Packages changed: Mesa (20.2.1 -> 20.2.2) Mesa-drivers (20.2.1 -> 20.2.2) cups-filters kexec-tools libinput (1.16.2 -> 1.16.3) libwacom (1.5 -> 1.6) microos-tools (2.7 -> 2.9) open-lldp (1.0.1+69.e8f522565f5a -> 1.1+15.ef8495548d04) patterns-base sddm (0.18.1 -> 0.19.0) selinux-policy srt (1.3.4 -> 1.4.2) sshfs (3.7.0 -> 3.7.1) transactional-update (2.28.2 -> 2.28.3) ucode-intel (20200616 -> 20201110) xen (4.14.0_10 -> 4.14.0_12) yast2 (4.3.38 -> 4.3.41) === Details === ==== Mesa ==== Version update (20.2.1 -> 20.2.2) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.2.2 * second bugfix release for the 20.2 branch ==== Mesa-drivers ==== Version update (20.2.1 -> 20.2.2) Subpackages: Mesa-dri Mesa-gallium - update to 20.2.2 * second bugfix release for the 20.2 branch ==== cups-filters ==== - The wrapper backends /usr/lib/cups/backend/beh and /usr/lib/cups/backend/implicitclass must be installed with 0700 permissions so that cupsd runs them as root (backends with root-only permissions are run as root by cupsd) because otherwise wrapper backends cannot run other backends that need to run as root in particular the ipp backend runs as root and the implicitclass wrapper backend runs it to print via queues that are generated by cupsd-browsed, see the upstream issue https://github.com/OpenPrinting/cups-filters/issues/183 (boo#1178604). ==== kexec-tools ==== - Remove kexec-tools-xen-balloon-up.patch (bsc#1176606) This patch was introduced to address bug#694863, it enabled kexec for HVM at that time. Meanwhile Xen 4.7 introduced "soft-reset" for HVM domUs. This host feature removed the requirement to un-ballon the domU prior kexec. With Xen 4.13 cpuid faulting became the default, which affected the approach used in this patch to detect the domU type. As a result invoking kexec in dom0 failed. ==== libinput ==== Version update (1.16.2 -> 1.16.3) - Update to release 1.16.3 * evdev: reduce the "your system is slow" warning to 5 per hour ==== libwacom ==== Version update (1.5 -> 1.6) Subpackages: libwacom-data libwacom2 - update to 1.6: * add XP Pen G640 * add XP Pen G430 * build fixes ==== microos-tools ==== Version update (2.7 -> 2.9) - Update to version 2.9 - Use absolute path for selinuxenabled in systemd generator - Update to version 2.8 - Don't propagate umounts into the real root - Use content of .autorelabel only if it exists ==== open-lldp ==== Version update (1.0.1+69.e8f522565f5a -> 1.1+15.ef8495548d04) Subpackages: liblldp_clif1 - Update to version v1.1+15.ef8495548d04, by merging upstream version 1.1 + latest, including: * Fix merge error: remove bogus line * vdp22: manpage typo * lldptool: fix manpage * lldp_head: remove all references * add_rtattr: only copy if data is provided This removed the need for the patch disable-werror.patch. ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Add selinux pattern ==== sddm ==== Version update (0.18.1 -> 0.19.0) Subpackages: sddm-branding-openSUSE - Use pam derived username (fix sssd with multiple domains and local groups) * 0001-Use-PAM-s-username.patch - Revert switch to %service_del_postun_without_restart for Leap ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Updated fix_corecommand.patch to set correct types for the OBS build tools ==== srt ==== Version update (1.3.4 -> 1.4.2) - Update to version 1.4.2 New Features and Enhancements * Added support for C++11. Reworked timing and synchronization objects. Three sources of timing are now available (selected via a build option): + POSIX gettimeofday() - default build mode (affected by discontinuous jumps in the system time); + POSIX CLOCK_MONOTONIC. CMake build option: - DENABLE_MONOTONIC_CLOCK=ON. See --enable-monotonic-clock in BuildOptions.md; + C++11 std::chrono::steady_clock, std::thread, std::mutex, etc. CMake build option: - DENABLE_STDCXX_SYNC=ON. See --enable-stdcxx-sync in BuildOptions.md. * Added SRT Source Time API support. It allows setting a source timestamp on a packet that corresponds to a packet creation/reception time. See the Time Access section of the API docs. * Added an improved retransmission algorithm which reduces the retransmission overhead on a link. Set option SRTO_RETRANSMITALGO=1. * Added SRTO_BINDTODEVICE option to bind a socket to a specified NIC. SRTO_BINDTODEVICE option reflects the system option SO_BINDTODEVICE for an SRT socket. * Customizable rejection reason code. SRT library now lets the application provide a code with rejection reason (in a listener callback) if connection request has been rejected by the application. See Rejection Codes in the Access Control guide. * Added new rejection reason: on timeout. See SRT_REJ_TIMEOUT in API-functions.md. * Extended SRT statistics with pktSentUniqueTotal, pktRecvUniqueTotal. Statistics documentation now has a summary table for better navigation. * Added srt_getversion() API function. * Moved socket options documentation to a separate file APISocketOptions.md. It now has a summary table for better navigation. * Socket options SRTO_INPUTBW and SRTO_OHEADBW are now readable. * The logging functionality has been improved by means of defining new and more fine-grained Functional Areas (FA) to which log messages are assigned. This is done to prevent too many debug log messages from the library influencing performance with the debug logging turned on. Fixed Issues * Fixed bug: finding the listener's muxer only by port number was wrong. * Fixed wrong reject reason on async connect. * Fixed CSndLossList::insert with negative offset. * Fixed default binding for IPv6-target rendezvous. * Fixed HS TSBPD flags check. * Improved CRcvLossList protection from concurrent access. * Fixed error reporting on connect/accept. * Correctly handle IPv4 connections on IPv6 listener. * Fixed Moving Average for receiver and sender buffers. * Protecting RCV buffer access. * Fixed local storage depleted issue #486. * Fixed restrictions on pre-bind only options. * Avoid reporting packets rebuilt by FEC as lost. * Improved inserting a serial element into sender's loss list. * Fixed handling of stale loss report. * Fixed closing the crypto control. * Added CSync class as a high-level CV wrapper. * Renamed legacy UDT_EPOLL_* symbols. * Eliminated ref_t. Some more convention fixes. * Crypto: Reset the passphrase in memory on close for security reasons. Deprecated or Renamed * Removed deprecated socket options: SRTO_TWOWAYDATA, SRTO_TSBPDMAXLAG, SRTO_CC, SRTO_MAXMSG, SRTO_MSGTTL, SRTO_SNDPBKEYLEN, SRTO_RCVPBKEYLEN. * Removed deprecated option names: SRTO_SMOOTHER (use SRTO_CONGESTION), SRTO_STRICTENC (use SRTO_ENFORCEDENCRYPTION). version 1.4.1: Improvements * Improved periodic NAK report timing * Use monotonic clock in CTimer::sleepto() * Initial reorder tolerance set to maximum value (SRTO_LOSSMAXTTL) * Added pktReorderTolerance to stats * Use busy wait only to refine below 1 ms * Added SRTO_LOSSMAXTTL to srt_getopt() * Update SND loss list on lite ACK Fixes * Fixed catching exception from CUDTUnited::connect_complete() * Fixed missing vertical FEC/CTL packet * Fixed bandwidth measurement on non-monotonic or retransmitted packets * Fixed srt_getopt(...): optlen is not set in some cases. * Fixed EPoll update_usock * Fixed checkTimers interval (100ms -> 10 ms) * Fixed SRT Stats backward compatibility (CBytePerfMon fields order) * Fixed FEC crash when a large number of dropped packets occur * Fixed FEC crash (access item out of range) * Fixed FileCC crash. Prevented 0 pktsInFlight to be used in the calculation for loss percentage version 1.4.0: New Features and Enhancements * Updates to epoll API. Added edge-triggered epoll wait. * srt-live-transmit default chunk size set to 1456 * Added forward error correction (FEC) packet filter * Added Packet filter API * File congestion control improvements Fixed Issues * Free addrinfo if bind fails (potential memory leak) * Fixed SRTO_LOSSMAXTTL option on accepted socket * Fixed blocking srt_connect call (state update) * Fixed potential sender's sockets list overflow * Use MONOTONIC clock in Garbage Collector thread - Drop CVE-2019-15784.patch (fixed upstream) ==== sshfs ==== Version update (3.7.0 -> 3.7.1) - Update to version 3.7.1 * Minor bugfixes ==== transactional-update ==== Version update (2.28.2 -> 2.28.3) Subpackages: transactional-update-zypp-config - Version 2.38.3 - SELinux: Make synchronisation work for both pre-SELinux snapshots and later snapshots; SELinux support should be ready for most tasks now. ==== ucode-intel ==== Version update (20200616 -> 20201110) - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Releasenotes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel® Core? Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel® Core? Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel® Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel® Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel® Xeon® E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel® Xeon® E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. [#]## New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile [#]## Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile ==== xen ==== Version update (4.14.0_10 -> 4.14.0_12) - bsc#1178591 - VUL-0: xen: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 xsa351-1.patch xsa351-2.patch xsa351-3.patch - bsc#1177950 - adjust help for --max_iters, default is 5 libxl.set-migration-constraints-from-cmdline.patch - jsc#SLE-16899 - improve performance of live migration remove allocations and memcpy from hotpaths on sending and receiving side to get more throughput on 10Gbs+ connections libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch libxc-sr-add-xc_is_known_page_type.patch libxc-sr-arrays.patch libxc-sr-batch_pfns.patch libxc-sr-page_type_has_stream_data.patch libxc-sr-readv_exact.patch libxc-sr-restore-handle_buffered_page_data.patch libxc-sr-restore-handle_incoming_page_data.patch libxc-sr-restore-map_errs.patch libxc-sr-restore-mfns.patch libxc-sr-restore-pfns.patch libxc-sr-restore-populate_pfns-mfns.patch libxc-sr-restore-populate_pfns-pfns.patch libxc-sr-restore-read_record.patch libxc-sr-restore-types.patch libxc-sr-save-errors.patch libxc-sr-save-guest_data.patch libxc-sr-save-iov.patch libxc-sr-save-local_pages.patch libxc-sr-save-mfns.patch libxc-sr-save-rec_pfns.patch libxc-sr-save-show_transfer_rate.patch libxc-sr-save-types.patch libxc-sr-use-xc_is_known_page_type.patch adjust libxc.sr.superpage.patch adjust libxc.migrate_tracking.patch ==== yast2 ==== Version update (4.3.38 -> 4.3.41) - add methods to decide if hibernation should be proposed (jsc#SLE-12280) - 4.3.41 - Ensure #current_items always returns a list. - Related to bsc#1177137. - 4.3.40 - CWM ComboBox: query the current items offered by the widget when the list of items is extended by a new value (bsc#1177137) - 4.3.39