Packages changed: bash busybox ca-certificates (2+git20200129.d1a437d -> 2+git20201002.34daf7f) checkpolicy (3.0 -> 3.1) chrony (3.5 -> 3.5.1) cni (0.7.1 -> 0.8.0) expat (2.2.9 -> 2.2.10) fuse3 (3.9.3 -> 3.10.0) gettext-runtime (0.20.2 -> 0.21) glib2 (2.64.5 -> 2.64.6) glibc (2.31 -> 2.32) haproxy (2.2.3+git0.0e58a340d -> 2.2.4+git0.de456726d) installation-images-MicroOS (16.19 -> 16.23) iproute2 iputils issue-generator kernel-default-base (5.8.12 -> 5.8.14) kernel-firmware (20200916 -> 20201005) kernel-source (5.8.12 -> 5.8.14) kubernetes1.19 libproxy libselinux (3.0 -> 3.1) libselinux-bindings (3.0 -> 3.1) libsemanage (3.0 -> 3.1) libsepol (3.0 -> 3.1) libsolv libzypp (17.25.1 -> 17.25.2) mcstrans (3.0 -> 3.1) mozilla-nss (3.55 -> 3.57) ncurses (6.2.20200711 -> 6.2.20200912) numactl (2.0.13 -> 2.0.14) open-lldp (1.0.1+102.4c7fcc3 -> 1.0.1+69.e8f522565f5a) p11-kit patterns-base patterns-microos policycoreutils (3.0 -> 3.1) popt procps python-semanage (3.0 -> 3.1) rdma-core (27.1 -> 31.0) restorecond (3.0 -> 3.1) rook (1.4.3+git18.g42e1675e -> 1.4.5+git5.ge3c837f8) sysuser-tools tcpd vim wpa_supplicant === Details === ==== bash ==== - dot.profile: moved example for user specific LANG setting from .profile to .i18n (x11-tools package) skeleton file (boo#1158724) ==== busybox ==== - Disable RPM builtin, did become pretty useless - Disable popmaildir and mime utilities ==== ca-certificates ==== Version update (2+git20200129.d1a437d -> 2+git20201002.34daf7f) - Update to version 2+git20201002.34daf7f: * Use relative symlink for /etc/ssl/certs (boo#1175340) ==== checkpolicy ==== Version update (3.0 -> 3.1) - Update to version 3.1 * checkpolicy treats invalid characters as an error - might break rare use cases (intentionally) * Drop extern_te_assert_t.patch, is upstream ==== chrony ==== Version update (3.5 -> 3.5.1) Subpackages: chrony-pool-openSUSE - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). - Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) ==== cni ==== Version update (0.7.1 -> 0.8.0) - Update to version 0.8.0: * Specification and Conventions changes + docs: add ips and mac to well-known capabilities + add interface name validation + Add GUID to well known Capabilities + Add DeviceID attribute to RuntimeConfig + Typo fixes for infiniband GUID + Fix linting issues in docs, add headers to json example, update errors into table * Documentation changes + Update cnitool docs + Remove extra ',' chars which makes conflist examples invalid. * libcni changes + Remove Result.String method + libcni: add config caching [v2] + clean up : fix staticcheck warnings + libcni: add InitCNIConfigWithCacheDir() and deprecate RuntimeConfig.CacheDir + skel: clean up errors in skel and add some well-known error codes + libcni: find plugin in exec + validate containerID and networkName + skel: remove needless functions and types + libcni: also cache IfName + libcni: fix cache file 'result' key name + Bump Go version to 1.13 + When CNI version isn't supplied in config, use default. + intercept netplugin std error + invoke: capture and return stderr if plugin exits unexpectedly + Retry exec commands on text file busy ==== expat ==== Version update (2.2.9 -> 2.2.10) - Update to 2.2.10: * Bug fixes: - Fix undefined behavior during parsing caused by pointer arithmetic with NULL pointers - Fix reading uninitialized variable during parsing - xmlwf: Add missing check for malloc NULL return * Other changes: - xmlwf: Document exit codes in xmlwf manpage and exit with code 3 (rather than code 1) for output errors when used with "-d DIRECTORY" - Autotools: Use -Werror while configure tests the compiler for supported compile flags to avoid false positives - Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, e.g. ensure that they have the last word over flags added while running ./configure - CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t) - CMake: Detect and deny unsupported build combinations involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t) - CMake: Install pre-compiled shipped xmlwf.1 manpage in case of -DEXPAT_BUILD_DOCS=OFF - CMake: Fix use of Expat by means of add_subdirectory - CMake: Keep expat target name constant at "expat" (i.e. refrain from using the target name to control build artifact filenames) - CMake: Expose man page compilation as target "xmlwf-manpage" - CMake: Introduce option EXPAT_BUILD_PKGCONFIG to control generation of pkg-config file "expat.pc" - CMake: Add minimalistic support for building binary packages with CMake target "package"; based on CPack - CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with default OFF to build fuzzer code against OSS-Fuzz and related environment variable LIB_FUZZING_ENGINE - Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF - Address compiler warnings - Address pngcheck warnings with doc/*.png images: Version info bumped from 7:11:6 to 7:12:6 ==== fuse3 ==== Version update (3.9.3 -> 3.10.0) - Update to release 3.10.0 * Add FUSE_CAP_CACHE_SYMLINKS: allow caching symlinks in kernel page cache. ==== gettext-runtime ==== Version update (0.20.2 -> 0.21) Subpackages: libtextstyle0 - Add multiple new features (bsc#1165138) - Add patches: * 0001-msgcat-Add-feature-to-use-the-newest-po-file.patch * 0002-msgcat-Merge-headers-when-use-first.patch - Reintroduce utoreconf call - Update to 0.21: * Programming languages support: - Shell: o xgettext now recognizes and ignores 'env' invocations and environment variable assignments in front of commands. - Java: o xgettext now recognizes format strings in the Formatter syntax. They are marked as 'java-printf-format' in POT and PO files. o xgettext now recognizes text blocks as string literals. - JavaScript: xgettext parses JSX expressions more reliably. - Ruby: o xgettext now supports Ruby. o 'msgfmt -c' now verifies the syntax of translations of Ruby format strings. * Improvements for translators: - When msgfmt writes a MO file, it now does so in such a way that processes that are currently using an older copy of the MO file will not crash. * Libtextstyle: - Added support for emitting hyperlinks. - New API for doing formatted output. - The example programs support the NO_COLOR environment variable. ==== glib2 ==== Version update (2.64.5 -> 2.64.6) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.64.6: + Bugs fixed: glgo#GNOME/GLib#2194, glgo#GNOME/GLib#2209, glgo#GNOME/GLib!1633, glgo#GNOME/GLib!1634, glgo#GNOME/GLib!1656, glgo#GNOME/GLib!1659, glgo#GNOME/GLib!1666, glgo#GNOME/GLib!1672. + Updated translations. ==== glibc ==== Version update (2.31 -> 2.32) Subpackages: glibc-locale glibc-locale-base - Keep nsswitch.conf in /etc for SLES15 - syslog-locking.patch: Correct locking and cancellation cleanup in syslog functions (bsc#1172085, BZ #26100) - ifunc-fma4.patch: x86-64: Fix FMA4 detection in ifunc (BZ #26534) - Update to glibc 2.32 * Unicode 13.0.0 Support * New locale added: ckb_IQ * The GNU C Library now loads audit modules listed in the DT_AUDIT and DT_DEPAUDIT dynamic section entries of the main executable * powerpc64le supports IEEE128 long double libm/libc redirects when using the -mabi=ieeelongdouble to compile C code on supported GCC toolchains * To help detect buffer overflows and other out-of-bounds accesses several APIs have been annotated with GCC 'access' attribute * On Linux, functions the pthread_attr_setsigmask_np and pthread_attr_getsigmask_np have been added * The GNU C Library now provides the header file which declares the variable __libc_single_threaded * The functions sigabbrev_np and sigdescr_np have been added * The functions strerrorname_np and strerrordesc_np have been added * AArch64 now supports standard branch protection security hardening in glibc when it is built with a GCC that is configured with - -enable-standard-branch-protection (or if -mbranch-protection=standard flag is passed when building both GCC target libraries and glibc, in either case a custom GCC is needed) * The deprecated header and the sysctl function have been removed * The sstk function is no longer available to newly linked binaries * The legacy signal handling functions siginterrupt, sigpause, sighold, sigrelse, sigignore and sigset, and the sigmask macro have been deprecated * ldconfig now defaults to the new format for ld.so.cache * The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev are no longer available to newly linked binaries, and their declarations have been removed from * The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr are no longer available to newly linked binaries, and their declarations have been removed from from * Both strerror and strerror_l now share the same internal buffer in the calling thread, meaning that the returned string pointer may be invalided or contents might be overwritten on subsequent calls in the same thread or if the thread is terminated * Using weak references to libpthread functions such as pthread_create or pthread_key_create to detect the singled-threaded nature of a program is an obsolescent feature * The "files" NSS module no longer supports the "key" database (used for secure RPC) * The __morecore and __after_morecore_hook malloc hooks and the default implementation __default_morecore have been deprecated * The hesiod NSS module has been deprecated and will be removed in a future version of glibc * CVE-2016-10228: An infinite loop has been fixed in the iconv program when invoked with the -c option and when processing invalid multi-byte input sequences * CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument * CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. * CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and memmove functions has been fixed - riscv-syscall-clobber.patch, ldbl-96-rem-pio2l.patch, long-double-alias.patch: Removed ==== haproxy ==== Version update (2.2.3+git0.0e58a340d -> 2.2.4+git0.de456726d) - use parallel build - Update to version 2.2.4+git0.de456726d: * [RELEASE] Released version 2.2.4 * REGTEST: make map_regm_with_backref require 1.7 * REGTEST: make abns_socket.vtc require 1.8 * REGTEST: make agent-check.vtc require 1.8 * REGTEST: fix host part in balance-uri-path-only.vtc * BUG/MINOR: ssl/crt-list: exit on warning out of crtlist_parse_line() * DOC: agent-check: fix typo in "fail" word expected reply * REGTESTS: use "command" instead of "which" for better POSIX compatibility * BUILD: trace: include tools.h * BUG/MEDIUM: listeners: do not pause foreign listeners * REGTESTS: add a few load balancing tests * MINOR: backend: add a new "path-only" option to "balance uri" * MINOR: backend: make the "whole" option of balance uri take only one bit * MINOR: h2/trace: also display the remaining frame length in traces * BUG/MINOR: Fix memory leaks cfg_parse_peers * BUG/MEDIUM: h2: report frame bits only for handled types * BUG/MINOR: config: Fix memory leak on config parse listen * BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch * BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK * BUG/MINOR: ssl/crt-list: crt-list could end without a \n * BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly. * BUG/MINOR: server: report correct error message for invalid port on "socks4" * BUG/MINOR: ssl: verifyhost is case sensitive * BUG/MINOR: Fix type passed of sizeof() for calloc() * BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned * BUILD: threads: better workaround for late loading of libgcc_s ==== installation-images-MicroOS ==== Version update (16.19 -> 16.23) - merge gh#openSUSE/installation-images#429 - remove dependency on insserv-compat (bsc#1176501) - remove ia64-specific dependency on ia32el - remove obsolete kbd_simple script - convert remaining insserv uses to systemctl calls - 16.23 - merge gh#openSUSE/installation-images#428 - include all of xorg-x11-server - 16.22 - merge gh#openSUSE/installation-images#427 - ensure /proc is mounted in chroot environments (bsc#1176972) - 16.21 - merge gh#openSUSE/installation-images#426 - Extra yast module for common criteria (boo#1176982) - 16.20 ==== iproute2 ==== - Add 0001-ip-add-error-reporting-when-RTM_GETNSID-failed.patch ==== iputils ==== - No longer invoke permissions macros for ping. It now uses ICMP_PROTO sockets (bsc#1174504). ==== issue-generator ==== - Handle the .path unit in scriptlets as well ==== kernel-default-base ==== Version update (5.8.12 -> 5.8.14) - Add cifs ==== kernel-firmware ==== Version update (20200916 -> 20201005) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Placeholder for SLE15-SP3 package sync: bsc#1143331, bsc#1160204, bsc#1154395 bsc#1155307, jsc#SLE-8379 - Update to version 20201005 (git commit 58d41d0facca): * ice: Add comms package file for Intel E800 series driver * copy-firmware: Always write Link: entries * amdgpu: update vega20 firmware for 20.40 * amdgpu: update vega12 firmware for 20.40 * amdgpu: update vega10 firmware for 20.40 * amdgpu: update renoir firmware for 20.40 * amdgpu: update raven2 firmware for 20.40 * amdgpu: update raven firmware for 20.40 * amdgpu: update picasso firmware for 20.40 * amdgpu: update navi14 firmware for 20.40 * amdgpu: update navi12 firmware for 20.40 * amdgpu: update navi10 firmware for 20.40 * linux-firmware: Add new VPDMA firmware 1b8.bin * QCA : Updated firmware files for WCN3991 - Drop the AMDGPU Picasso workaround (bsc#1174278) - Update to version 20200928 (git commit b78a66c909c7): * linux-firmware: Update firmware for Cadence MHDP8546 DP bridge * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1) * Mellanox: Add new mlxsw_spectrum firmware xx.2008.1312 * linux-firmware: nvidia: move firmware symlinks to WHENCE * linux-firmware: move i915 firmware symlinks to WHENCE * linux-firmware: move iwlwifi-7265D-10.ucode symlink to WHENCE * linux-firmware: Update Marvell Switchdev firmware with ABI changes - Force bzip2 compression for compatibility (boo#1176981): for keeping the compatibility with older distros (like Leap 15.1) that can't deal with lzma-compressed rpm files ==== kernel-source ==== Version update (5.8.12 -> 5.8.14) - Update config files. Only run_oldconfig.sh to sync up. - commit cea47bb - Linux 5.8.14 (bsc#1012628). - io_uring: always delete double poll wait entry on match (bsc#1012628). - btrfs: fix filesystem corruption after a device replace (bsc#1012628). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (bsc#1012628). - USB: gadget: f_ncm: Fix NDP16 datagram validation (bsc#1012628). - Revert "usbip: Implement a match function to fix usbip" (bsc#1012628). - usbcore/driver: Fix specific driver selection (bsc#1012628). - usbcore/driver: Fix incorrect downcast (bsc#1012628). - usbcore/driver: Accommodate usbip (bsc#1012628). - gpio: siox: explicitly support only threaded irqs (bsc#1012628). - gpio: mockup: fix resource leak in error path (bsc#1012628). - gpio: tc35894: fix up tc35894 interrupt configuration (bsc#1012628). - gpio: amd-fch: correct logic of GPIO_LINE_DIRECTION (bsc#1012628). - clk: samsung: Keep top BPLL mux on Exynos542x enabled (bsc#1012628). - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (bsc#1012628). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1012628). - i2c: i801: Exclude device from suspend direct complete optimization (bsc#1012628). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#1012628). - iio: adc: qcom-spmi-adc5: fix driver name (bsc#1012628). - ftrace: Move RCU is watching check after recursion check (bsc#1012628). - tracing: Fix trace_find_next_entry() accounting of temp buffer size (bsc#1012628). - memstick: Skip allocating card when removing host (bsc#1012628). - xen/events: don't use chip_data for legacy IRQs (bsc#1012628). - clocksource/drivers/timer-gx6605s: Fixup counter reload (bsc#1012628). - vboxsf: Fix the check for the old binary mount-arguments struct (bsc#1012628). - mt76: mt7915: use ieee80211_free_txskb to free tx skbs (bsc#1012628). - libbpf: Remove arch-specific include path in Makefile (bsc#1012628). - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices (bsc#1012628). - Revert "wlcore: Adding suppoprt for IGTK key in wlcore driver" (bsc#1012628). - drm/sun4i: mixer: Extend regmap max_register (bsc#1012628). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1012628). - net: dec: de2104x: Increase receive ring size for Tulip (bsc#1012628). - rndis_host: increase sleep time in the query-response loop (bsc#1012628). - nvme-pci: disable the write zeros command for Intel 600P/P3100 (bsc#1012628). - nvme-core: get/put ctrl and transport module in nvme_dev_open/release() (bsc#1012628). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1012628). - drivers/net/wan/lapbether: Make skb->protocol consistent with the header (bsc#1012628). - drivers/net/wan/hdlc: Set skb->protocol before transmitting (bsc#1012628). - mac80211: Fix radiotap header channel flag for 6GHz band (bsc#1012628). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (bsc#1012628). - tracing: Make the space reserved for the pid wider (bsc#1012628). - tools/io_uring: fix compile breakage (bsc#1012628). - io_uring: mark statx/files_update/epoll_ctl as non-SQPOLL (bsc#1012628). - cpuidle: psci: Fix suspicious RCU usage (bsc#1012628). - spi: fsl-espi: Only process interrupts for expected events (bsc#1012628). - net: dsa: felix: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries (bsc#1012628). - nvme-pci: fix NULL req in completion handler (bsc#1012628). - nvme-fc: fail new connections to a deleted host or remote port (bsc#1012628). - scripts/kallsyms: skip ppc compiler stub *.long_branch.* / * .plt_branch.* (bsc#1012628). - gpio: sprd: Clear interrupt when setting the type as edge (bsc#1012628). - phy: ti: am654: Fix a leak in serdes_am654_probe() (bsc#1012628). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (bsc#1012628). - nfs: Fix security label length not being reset (bsc#1012628). - NFSv4.2: fix client's attribute cache management for copy_file_range (bsc#1012628). - pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read (bsc#1012628). - clk: tegra: Always program PLL_E when enabled (bsc#1012628). - clk: tegra: Fix missing prototype for tegra210_clk_register_emc() (bsc#1012628). - dmaengine: dmatest: Prevent to run on misconfigured channel (bsc#1012628). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (bsc#1012628). - scsi: target: Fix lun lookup for TARGET_SCF_LOOKUP_LUN_FROM_TAG case (bsc#1012628). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1012628). - gpio: pca953x: Fix uninitialized pending variable (bsc#1012628). - gpio/aspeed-sgpio: enable access to all 80 input & output sgpios (bsc#1012628). - gpio/aspeed-sgpio: don't enable all interrupts by default (bsc#1012628). - gpio: aspeed: fix ast2600 bank properties (bsc#1012628). - i2c: cpm: Fix i2c_ram structure (bsc#1012628). - i2c: npcm7xx: Clear LAST bit after a failed transaction (bsc#1012628). - Input: trackpoint - enable Synaptics trackpoints (bsc#1012628). - blk-mq: call commit_rqs while list empty but error happen (bsc#1012628). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (bsc#1012628). - autofs: use __kernel_write() for the autofs pipe writing (bsc#1012628). - pinctrl: qcom: sm8250: correct sdc2_clk (bsc#1012628). - pinctrl: mediatek: check mtk_is_virt_gpio input parameter (bsc#1012628). - gpio: pca953x: Correctly initialize registers 6 and 7 for PCA957x (bsc#1012628). - iommu/amd: Fix the overwritten field in IVMD header (bsc#1012628). - pipe: remove pipe_wait() and fix wakeup race with splice (bsc#1012628). - random32: Restore __latent_entropy attribute on net_rand_state (bsc#1012628). - gpiolib: Fix line event handling in syscall compatible mode (bsc#1012628). - drm/i915/gvt: Fix port number for BDW on EDID region setup (bsc#1012628). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (bsc#1012628). - scsi: sd: sd_zbc: Fix ZBC disk initialization (bsc#1012628). - epoll: do not insert into poll queues until all sanity checks are done (bsc#1012628). - epoll: replace ->visited/visited_list with generation count (bsc#1012628). - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path (bsc#1012628). - ep_create_wakeup_source(): dentry name can change under you.. (bsc#1012628). - commit e882d6e - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599). - commit 5672f81 - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes). - commit 08db7a3 - Linux 5.8.13 (bsc#1012628). - device_cgroup: Fix RCU list debugging warning (bsc#1012628). - ASoC: pcm3168a: ignore 0 Hz settings (bsc#1012628). - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (bsc#1012628). - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (bsc#1012628). - clk: versatile: Add of_node_put() before return statement (bsc#1012628). - RISC-V: Take text_mutex in ftrace_init_nop() (bsc#1012628). - i2c: aspeed: Mask IRQ status to relevant bits (bsc#1012628). - s390/init: add missing __init annotations (bsc#1012628). - lockdep: fix order in trace_hardirqs_off_caller() (bsc#1012628). - EDAC/ghes: Check whether the driver is on the safe list correctly (bsc#1012628). - drm/amdkfd: fix a memory leak issue (bsc#1012628). - drm/amd/display: Don't use DRM_ERROR() for DTM add topology (bsc#1012628). - drm/amd/display: update nv1x stutter latencies (bsc#1012628). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (bsc#1012628). - drm/amd/display: Don't log hdcp module warnings in dmesg (bsc#1012628). - objtool: Fix noreturn detection for ignored functions (bsc#1012628). - i2c: mediatek: Send i2c master code at more than 1MHz (bsc#1012628). - riscv: Fix Kendryte K210 device tree (bsc#1012628). - ieee802154: fix one possible memleak in ca8210_dev_com_init (bsc#1012628). - ieee802154/adf7242: check status of adf7242_read_reg (bsc#1012628). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (bsc#1012628). - mwifiex: Increase AES key storage size to 256 bits (bsc#1012628). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (bsc#1012628). - libbpf: Fix build failure from uninitialized variable warning (bsc#1012628). - atm: eni: fix the missed pci_disable_device() for eni_init_one() (bsc#1012628). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (bsc#1012628). - netfilter: ctnetlink: add a range check for l3/l4 protonum (bsc#1012628). - netfilter: ctnetlink: fix mark based dump filtering regression (bsc#1012628). - netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled (bsc#1012628). - netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid (bsc#1012628). - mac802154: tx: fix use-after-free (bsc#1012628). - bpf: Fix clobbering of r2 in bpf_gen_ld_abs (bsc#1012628). - tools/libbpf: Avoid counting local symbols in ABI check (bsc#1012628). - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1012628). - net: qed: Disable aRFS for NPAR and 100G (bsc#1012628). - net: qede: Disable aRFS for NPAR and 100G (bsc#1012628). - net: qed: RDMA personality shouldn't fail VF load (bsc#1012628). - igc: Fix wrong timestamp latency numbers (bsc#1012628). - igc: Fix not considering the TX delay for timestamps (bsc#1012628). - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1012628). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1012628). - RDMA/core: Fix ordering of CQ pool destruction (bsc#1012628). - batman-adv: Add missing include for in_interrupt() (bsc#1012628). - xsk: Fix number of pinned pages/umem size discrepancy (bsc#1012628). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (bsc#1012628). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (bsc#1012628). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (bsc#1012628). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (bsc#1012628). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1012628). - lib80211: fix unmet direct dependendices config warning when !CRYPTO (bsc#1012628). - mac80211: do not disable HE if HT is missing on 2.4 GHz (bsc#1012628). - cfg80211: fix 6 GHz channel conversion (bsc#1012628). - mac80211: fix 80 MHz association to 160/80+80 AP on 6 GHz (bsc#1012628). - ALSA: asihpi: fix iounmap in error handler (bsc#1012628). - io_uring: fix openat/openat2 unified prep handling (bsc#1012628). - SUNRPC: Fix svc_flush_dcache() (bsc#1012628). - regmap: fix page selection for noinc reads (bsc#1012628). - regmap: fix page selection for noinc writes (bsc#1012628). - net/mlx5e: mlx5e_fec_in_caps() returns a boolean (bsc#1012628). - MIPS: Loongson-3: Fix fp register access if MSA enabled (bsc#1012628). - PM / devfreq: tegra30: Disable clock on error in probe (bsc#1012628). - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() (bsc#1012628). - regulator: axp20x: fix LDO2/4 description (bsc#1012628). - spi: bcm-qspi: Fix probe regression on iProc platforms (bsc#1012628). - KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE (bsc#1012628). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1012628). - mm: validate pmd after splitting (bsc#1012628). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1012628). - x86/irq: Make run_on_irqstack_cond() typesafe (bsc#1012628). - x86/ioapic: Unbreak check_timer() (bsc#1012628). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1012628). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (bsc#1012628). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (bsc#1012628). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (bsc#1012628). - lib/string.c: implement stpcpy (bsc#1012628). - tracing: fix double free (bsc#1012628). - s390/dasd: Fix zero write for FBA devices (bsc#1012628). - mt76: mt7615: use v1 MCU API on MT7615 to fix issues with adding/removing stations (bsc#1012628). - lib/bootconfig: Fix a bug of breaking existing tree nodes (bsc#1012628). - lib/bootconfig: Fix to remove tailing spaces after value (bsc#1012628). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (bsc#1012628). - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (bsc#1012628). - btrfs: fix put of uninitialized kobject after seed device delete (bsc#1012628). - btrfs: fix overflow when copying corrupt csums for a message (bsc#1012628). - media: cec-adap.c: don't use flush_scheduled_work() (bsc#1012628). - MIPS: Loongson2ef: Disable Loongson MMI instructions (bsc#1012628). - dmabuf: fix NULL pointer dereference in dma_buf_release() (bsc#1012628). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1012628). - mm/gup: fix gup_fast with dynamic page table folding (bsc#1012628). - mm: replace memmap_context by meminit_context (bsc#1012628). - mm: don't rely on system state to detect hot-plug operations (bsc#1012628). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1012628). - io_uring: ensure open/openat2 name is cleaned on cancelation (bsc#1012628). - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1012628). - dm: fix bio splitting and its bio completion order for regular IO (bsc#1012628). - clocksource/drivers/timer-ti-dm: Do reset before enable (bsc#1012628). - commit ea492d4 ==== kubernetes1.19 ==== Subpackages: kubernetes1.19-client kubernetes1.19-client-common kubernetes1.19-kubeadm kubernetes1.19-kubelet kubernetes1.19-kubelet-common - use obsinfo again for commit id extraction, as this matches upstream's build commit id (just in case). - fix git commit determination (bsc#1177289) ==== libproxy ==== - Add libproxy-CVE-2020-25219.patch: Rewrite url::recvline to be nonrecursive (boo#1176410 CVE-2020-25219). - Add libproxy-fix-pac-buffer-overflow.patch: fix buffer overflow when PAC is enabled (boo#1177143 CVE-2020-26154). ==== libselinux ==== Version update (3.0 -> 3.1) Subpackages: libselinux1 selinux-tools - Update to version 3.1: * selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were removed. All userspace object managers should have been updated to use the dynamic class/perm mapping support. Use string_to_security_class(3) and string_to_av_perm(3) to map the class and permission names to their policy values, or selinux_set_mapping(3) to create a mapping from class and permission index values used by the application to the policy values. * Removed restrictions in libsepol and checkpolicy that required all declared initial SIDs to be assigned a context. * Support for new policy capability genfs_seclabel_symlinks * selinuxfs is mounted with noexec and nosuid * `security_compute_user()` was deprecated ==== libselinux-bindings ==== Version update (3.0 -> 3.1) - Update to version 3.1: * selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were removed. All userspace object managers should have been updated to use the dynamic class/perm mapping support. Use string_to_security_class(3) and string_to_av_perm(3) to map the class and permission names to their policy values, or selinux_set_mapping(3) to create a mapping from class and permission index values used by the application to the policy values. * Removed restrictions in libsepol and checkpolicy that required all declared initial SIDs to be assigned a context. * Support for new policy capability genfs_seclabel_symlinks * selinuxfs is mounted with noexec and nosuid * `security_compute_user()` was deprecated * Refreshed python3.8-compat.patch ==== libsemanage ==== Version update (3.0 -> 3.1) - Add /var/lib/selinux - Remove libsemanage-update-map-file.patch to prevent checkers from declining the submission. Keeping the snippet in the spec file in case we try to enable LTO again - Update to version 3.1 * Improved manpage * fsync final files before rename - Disabled LTO again. This breaks e.g. shadow and also other packages in security:SELinux - Fix build with LTO: [bsc#1133102] * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects * Update map file to include new symbols and remove wildcards - Add libsemanage-update-map-file.patch ==== libsepol ==== Version update (3.0 -> 3.1) - Update to version 3.1 * Add support for new polcap genfs_seclabel_symlinks * Initialize the multiple_decls field of the cil db * Return error when identifier declared as both type and attribute * Write CIL default MLS rules on separate lines * Sort portcon rules consistently * Remove leftovers of cil_mem_error_handler * Drop remove_cil_mem_error_handler.patch, is included ==== libsolv ==== - make testcase_mangle_repo_names deal correctly with freed repos [bnc#1177238] ==== libzypp ==== Version update (17.25.1 -> 17.25.2) - Bump version to force rebuild against a fixed libsolv. (bsc#1177238, bsc#1177275) - version 17.25.2 (22) ==== mcstrans ==== Version update (3.0 -> 3.1) - Update to version 3.1 * fix memory leak in new_context_str ==== mozilla-nss ==== Version update (3.55 -> 3.57) - update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes - requires NSPR 4.29 - removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256) - introduced _constraints due to high memory requirements especially for LTO on Tumbleweed - Add patch to fix build on aarch64 - boo#1176934: * nss-freebl-fix-aarch64.patch - Update nss-fips-approved-crypto-non-ec.patch to match RC2 code being moved to deprecated/. - Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made obsolete by upstream changes. - update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting "all" as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 - do not hard require mozilla-nss-certs-32bit via baselibs (boo#1176206) ==== ncurses ==== Version update (6.2.20200711 -> 6.2.20200912) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20200912 + add configure-check for systre/tre with mingw configuration, to get the library-dependencies as seen in msys2 configuration for mingw64. + build-fixes for the win32-driver configuration. + use more defensive binary mode setting for Win32 (Juergen Pfeifer). - Add ncurses patch 20200907 + fix regression in setupterm validating non-empty $TERM (report by Soren Tempel). - Add ncurses patch 20200906 + merge/adapt in-progress work by Juergen Pfeifer for new version of win32-driver. + correct description of vt330/vt340 (Ross Combs). - Add ncurses patch 20200831 + build-fix for awk-scripts modified for win32-driver (report by Werner Fink). - Drop workaround patch awk-scripts.patch as now upstream fixed - Add patch awk-scripts.patch as workaround for patch 20200829 - Add ncurses patch 20200829 + remove a redundant NCURSES_EXPORT as a build-fix for "Maarten Anonymous". + merge/adapt in-progress work by Juergen Pfeifer for new version of win32-driver. + modify configure script, moving gcc -Werror options to EXTRA_CFLAGS to avoid breaking configure-checks (adapted from ongoing work on mawk and lynx). > errate for terminfo.src (report by Florian Weimer): + correct icl6404 csr + correct ti916 cup + improve ndr9500 - Refresh patch ncurses-6.2.dif - Add ncurses patch 20200822 + improve version-number extraction in MKlib_gen.sh + make the test-package for manpages installable by adjusting the man_db.renames file. + correct an off-by-one loop-limit in convert_strings function (report by Yue Tai). + add CF_SHARED_OPTS cases for HPE NonStop systems (Randall S Becker). + modify CF_SHARED_OPTS case for NetBSD to use the same "-shared" option for the non-rpath case as for the rpath case, to allow gcc to provide suitable runtime initialization (report by Rajeev V Pillai). - Disable wgetch-events as it is deprecated and breaks build of other packages - Add ncurses patch 20200817 + reduce build-warnings by excluding ncurses-internals from deprecation warnings. + mark wgetch-events feature as deprecated. + add definition for $(LIBS) to ncurses/Makefile.in, to simplify builds using the string-hacks option. + prevent KEY_EVENT from appearing in curses.h unless the configure option --enable-wgetch-events is used (report by Werner Fink). - Add ncurses patch 20200816 + amend tic/infocmp check to allow for the respective tool's absence (report by Steve Wills, cf: 20200808). + improved some of the build-scripts with shellcheck + filter out -MT/-MD/-MTd/-MDd options in script for Visual Studio C++ (discussion with "Maarten Anonymous"). - Add ncurses patch 20200808 + improve discussion of the system's tic utility when used as part of cross-compiling (discussion with Keith Marshall). + modify configuration checks for build-time tic/infocmp to use AC_CHECK_TOOL. That can still be overridden by --with-tic-path and - -with-infocmp-path when fallbacks are used, but even if not using fallbacks, the improved check may help with cross-compiling (discussion with Keith Marshall). + other build-fixes for Ada95 with MinGW. + modify Ada95 source-generation utility to write to a file given as parameter rather than to the standard output, allowing builds with MinGW. - Add ncurses patch 20200801 + remove remaining parts of checks for ISC Unix (cf: 20121006). + add user32.lib to LDFLAGS for Visual Studio C++ configuration (discussion with "Maarten Anonymous"). + modify MKkey_defs.sh to hide ncurses' definition of KEY_EVENTS to reduce Visual Studio C++ redefinition warnings. + improve/update checks for external functions in test/configure - Add ncurses patch 20200725 + set LINK_TESTS in CF_SHARED_OPTS for msvc (patch by "Maarten Anonymous") + improved workaround for redefinition-warnings for KEY_EVENT. + improve man/term.5 section on legacy storage format (report by Florian Weimer). - Add ncurses patch 20200718 + reduce redefinition-warnings for KEY_EVENT when building with Visual Studio C++. + define NCURSES_STATIC when compiling programs to link with static libraries, to work with MinGW vs Visual Studio C++. > additional changes for building with Visual Studio C++ and msys2 (reports/patches by "Maarten Anonymous") + modify c++/Makefile.in to set the current directory while compiling the main program, so the linker can find related objects. + several changes to allow the c++/demo program to compile/link. + change an ifdef in test-directory, to use VC++ wide-character funcs. ==== numactl ==== Version update (2.0.13 -> 2.0.14) - update to 2.0.14: * manpage update * numademo: fix issue on 32 bit systems * drop custom cflags for libnuma * use symvers attribute for symbol versioning ==== open-lldp ==== Version update (1.0.1+102.4c7fcc3 -> 1.0.1+69.e8f522565f5a) Subpackages: liblldp_clif1 - Update to version v1.0.1+69.e8f522565f5a to removed commpiler and rpmlint complaints: * Fix bash-completion dir: don't use /etc * Fix compiler issue with strcpy(): use memcpy * Fix compiler complaint argument type mismatch. * Fix compiler complaint declaration vs function. * Fix compiler complaint copying to packed member. * add 'lldpad.socket' to the '%service_*' macros in the SPEC file - Moved sources from github.com/intel to github/openSUSE * upgrading to version v1.0.1+110.6009075a9fcc - merged in latest upstream (no API changes) - Update to version v1.0.1+63.f977e67 (bsc#1171284,bsc#1170745,bsc#1153520): * lldp/rx.c: Reset state machine variable in process_delete_info() * lldp: do not call 'assert' in rxProcessFrame() * ecp: allow for failure to create * lldp_mand: retrieve permanent mac address in get_mac() * lldp_util: use netlink to fetch mac address * lldp_util: drop get_macstr() * linux/if_link.h: Update and add bonding netlink definitions ==== p11-kit ==== Subpackages: libp11-kit0 p11-kit-tools - avoid bareword to fix build failure ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-bootloader patterns-base-minimal_base - Handle the yast pattern split into basis, desktop and server (boo#1159875) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Add container-selinux and selinux-policy-targeted policy packages to selinux pattern - Add policycoreutils-python-utils to media ==== policycoreutils ==== Version update (3.0 -> 3.1) Subpackages: python3-policycoreutils - Add get_os_version.patch get_os_version is implemented in a very RH/Fedora specific way. Ensure that it returns a valid string for SUSE by changing the default. Also remove the RH specific logic when generating HTML versions of the SELinux documentation - Align more with Fedora spec file to get rid of python dependencies in the core system - create new python-utils sub-package - move some tools to devel sub-package - Cleanup dependencies - Proper default permissions for newrole (4755) - Update to version 3.1 * New `setfiles -E` option - treat conflicting specifications as errors, such as where two hardlinks for the same inode have different contexts. * `setsebool -V` reports errors from commit phase * matchpathcon related interfaces are deprecated * New `restorecon -x` option which prevents it from crossing file system * boundaries. * `sepolgen-ifgen` parses a gen_tunable statement as bool * Removed Requires for python3-ipy as the ipaddress module is used. No requires for python-ipaddress as it's assumed this is used only on recent systems * Drop chcat_join.patch, is upstream ==== popt ==== - Update homepage URL. - Drop old rpm constructs. ==== procps ==== Subpackages: libprocps8 - Add upstream procps-check-sanity-of-SC_ARG_MAX.patch in order to fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. ==== python-semanage ==== Version update (3.0 -> 3.1) - Update to version 3.1 * Improved manpage * fsync final files before rename - Disabled LTO again. This breaks e.g. shadow and also other packages in security:SELinux - Fix build with LTO: [bsc#1133102] * Enable LTO (Link Time Optimization) * Update map file to include new symbols and remove wildcards - Add libsemanage-update-map-file.patch ==== rdma-core ==== Version update (27.1 -> 31.0) Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Update to v31.0 (jsc#SLE-15657, jsc#SLE-15731, jsc#SLE-15743, jsc#SLE-15810) - No release notes available - Update to v30.0 - No release notes available - Add cxgb3-nes-fix-declaration-of-free_context.patch to fix support of older providers with newer rdma-core internal ABI ==== restorecond ==== Version update (3.0 -> 3.1) - Use proper macros for SYSTEMDSYSTEMUNITDIR and SYSTEMDUSERUNITDIR - Update to version 3.1 * `restorecond_user.service` - new systemd user service which runs `restorecond -u` ==== rook ==== Version update (1.4.3+git18.g42e1675e -> 1.4.5+git5.ge3c837f8) - Update to v1.4.5 * Update the CSI driver to v3.1.1 (#6340) * Fix drive group deployment failure (#6267) * Fix OBC upgrade from 1.3 to 1.4 external cluster (#6353) * Remove user unlink while deleting OBC (#6338) * Enable RBAC in the helm chart for enabling monitoring (#6352) * Disable encryption keyring parameter not necessary after opening block (#6350) * Improve reconcile performance in clusters with many OSDs on PVCs (#6330) * Only one external cluster secret supported in import script (#6343) * Allow OSD PVC template name to be set to any value (#6307) * OSD prepare job was failing due to low aio-max-nr setting (#6284) * During upgrade assume a pod spec changed if diff checking fails (#6272) * Merge config from rook-config-override configmap to the default global config file (#6252) - Package all sample yaml files in rook-k8s-yaml - Update helm chart version to match rook product version plus the current release number - Update to v1.4.4 * Upgrade to v1.4.3 for cluster-on-pvc hung due to changing label selectors on the mons (#6256) * Remove osd status configmap for nodes with long names (#6235) * Allow running rgw daemons from an external cluster (#6226) - Create symlinks in /usr/local/bin for toolbox.sh and rook to ensure compatibility with upstream sample yamls ==== sysuser-tools ==== - Avoid useless use of cat - Simplify %sysusers_requires - Drop shebang, rpm passes it to /bin/sh itself ==== tcpd ==== - tcp_wrappers_7.6-shared-lib.diff: Linux has STRERROR not SYS_ERRLIST [bsc#1175272] ==== vim ==== Subpackages: vim-data-common vim-small - apparmor.vim: update from latest AppArmor 2.13 branch: - add capabilities bpf and perfmon ==== wpa_supplicant ==== - Add wpa_supplicant-p2p_iname_size.diff -- Limit P2P_DEVICE name to appropriate ifname size (https://patchwork.ozlabs.org/project/hostap/patch/20200825062902.124600-1-benjamin@sipsolutions.net/)