Packages changed: cloud-init elfutils findutils (4.6.0 -> 4.7.0) gawk glib2 (2.60.6 -> 2.60.7) kernel-firmware (20190815 -> 20190827) kernel-source (5.2.11 -> 5.2.14) libxml2 makedumpfile (1.6.5 -> 1.6.6) multipath-tools (0.8.2+26+suse.d884195 -> 0.8.2+27+suse.3ff280b) patterns-containers permissions (1550_20190711 -> 1550_20190830) podman rpm-config-SUSE (0.g32 -> 0.g35) texinfo (6.5 -> 6.6) util-linux util-linux-systemd xen === Details === ==== cloud-init ==== - Add cloud-init-add-static-routes.diff (bsc#1141969) + Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. - Update cloud-init-trigger-udev.patch (bsc#1144363) - The __str__ implementation no longer delivers the name of the interface, use the "name" attribute instead to form a proper path in the sysfs tree - Update cloud-init-write-routes.patch (bsc#1144881) + If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface - Follow the ever changing inconsistencies of version definitions and detection in the build service. + No more suse_version in SUSE internal instance for SLES 15 SP1 ==== elfutils ==== Subpackages: libasm1 libdw1 libebl-plugins libelf1 - Modernize specfile and metadata. ==== findutils ==== Version update (4.6.0 -> 4.7.0) - Upgrade to 4.7.0. - findutils.spec: - Change source compression from gzip to xz. - Align comments about how to bump the version. - Activate the signature checking via *.sig and keyring files. - Remove downstream hack in %check section to make a test executable. - Delete obsolete patches: - disable-broken-tests.patch - gnulib-libio.patch - sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch - sysmacros.patch - findutils-4.4.2-xautofs.patch: Refresh, and rename ... - findutils-xautofs.patch: ... to this. ==== gawk ==== - Upgrade descriptions. ==== glib2 ==== Version update (2.60.6 -> 2.60.7) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.60.7: + Bugs fixed: glgo#GNOME/GLib#1819, glgo#GNOME/GLib#1847, glgo#GNOME/GLib!1012, glgo#GNOME/GLib!1013, glgo#GNOME/GLib!1061, glgo#GNOME/GLib!1065, glgo#GNOME/GLib!1081. ==== kernel-firmware ==== Version update (20190815 -> 20190827) Subpackages: ucode-amd - Update to version 20190827 (git-commit 7307a29961ad): * brcm: Add 43455 based AP6255 NVRAM for the Minix Neo Z83-4 Mini PC * brcm: Add 43340 based AP6234 NVRAM for the PoV TAB-P1006W-232 tablet * iwlwifi: update FWs to core45-152 release * check_whence: Add copy-firmware.sh to the list of ignored files * rtl_bt: Update RTL8822C BT FW to V0x098A_94A4 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1886 ==== kernel-source ==== Version update (5.2.11 -> 5.2.14) Subpackages: kernel-debug kernel-default - Linux 5.2.14 (bnc#1012628). - Revert "mmc: core: do not retry CMD6 in __mmc_switch()" (bnc#1012628). - x86/boot: Preserve boot_params.secure_boot from sanitizing (bnc#1012628). - Revert "x86/apic: Include the LDR when clearing out APIC registers" (bnc#1012628). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bnc#1012628). - x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement() (bnc#1012628). - KVM: arm/arm64: VGIC: Properly initialise private IRQ affinity (bnc#1012628). - gpio: Fix irqchip initialization order (bnc#1012628). - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bnc#1012628). - afs: use correct afs_call_type in yfs_fs_store_opaque_acl2 (bnc#1012628). - afs: Fix possible oops in afs_lookup trace event (bnc#1012628). - afs: Fix leak in afs_lookup_cell_rcu() (bnc#1012628). - KVM: arm/arm64: Only skip MMIO insn once (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bnc#1012628). - drm/amdgpu: prevent memory leaks in AMDGPU_CS ioctl (bnc#1012628). - selftests/kvm: make platform_info_test pass on AMD (bnc#1012628). - selftests: kvm: fix state save/load on processors without XSAVE (bnc#1012628). - infiniband: hfi1: fix memory leaks (bnc#1012628). - infiniband: hfi1: fix a memory leak bug (bnc#1012628). - IB/mlx4: Fix memory leaks (bnc#1012628). - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bnc#1012628). - nvme: Fix cntlid validation when not using NVMEoF (bnc#1012628). - nvme-multipath: fix possible I/O hang when paths are updated (bnc#1012628). - Tools: hv: kvp: eliminate 'may be used uninitialized' warning (bnc#1012628). - Input: hyperv-keyboard: Use in-place iterator API in the channel callback (bnc#1012628). - scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ (bnc#1012628). - x86/boot/compressed/64: Fix boot on machines with broken E820 table (bnc#1012628). - HID: cp2112: prevent sleeping function called from invalid context (bnc#1012628). - HID: intel-ish-hid: ipc: add EHL device id (bnc#1012628). - kprobes: Fix potential deadlock in kprobe_optimizer() (bnc#1012628). - sched/core: Schedule new worker even if PI-blocked (bnc#1012628). - ravb: Fix use-after-free ravb_tstamp_skb (bnc#1012628). - wimax/i2400m: fix a memory leak bug (bnc#1012628). - net: cavium: fix driver name (bnc#1012628). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bnc#1012628). - net: kalmia: fix memory leaks (bnc#1012628). - cx82310_eth: fix a memory leak bug (bnc#1012628). - vfs: fix page locking deadlocks when deduping files (bnc#1012628). - lan78xx: Fix memory leaks (bnc#1012628). - clk: Fix potential NULL dereference in clk_fetch_parent_index() (bnc#1012628). - clk: Fix falling back to legacy parent string matching (bnc#1012628). - net: myri10ge: fix memory leaks (bnc#1012628). - liquidio: add cleanup in octeon_setup_iq() (bnc#1012628). - selftests: kvm: fix vmx_set_nested_state_test (bnc#1012628). - selftests: kvm: provide common function to enable eVMCS (bnc#1012628). - selftests: kvm: do not try running the VM in vmx_set_nested_state_test (bnc#1012628). - cxgb4: fix a memory leak bug (bnc#1012628). - scsi: target: tcmu: avoid use-after-free after command timeout (bnc#1012628). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bnc#1012628). - drm/mediatek: set DMA max segment size (bnc#1012628). - drm/mediatek: use correct device to import PRIME buffers (bnc#1012628). - netfilter: nft_flow_offload: skip tcp rst and fin packets (bnc#1012628). - gpio: Fix build error of function redefinition (bnc#1012628). - ibmveth: Convert multicast list size for little-endian system (bnc#1012628). - s390/qeth: serialize cmd reply with concurrent timeout (bnc#1012628). - Bluetooth: hci_qca: Send VS pre shutdown command (bnc#1012628). - Bluetooth: btqca: Add a short delay before downloading the NVM (bnc#1012628). - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (bnc#1012628). - hv_netvsc: Fix a warning of suspicious RCU usage (bnc#1012628). - ixgbe: fix possible deadlock in ixgbe_service_task() (bnc#1012628). - tools: bpftool: fix error message (prog -> object) (bnc#1012628). - netfilter: nf_flow_table: teardown flow timeout race (bnc#1012628). - netfilter: nf_flow_table: conntrack picks up expired flows (bnc#1012628). - netfilter: nf_tables: use-after-free in failing rule with bound set (bnc#1012628). - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context (bnc#1012628). - clk: samsung: exynos542x: Move MSCL subsystem clocks to its sub-CMU (bnc#1012628). - clk: samsung: exynos5800: Move MAU subsystem clocks to MAU sub-CMU (bnc#1012628). - clk: samsung: Change signature of exynos5_subcmus_init() function (bnc#1012628). - net/mlx5e: Fix error flow of CQE recovery on tx reporter (bnc#1012628). - netfilter: nf_flow_table: fix offload for flows that are subject to xfrm (bnc#1012628). - libbpf: set BTF FD for prog only when there is supported .BTF.ext data (bnc#1012628). - libbpf: fix erroneous multi-closing of BTF FD (bnc#1012628). - batman-adv: Fix netlink dumping of all mcast_flags buckets (bnc#1012628). - net/rds: Fix info leak in rds6_inc_info_copy() (bnc#1012628). - net/sched: pfifo_fast: fix wrong dereference when qdisc is reset (bnc#1012628). - net/sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (bnc#1012628). - net: dsa: tag_8021q: Future-proof the reserved fields in the custom VID (bnc#1012628). - Add genphy_c45_config_aneg() function to phy-c45.c (bnc#1012628). - net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate (bnc#1012628). - taprio: Set default link speed to 10 Mbps in taprio_set_picos_per_byte (bnc#1012628). - taprio: Fix kernel panic in taprio_destroy (bnc#1012628). - r8152: remove calling netif_napi_del (bnc#1012628). - Revert "r8152: napi hangup fix after disconnect" (bnc#1012628). - nfp: flower: handle neighbour events on internal ports (bnc#1012628). - nfp: flower: prevent ingress block binds on internal ports (bnc#1012628). - tcp: remove empty skb from write queue in error cases (bnc#1012628). - tcp: inherit timestamp on mtu probe (bnc#1012628). - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent (bnc#1012628). - net_sched: fix a NULL pointer deref in ipt action (bnc#1012628). - net: sched: act_sample: fix psample group handling on overwrite (bnc#1012628). - net: fix skb use after free in netpoll (bnc#1012628). - mld: fix memory leak in mld_del_delrec() (bnc#1012628). - commit af75f09 - config: enable SLAB_FREELIST_HARDENED (bsc#1127808) Enable SLAB_FREELIST_HARDENED on all architectures. This obscures the free object pointer on a per-cache basis making it more difficult to locate kernel objects via exploits probing the cache metadata. This change was requested by the upstream openSUSE community to make the kernel more resistent to slab freelist attacks. Tests conducted by the kernel performance teams confirmed that the performance impact is detectable but negligible. - commit 94938f2 - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - commit f84c163 - config: enable STACKPROTECTOR_STRONG also on armv6hl Recently reenabled armv6hl architecture has STACKPROTECTOR_STRONG disabled, enable it here as well. - commit f434a32 - Linux 5.2.13 (bnc#1012628). - Revert "Input: elantech - enable SMBus on new (2018+) systems" (bnc#1012628). - commit acd8e88 - Linux 5.2.12 (bnc#1012628). - dmaengine: ste_dma40: fix unneeded variable warning (bnc#1012628). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bnc#1012628). - afs: Fix the CB.ProbeUuid service handler to reply correctly (bnc#1012628). - afs: Fix loop index mixup in afs_deliver_vl_get_entry_by_name_u() (bnc#1012628). - fs: afs: Fix a possible null-pointer dereference in afs_put_read() (bnc#1012628). - afs: Fix off-by-one in afs_rename() expected data version calculation (bnc#1012628). - afs: Only update d_fsdata if different in afs_d_revalidate() (bnc#1012628). - afs: Fix missing dentry data version updating (bnc#1012628). - nvmet: Fix use-after-free bug when a port is removed (bnc#1012628). - nvmet-loop: Flush nvme_delete_wq when removing the port (bnc#1012628). - nvmet-file: fix nvmet_file_flush() always returning an error (bnc#1012628). - nvme-core: Fix extra device_put() call on error path (bnc#1012628). - nvme: fix a possible deadlock when passthru commands sent to a multipath device (bnc#1012628). - nvme-rdma: fix possible use-after-free in connect error flow (bnc#1012628). - nvme: fix controller removal race with scan work (bnc#1012628). - nvme-pci: Fix async probe remove race (bnc#1012628). - soundwire: cadence_master: fix register definition for SLAVE_STATE (bnc#1012628). - soundwire: cadence_master: fix definitions for INTSTAT0/1 (bnc#1012628). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bnc#1012628). - btrfs: trim: Check the range passed into to prevent overflow (bnc#1012628). - IB/mlx5: Fix implicit MR release flow (bnc#1012628). - dmaengine: stm32-mdma: Fix a possible null-pointer dereference in stm32_mdma_irq_handler() (bnc#1012628). - omap-dma/omap_vout_vrfb: fix off-by-one fi value (bnc#1012628). - iommu/dma: Handle SG length overflow better (bnc#1012628). - dma-direct: don't truncate dma_required_mask to bus addressing capabilities (bnc#1012628). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bnc#1012628). - usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt (bnc#1012628). - habanalabs: fix DRAM usage accounting on context tear down (bnc#1012628). - habanalabs: fix endianness handling for packets from user (bnc#1012628). - habanalabs: fix completion queue handling when host is BE (bnc#1012628). - habanalabs: fix endianness handling for internal QMAN submission (bnc#1012628). - habanalabs: fix device IRQ unmasking for BE host (bnc#1012628). - xen/blkback: fix memory leaks (bnc#1012628). - arm64: cpufeature: Don't treat granule sizes as strict (bnc#1012628). - riscv: fix flush_tlb_range() end address for flush_tlb_page() (bnc#1012628). - i2c: rcar: avoid race when unregistering slave client (bnc#1012628). - i2c: emev2: avoid race when unregistering slave client (bnc#1012628). - drm/scheduler: use job count instead of peek (bnc#1012628). - drm/ast: Fixed reboot test may cause system hanged (bnc#1012628). - usb: host: fotg2: restart hcd after port reset (bnc#1012628). - tools: hv: fixed Python pep8/flake8 warnings for lsvmbus (bnc#1012628). - tools: hv: fix KVP and VSS daemons exit code (bnc#1012628). - locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty (bnc#1012628). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bnc#1012628). - watchdog: bcm2835_wdt: Fix module autoload (bnc#1012628). - selftests/bpf: install files test_xdp_vlan.sh (bnc#1012628). - drm/bridge: tfp410: fix memleak in get_modes() (bnc#1012628). - mt76: usb: fix rx A-MSDU support (bnc#1012628). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (bnc#1012628). - ipv6: Fix return value of ipv6_mc_may_pull() for malformed packets (bnc#1012628). - net: cpsw: fix NULL pointer exception in the probe error path (bnc#1012628). - net: fix __ip_mc_inc_group usage (bnc#1012628). - net/smc: make sure EPOLLOUT is raised (bnc#1012628). - tcp: make sure EPOLLOUT wont be missed (bnc#1012628). - ipv4: mpls: fix mpls_xmit for iptunnel (bnc#1012628). - openvswitch: Fix conntrack cache with timeout (bnc#1012628). - ipv4/icmp: fix rt dst dev null pointer dereference (bnc#1012628). - xfrm/xfrm_policy: fix dst dev null pointer dereference in collect_md mode (bnc#1012628). - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (bnc#1012628). - ALSA: usb-audio: Check mixer unit bitmap yet more strictly (bnc#1012628). - ALSA: hda/ca0132 - Add new SBZ quirk (bnc#1012628). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bnc#1012628). - ALSA: hda - Fixes inverted Conexant GPIO mic mute led (bnc#1012628). - ALSA: seq: Fix potential concurrent access to the deleted pool (bnc#1012628). - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bnc#1012628). - ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bnc#1012628). - kvm: x86: skip populating logical dest map if apic is not sw enabled (bnc#1012628). - KVM: x86: hyper-v: don't crash on KVM_GET_SUPPORTED_HV_CPUID when kvm_intel.nested is disabled (bnc#1012628). - KVM: x86: Don't update RIP or do single-step on faulting emulation (bnc#1012628). - uprobes/x86: Fix detection of 32-bit user mode (bnc#1012628). - x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text (bnc#1012628). - x86/apic: Do not initialize LDR and DFR for bigsmp (bnc#1012628). - x86/apic: Include the LDR when clearing out APIC registers (bnc#1012628). - HID: logitech-hidpp: remove support for the G700 over USB (bnc#1012628). - ftrace: Fix NULL pointer dereference in t_probe_next() (bnc#1012628). - ftrace: Check for successful allocation of hash (bnc#1012628). - ftrace: Check for empty hash and comment the race with registering probes (bnc#1012628). - usbtmc: more sanity checking for packet size (bnc#1012628). - usb-storage: Add new JMS567 revision to unusual_devs (bnc#1012628). - USB: cdc-wdm: fix race between write and disconnect due to flag abuse (bnc#1012628). - usb: hcd: use managed device resources (bnc#1012628). - usb: chipidea: udc: don't do hardware access if gadget has stopped (bnc#1012628). - usb: host: ohci: fix a race condition between shutdown and irq (bnc#1012628). - usb: host: xhci: rcar: Fix typo in compatible string matching (bnc#1012628). - USB: storage: ums-realtek: Update module parameter description for auto_delink_en (bnc#1012628). - USB: storage: ums-realtek: Whitelist auto-delink support (bnc#1012628). - tools/power turbostat: Fix caller parameter of get_tdp_amd() (bnc#1012628). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bnc#1012628). - KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long (bnc#1012628). - KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI (bnc#1012628). - mei: me: add Tiger Lake point LP device ID (bnc#1012628). - Revert "mmc: sdhci-tegra: drop ->get_ro() implementation" (bnc#1012628). - mmc: sdhci-of-at91: add quirk for broken HS200 (bnc#1012628). - mmc: sdhci-cadence: enable v4_mode to fix ADMA 64-bit addressing (bnc#1012628). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bnc#1012628). - mmc: sdhci-sprd: fixed incorrect clock divider (bnc#1012628). - mmc: sdhci-sprd: add SDHCI_QUIRK2_PRESET_VALUE_BROKEN (bnc#1012628). - stm class: Fix a double free of stm_source_device (bnc#1012628). - intel_th: pci: Add support for another Lewisburg PCH (bnc#1012628). - intel_th: pci: Add Tiger Lake support (bnc#1012628). - typec: tcpm: fix a typo in the comparison of pdo_max_voltage (bnc#1012628). - fsi: scom: Don't abort operations for minor errors (bnc#1012628). - lkdtm/bugs: fix build error in lkdtm_EXHAUST_STACK (bnc#1012628). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (bnc#1012628). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (bnc#1012628). - Revert "NFSv4/flexfiles: Abort I/O early if the layout segment was invalidated" (bnc#1012628). - lib: logic_pio: Fix RCU usage (bnc#1012628). - lib: logic_pio: Avoid possible overlap for unregistering regions (bnc#1012628). - lib: logic_pio: Add logic_pio_unregister_range() (bnc#1012628). - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bnc#1012628). - drm/amdgpu: fix GFXOFF on Picasso and Raven2 (bnc#1012628). - drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest (bnc#1012628). - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() (bnc#1012628). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bnc#1012628). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bnc#1012628). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bnc#1012628). - VMCI: Release resource if the work is already queued (bnc#1012628). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1012628). - SUNRPC: Don't handle errors if the bind/connect succeeded (bnc#1012628). - mt76: mt76x0u: do not reset radio on resume (bnc#1012628). - mms: sdhci-sprd: add SDHCI_QUIRK_BROKEN_CARD_DETECTION (bnc#1012628). - mm, memcg: partially revert "mm/memcontrol.c: keep local VM counters in sync with the hierarchical ones" (bnc#1012628). - mm: memcontrol: fix percpu vmstats and vmevents flush (bnc#1012628). - Revert "cfg80211: fix processing world regdomain when non modular" (bnc#1012628). - mac80211: fix possible sta leak (bnc#1012628). - cfg80211: Fix Extended Key ID key install checks (bnc#1012628). - mac80211: Don't memset RXCB prior to PAE intercept (bnc#1012628). - mac80211: Correctly set noencrypt for PAE frames (bnc#1012628). - mmc: sdhci-sprd: clear the UHS-I modes read from registers (bnc#1012628). - mmc: sdhci-sprd: Implement the get_max_timeout_count() interface (bnc#1012628). - mmc: sdhci-sprd: add get_ro hook function (bnc#1012628). - iwlwifi: add new cards for 22000 and fix struct name (bnc#1012628). - iwlwifi: add new cards for 22000 and change wrong structs (bnc#1012628). - iwlwifi: add new cards for 9000 and 20000 series (bnc#1012628). - iwlwifi: change 0x02F0 fw from qu to quz (bnc#1012628). - iwlwifi: pcie: add support for qu c-step devices (bnc#1012628). - iwlwifi: pcie: don't switch FW to qnj when ax201 is detected (bnc#1012628). - iwlwifi: pcie: handle switching killer Qu B0 NICs to C0 (bnc#1012628). - drm/i915: Do not create a new max_bpc prop for MST connectors (bnc#1012628). - drm/i915/dp: Fix DSC enable code to use cpu_transcoder instead of encoder->type (bnc#1012628). - bpf: fix use after free in prog symbol exposure (bnc#1012628). - hsr: implement dellink to clean up resources (bnc#1012628). - hsr: fix a NULL pointer deref in hsr_dev_xmit() (bnc#1012628). - hsr: switch ->dellink() to ->ndo_uninit() (bnc#1012628). - Revert "ASoC: Fail card instantiation if DAI format setup fails" (bnc#1012628). - commit bb4c31d - powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts (CVE-2019-15031 bsc#1149713). - powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction (CVE-2019-15030 bsc#1149713). - commit 76a34af - x86/ptrace: fix up botched merge of spectrev1 fix (bnc#1149376 CVE-2019-15902). - commit 77497b6 - config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x (where the feature is not available). This extends the number of functions which are protected by "stack canary" check to catch functions writing past their stack frame. This change was requested by SUSE security to make our kernels more resistant to some types of stack overflow attacks. Tests performed by kernel performance teams confirmed that performance impact is acceptable. - commit d6e8aab ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Do not depend on setuptools to keep the depgraph small and avoid build cycles - Use python[23]-libmxl2 as python names not python-libxml2-python which is kinda confusing - Do not ship libtool archive anymore - Enable tests also in the python subpackages - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files [bsc#1135123] * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch - Merge python-libxml2-python spec and changes files into the libxml2 ones using _multibuild [bsc#1126499, bsc#1123919] ==== makedumpfile ==== Version update (1.6.5 -> 1.6.6) - makedumpfile-Increase-SECTION_MAP_LAST_BIT-to-4.patch: Increase SECTION_MAP_LAST_BIT to 4 (bsc#1144708). - Update to 1.6.6 * Support for AMD Secure Memory Encryption * Exclude pages that are logically offline * Support kernels up to 5.1.9 - Drop makedumpfile-coptflags.diff. ==== multipath-tools ==== Version update (0.8.2+26+suse.d884195 -> 0.8.2+27+suse.3ff280b) Subpackages: kpartx libmpath0 - Update to version 0.8.2+27+suse.3ff280b: * Added upstream patch to fix premature path reinstantiation with san_path_err_XX (boo#1149319) ==== patterns-containers ==== - Add reg to kubernetes utilities pattern ==== permissions ==== Version update (1550_20190711 -> 1550_20190830) Subpackages: chkstat permissions-config - Update to version 20190830: * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687) - Update to version 20190829: * add one more missing slash for icinga2 * fix more missing slashes for directories - Update to version 20190820: * cron directory permissions: add slashes ==== podman ==== Subpackages: podman-cni-config - Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. ==== rpm-config-SUSE ==== Version update (0.g32 -> 0.g35) - Update to version 0.g35: * Add _distconfdir as /usr/etc * find-provides.ksyms, find-requires.ksyms: cleanup kernel version handling (bsc#1145601). * find-requires.ksyms: fix matching of uninstalled files (bsc#1145601). * add changes ==== texinfo ==== Version update (6.5 -> 6.6) - Move texindex.awk to package texinfo as texindex(1) is part of and use this awk script - Port the texinfo-zlib.patch to new version 6.6 to solve build problems - Update to version 6.6: * Language: . new commands @&, @ampchar{} . @cropmarks command removed . @ctrl is no longer recognised (it was a way to insert literal control characters in Info files, but deprecated since the time of Texinfo version 2) . \usebracesinindexestrue is no longer recommended for using braces in index entries, and has been a no-op for some time * texi2any . extension modules fixed to work with the "thread-safe locales" of Perl 5.28 and newer . some code changed to stop warnings being given by newer versions of Perl . for HTML output, use `id' to define link targets instead of the `name' attribute on . A native-code implementation of the Texinfo parser has been included on an experimental basis, which makes texi2any a lot faster. Set the `TEXINFO_XS_PARSER' environment variable to 1 to use. . changes to HTML output: . omit colon after node name in menus by default (use `MENU_ENTRY_COLON' to add it back) . no special CSS for commands like @smallexample . new customization variable `SECTION_NAME_IN_TITLE' to use the section name as the document . use section names instead of node names in generated menus . pass on flags set with -D to TeX . useless static libraries are not installed . the newline after an @insertcopying is not output . warning given for @multitable prototypes not in braces . @indent and @noindent are not allowed inside the arguments to commands where they are not meaningful . @quote-arg and @allow-recursion are not recognised (these two used to be recognised by makeinfo in macro definitions but were never implemented in texinfo.tex) . `FIX_TEXINFO' removed as a customization variable . do not recognise or warn about obsolete customization variables * info . debugging output with -x is not diverted to a separate infodebug file * Development: . switch from Subversion to git - https://savannah.gnu.org/git/?group=texinfo . automake 1.16 - Drop no longer needed patch: * perl-5.28-fixes.patch ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - lsblk: force to print PKNAME for partition with e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch - Remove outdated buildignore for pwdutils, had no effect with shadow anyways ==== util-linux-systemd ==== - lsblk: force to print PKNAME for partition with e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch - Remove outdated buildignore for pwdutils, had no effect with shadow anyways ==== xen ==== - Upstream bug fixes (bsc#1027519) 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch - Preserve modified files which used to be marked as %config, rename file.rpmsave to file