * Typo on DOCMD_RANGEOK results in not recognizing command. * Vim9: type checking for a funcref does not work for when it is used in a method. * Cannot use a method with a complex expression. * Vim9: cannot use a method with a complex expression in a :def function. * Vim9: wrong white space error after using imported item. * Using UNUSED for argument that is used. * Build failure when disabling the channel feature. * Block insert goes over the end of the line. * Visual test fails on MS-Windows. * ":command Cmd" does not show custom completion argument. * Complete function cannot be import.Name. * Vim9: method in compiled function may not see script item. * Completion tests fail. * Crash on exit when built with dynamic Tcl and EXITFREE is defined. (Dominique Pellé) * Build failure without the +eval feature. * Crash when method cannot be found. (Christian J. Robinson) * Building with +sound but without +eval fails. (Dominique Pellé) * MS-Windows: MSVC build may have libraries duplicated. * Vim9: calling function in autoload import does not work in a :def function. * Vim9: wrong error message when autoload script can't be found. * output of ":scriptnames" goes into the message history, while this des not happen for other commands, such as ":ls". * MS-Windows: test for import with absolute path fails. * Vim9: ":scriptnames" shows unloaded imported autoload script. * Vim9: the "autoload" argument of ":vim9script" is not useful. * Vim9: calling import with and without method is inconsistent. * Vim9: no error for return with argument when the function does not return anything. * Using freed memory if an expression abbreviation deletes the abbreviation. * maparg() does not indicate the type of script where it was defined. * Vim9 builtin functions test fails. * Build failure with normal features without persistent undo. * MS-Windows: IME support for Win9x is obsolete. * Cannot load libsodium dynamically. * Confusing error when using name of import for a function. * Vim9: shadowed function can be used in compiled function but not at script level. * E464 does not always include the offending command. * Deleting any mapping may cause to not set the script context. * Test override not restored, autocommand left behind. * Coverity warns for using pointer after free. * Reading beyond the end of a line. * Block insert with double wide character fails. * MS-Windows: Global IME is no longer supported. * ml_get error when exchanging windows in Visual mode. * Translating strftime() argument results in check error. * Fileinfo message overwrites echo'ed message. * Terminal test fails because Windows sets the title. * MS-Windows: memory leak in :browse. * MS-Windows: _WndProc() is very long. * Cannot change the register used for Select mode delete. * Vim9: warning for missing white space after imported variable. * Vim9: no error for redefining function with export. * No error for omitting function name after autoload prefix. * Error in legacy code for function shadowing variable. * The nv_g_cmd() function is too long. * Undo synced when switching buffer in another window. * Vim9: error message for old style import. * Disallowing empty function name breaks existing plugins. * MS-Windows: unnessary casts and other minor things. * MS-Windows: still using old message API calls. * Cannot invoke option function using autoload import. * Filetype detection for BASIC is not optimal. * Cannot use an import in 'foldexpr'. * Vim9: can use an autoload name in normal script. * MS-Windows: runtime check for multi-line balloon is obsolete. * Vim9: cannot use imported function with call(). * Vim9: autoload script not loaded after "vim9script noclear". * Vim9: invalid error for return type of lambda when debugging. * 'foldtext' is evaluated in the current script context. * 'balloonexpr' is evaluated in the current script context. * Vim9: cannot use an import in 'diffexpr'. * Memory leak when evaluating 'diffexpr'. * Cannot use an import in 'formatexpr'. * Cannot use an import in 'includeexpr'. * Cannot use an import in 'indentexpr'. * Cannot use an import in 'patchexpr'. ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Add webkit2gtk3-gcc12.patch: fix the build with gcc 12. - Require glib2 2.44 to match source. ==== webkit2gtk3-soup2 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Add webkit2gtk3-gcc12.patch: fix the build with gcc 12. - Require glib2 2.44 to match source. ==== wireplumber ==== Version update (0.4.6 -> 0.4.7) Subpackages: libwireplumber-0_4-0 wireplumber-audio - Update to version 0.4.7: * Fixed a regression in 0.4.6 that caused the selection of the default audio sources and sinks to be delayed until some event, which effectively caused losing audio output in many circumstances (glfo#pipewire/wireplumber#148, glfo#pipewire/wireplumber#150, glfo#pipewire/wireplumber#151, glfo#pipewire/wireplumber#153) * Fixed a regression in 0.4.6 that caused the echo-cancellation pipewire module (and possibly others) to not work * A default sink or source is now not selected if there is no available route for it (glfo#pipewire/wireplumber#145) * Fixed an issue where some clients would wait for a bit while seeking (glfo#pipewire/wireplumber#146) * Fixed audio capture in the endpoints-based policy * Fixed an issue that would cause certain lua scripts to error out with older configuration files (glfo#pipewire/wireplumber#158) - Drop patches already included upstream: * 0001-policy-node-schedule-rescan-without-timeout-if-defined-target-is-not-found.patch * 0002-policy-node-find-best-linkable-if-default-one-cannot-be-linked.patch - Add patch from upstream to fix selection of Pro Audio nodes as default nodes: * 0001-default-nodes-handle-nodes-without-Routes.patch ==== wpa_supplicant ==== Version update (2.9 -> 2.10) - update to 2.10.0: * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/] * fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/] * fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates) * fixed various issues in experimental support for EAP-TEAP peer * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * a number of MKA/MACsec fixes and extensions * added support for SAE (WPA3-Personal) AP mode configuration * added P2P support for EDMG (IEEE 802.11ay) channels * fixed EAP-FAST peer with TLS GCM/CCM ciphers * improved throughput estimation and BSS selection * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * extended D-Bus interface * added support for PASN * added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) * added support for SCS, MSCS, DSCP policy * changed driver interface selection to default to automatic fallback to other compiled in options * a large number of other fixes, cleanup, and extensions - drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch, CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch: upstream - refresh config from 2.10 defconfig, re-enable CONFIG_WEP ==== xf86-input-libinput ==== Version update (1.2.0 -> 1.2.1) - Enable tarball sig url too, verify tarball via keyring. - Update to version 1.2.1 * few typos and misc minor fixes * property added to turn off new high-resolution wheel scrolling API ==== yast2 ==== Version update (4.4.39 -> 4.4.43) - ProductFeatures: add boot timeout option (jsc#SLE-22667) - 4.4.43 - Added Y2Packager::NewRepositorySetup to track new repositories (related to bsc#1194453) - 4.4.42 - Fix PackageAI call to PackagesProposal.GetResolvable. It prevents a crash when cloning a system (bsc#1195137). - 4.4.41 - Use Package module instead of PackageSystem (bsc#1194886). - 4.4.40