Packages changed: Mesa apache2 (2.4.49 -> 2.4.51) apache2-manual (2.4.49 -> 2.4.51) apache2-prefork (2.4.49 -> 2.4.51) apache2-utils (2.4.49 -> 2.4.51) bash bolt ca-certificates-mozilla (2.50 -> 2.52) cepces cogl e2fsprogs elfutils elfutils-debuginfod filesystem gawk gtk4 hiredis (1.0.0 -> 1.0.2) hxtools (20210803 -> 20210928) k4dirstat (3.2.2 -> 3.3.0) kernel-source (5.14.6 -> 5.14.9) ldb (2.3.0 -> 2.4.0) libcap (2.51 -> 2.59) libjpeg-turbo libsolv (0.7.19 -> 0.7.20) libsoup2 libstorage-ng (4.4.41 -> 4.4.43) llvm12 lz4 mhvtl (1.63_release+759.35ddb48e5262_k5.14.6_2 -> 1.63_release+759.35ddb48e5262_k5.14.9_1) mozilla-nss (3.69.1 -> 3.70) opensc (0.21.0 -> 0.22.0) python-lazr.config (2.2.2 -> 2.2.3) redis (6.2.5 -> 6.2.6) rng-tools rubygem-sassc-2.2 samba (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c) squid (4.16 -> 5.2) step (21.08.1 -> 21.08.2) suse-module-tools (16.0.10+7 -> 16.0.11) sweeper (21.08.1 -> 21.08.2) tar texinfo timezone (2021a -> 2021c) timezone-java (2021a -> 2021c) transactional-update (3.5.5 -> 3.5.6) trousers umbrello (21.08.1 -> 21.08.2) yakuake (21.08.1 -> 21.08.2) === Details === ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ==== apache2 ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== apache2-manual ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== apache2-prefork ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== apache2-utils ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== bash ==== Subpackages: bash-doc bash-lang - Install bash_builtins manpage under the correct name ==== bolt ==== - Need in SLE * Support for working with adapters without ROMs is needed (jsc#SLE-19359) ==== ca-certificates-mozilla ==== Version update (2.50 -> 2.52) - updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added CAs: + HARICA Client ECC Root CA 2021 + HARICA Client RSA Root CA 2021 + HARICA TLS ECC Root CA 2021 + HARICA TLS RSA Root CA 2021 + TunTrust Root CA - remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021. (bsc#1190858) ==== cepces ==== Subpackages: cepces-certmonger cepces-selinux python3-cepces - Only install the selinux policy if necessary - Add missing dependency on the main package to the certmonger subpackage - Use %license and move it to the common subpackage - Avoid bashisms - Fix file list for the python subpackage for 3.10+ - Also disable selinux in 15.4, since it is still not supported. ==== cogl ==== Subpackages: cogl-lang libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-CoglPango-1_0 - Add 2bd3cbed45d633fb15625d58e6b7cb8721b0ba98.patch: cogl-gles2: Fix undefined references. Following this, add libtool BuildRequires and pass autoreconf call before configure as the patch touches the buildsystem. - Add patches from fedora that should have gone upstream: + 0001-egl-Use-eglGetPlatformDisplay-not-eglGetDisplay.patch: egl: Use eglGetPlatformDisplay not eglGetDisplay. + 0002-add-GL_ARB_shader_texture_lod-support.patch: Add GL_ARB_shader_texture_lod support. + 0003-texture-support-copy_sub_image.patch: texture: Support copy_sub_image. ==== e2fsprogs ==== Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2 - quota-Add-support-to-version-0-quota-format.patch: quota: Add support to version 0 quota format (jsc#SLE-17360) quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360) quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360) tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota files (jsc#SLE-17360) e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not trash user limits when processing orphan list (jsc#SLE-17360) debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota commands (jsc#SLE-17360) quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360) - add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships with them ==== elfutils ==== Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Enhance license fields: all the libraries actually have a different license to the tools. While the tools are GPL-3.0-or-later, the libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later) SLE bug (for tracking the above) bsc#1191310 ==== elfutils-debuginfod ==== - Enhance license fields: all the libraries actually have a different license to the tools. While the tools are GPL-3.0-or-later, the libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later) ==== filesystem ==== - don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on file trigger compat mode in that case and do it posttrans (boo#1189788). - generic %ghost handling instead of hardcoding ==== gawk ==== - remove update-alternatives support, as on linux systems GNU software (i.e. gawk in this case) is usually considered the default implementation. - use %make macros ==== gtk4 ==== Subpackages: gtk4-lang gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0 - Fix a syntax error in the gtk4_immodule_postun RPM macro ==== hiredis ==== Version update (1.0.0 -> 1.0.2) - hiredis 1.0.2 * Hiredis v1.0.2 is a security release with a fix for CVE-2021-32765. v1.0.1 erroneously bumped the SONAME so should be skipped. - hiredis 1.0.1: * CVE-2021-32765: integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data boo#1191331 ==== hxtools ==== Version update (20210803 -> 20210928) Subpackages: fd0ssh ofl - Update to release 20210928 * vfontas: add recognition for BDF glyphs as produced by fontforge from PCF * kbd: map beta to eszett on cp437x * vfontas: recognize "idem" lines in kbd unimaps * vfontas: add -setbold, -setprop, -lgeu, -lgeuf commands ==== k4dirstat ==== Version update (3.2.2 -> 3.3.0) Subpackages: k4dirstat-lang - Update to 3.3.0 * Show free space in the status bar * Refresh tree after deleting a file * Fix a crash when clicking on the name column * Quote %-escapes strings in the .desktop Exec key * Fix all compilation warnings with Qt 5.15 and KDE 5.85 ==== kernel-source ==== Version update (5.14.6 -> 5.14.9) Subpackages: kernel-default kernel-docs - ALSA: usb-audio: Restrict rates for the shared clocks (bsc#1190418). - commit d0ace7f - Update patches.kernel.org/5.14.9-147-Revert-drm-vc4-hdmi-runtime-PM-changes.patch (bsc#1012628 bsc#1190469). - Delete patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch. The former superseded the latter. - commit 2bc4ba2 - Linux 5.14.9 (bsc#1012628). - mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable() (bsc#1012628). - ocfs2: drop acl cache for directories too (bsc#1012628). - mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN (bsc#1012628). - mm: fix uninitialized use in overcommit_policy_handler (bsc#1012628). - usb: gadget: r8a66597: fix a loop in set_feature() (bsc#1012628). - usb: gadget: u_audio: EP-OUT bInterval in fback frequency (bsc#1012628). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (bsc#1012628). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (bsc#1012628). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (bsc#1012628). - cifs: Not to defer close on file when lock is set (bsc#1012628). - cifs: Fix soft lockup during fsstress (bsc#1012628). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1012628). - xen/x86: fix PV trap handling on secondary processors (bsc#1012628). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (bsc#1012628). - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (bsc#1012628). - USB: cdc-acm: fix minor-number release (bsc#1012628). - Revert "USB: bcma: Add a check for devm_gpiod_get" (bsc#1012628). - binder: make sure fd closes complete (bsc#1012628). - binder: fix freeze race (bsc#1012628). - staging: greybus: uart: fix tty use after free (bsc#1012628). - usb: isp1760: do not sleep in field register poll (bsc#1012628). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (bsc#1012628). - usb: dwc3: core: balance phy init and exit (bsc#1012628). - usb: cdns3: fix race condition before setting doorbell (bsc#1012628). - usb: core: hcd: Add support for deferring roothub registration (bsc#1012628). - USB: serial: mos7840: remove duplicated 0xac24 device ID (bsc#1012628). - USB: serial: option: add Telit LN920 compositions (bsc#1012628). - USB: serial: option: remove duplicate USB device ID (bsc#1012628). - USB: serial: option: add device id for Foxconn T99W265 (bsc#1012628). - misc: bcm-vk: fix tty registration race (bsc#1012628). - misc: genwqe: Fixes DMA mask setting (bsc#1012628). - mcb: fix error handling in mcb_alloc_bus() (bsc#1012628). - KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest (bsc#1012628). - erofs: fix up erofs_lookup tracepoint (bsc#1012628). - nexthop: Fix division by zero while replacing a resilient group (bsc#1012628). - btrfs: prevent __btrfs_dump_space_info() to underflow its free space (bsc#1012628). - xhci: Set HCD flag to defer primary roothub registration (bsc#1012628). - serial: 8250: 8250_omap: Fix RX_LVL register offset (bsc#1012628). - serial: mvebu-uart: fix driver's tx_empty callback (bsc#1012628). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (bsc#1012628). - drm/amd/pm: Update intermediate power state for SI (bsc#1012628). - net: hso: fix muxed tty registration (bsc#1012628). - platform/x86: amd-pmc: Increase the response register timeout (bsc#1012628). - arm64: Restore forced disabling of KPTI on ThunderX (bsc#1012628). - arm64: Mitigate MTE issues with str{n}cmp() (bsc#1012628). - comedi: Fix memory leak in compat_insnlist() (bsc#1012628). - regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name (bsc#1012628). - afs: Fix page leak (bsc#1012628). - afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation (bsc#1012628). - afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server (bsc#1012628). - afs: Fix updating of i_blocks on file/dir extension (bsc#1012628). - platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR() (bsc#1012628). - regulator: max14577: Revert "regulator: max14577: Add proper module aliases strings" (bsc#1012628). - NLM: Fix svcxdr_encode_owner() (bsc#1012628). - virtio-net: fix pages leaking when building skb in big mode (bsc#1012628). - enetc: Fix illegal access when reading affinity_hint (bsc#1012628). - enetc: Fix uninitialized struct dim_sample field usage (bsc#1012628). - net: dsa: tear down devlink port regions when tearing down the devlink port on error (bsc#1012628). - net: bgmac-bcma: handle deferred probe error due to mac-address (bsc#1012628). - napi: fix race inside napi_enable (bsc#1012628). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (bsc#1012628). - net: hns3: fix change RSS 'hfunc' ineffective issue (bsc#1012628). - net: hns3: fix inconsistent vf id print (bsc#1012628). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1012628). - net: hns3: check queue id range before using (bsc#1012628). - net: hns3: check vlan id before using it (bsc#1012628). - net: hns3: fix a return value error in hclge_get_reset_status() (bsc#1012628). - net/smc: add missing error check in smc_clc_prfx_set() (bsc#1012628). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (bsc#1012628). - net: dsa: fix dsa_tree_setup error path (bsc#1012628). - net: dsa: don't allocate the slave_mii_bus using devres (bsc#1012628). - net: dsa: realtek: register the MDIO bus under devres (bsc#1012628). - platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build error (bsc#1012628). - kselftest/arm64: signal: Add SVE to the set of features we can check for (bsc#1012628). - kselftest/arm64: signal: Skip tests if required features are missing (bsc#1012628). - spi: Revert modalias changes (bsc#1012628). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (bsc#1012628). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (bsc#1012628). - gpio: uniphier: Fix void functions to remove return value (bsc#1012628). - qed: rdma - don't wait for resources under hw error recovery flow (bsc#1012628). - mptcp: ensure tx skbs always have the MPTCP ext (bsc#1012628). - nexthop: Fix memory leaks in nexthop notification chain listeners (bsc#1012628). - nfc: st-nci: Add SPI ID matching DT compatible (bsc#1012628). - net: ethernet: mtk_eth_soc: avoid creating duplicate offload entries (bsc#1012628). - net: mscc: ocelot: fix forwarding from BLOCKING ports remaining enabled (bsc#1012628). - net/mlx4_en: Don't allow aRFS for encapsulated packets (bsc#1012628). - atlantic: Fix issue in the pm resume flow (bsc#1012628). - drm/amdkfd: map SVM range with correct access permission (bsc#1012628). - drm/amdkfd: fix dma mapping leaking warning (bsc#1012628). - scsi: iscsi: Adjust iface sysfs attr detection (bsc#1012628). - scsi: target: Fix the pgr/alua_support_store functions (bsc#1012628). - tty: synclink_gt: rename a conflicting function name (bsc#1012628). - fpga: machxo2-spi: Return an error on failure (bsc#1012628). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (bsc#1012628). - x86/fault: Fix wrong signal when vsyscall fails with pkey (bsc#1012628). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (bsc#1012628). - nvme: keep ctrl->namespaces ordered (bsc#1012628). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (bsc#1012628). - cifs: fix a sign extension bug (bsc#1012628). - scsi: sd_zbc: Support disks with more than 2**32 logical blocks (bsc#1012628). - scsi: ufs: Revert "Utilize Transfer Request List Completion Notification Register" (bsc#1012628). - scsi: ufs: Retry aborted SCSI commands instead of completing these successfully (bsc#1012628). - scsi: ufs: core: Unbreak the reset handler (bsc#1012628). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1012628). - scsi: lpfc: Use correct scnprintf() limit (bsc#1012628). - irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build (bsc#1012628). - irqchip/gic-v3-its: Fix potential VPE leak on error (bsc#1012628). - md: fix a lock order reversal in md_alloc (bsc#1012628). - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1012628). - io_uring: fix race between poll completion and cancel_hash insertion (bsc#1012628). - io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow (bsc#1012628). - io_uring: put provided buffer meta data under memcg accounting (bsc#1012628). - io_uring: don't punt files update to io-wq unconditionally (bsc#1012628). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1012628). - net: phylink: Update SFP selected interface on advertising changes (bsc#1012628). - net: macb: fix use after free on rmmod (bsc#1012628). - net: stmmac: allow CSR clock of 300MHz (bsc#1012628). - blk-mq: avoid to iterate over stale request (bsc#1012628). - m68k: Double cast io functions to unsigned long (bsc#1012628). - ipv6: delay fib6_sernum increase in fib6_add (bsc#1012628). - dma-debug: prevent an error message from causing runtime problems (bsc#1012628). - cpufreq: intel_pstate: Override parameters if HWP forced by BIOS (bsc#1012628). - bpf: Add oversize check before call kvcalloc() (bsc#1012628). - xen/balloon: use a kernel thread instead a workqueue (bsc#1012628). - nvme-multipath: fix ANA state updates when a namespace is not present (bsc#1012628). - nvme-rdma: destroy cm id before destroy qp to avoid use after free (bsc#1012628). - sparc32: page align size in arch_dma_alloc (bsc#1012628). - amd/display: downgrade validation failure log level (bsc#1012628). - drm/ttm: fix type mismatch error on sparc64 (bsc#1012628). - block: check if a profile is actually registered in blk_integrity_unregister (bsc#1012628). - block: flush the integrity workqueue in blk_integrity_unregister (bsc#1012628). - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1012628). - compiler.h: Introduce absolute_pointer macro (bsc#1012628). - net: i825xx: Use absolute_pointer for memcpy from fixed memory location (bsc#1012628). - sparc: avoid stringop-overread errors (bsc#1012628). - qnx4: avoid stringop-overread errors (bsc#1012628). - parisc: Use absolute_pointer() to define PAGE0 (bsc#1012628). - drm/amdkfd: make needs_pcie_atomics FW-version dependent (bsc#1012628). - drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo (bsc#1012628). - drm/amd/display: Link training retry fix for abort case (bsc#1012628). - amd/display: enable panel orientation quirks (bsc#1012628). - arm64: Mark __stack_chk_guard as __ro_after_init (bsc#1012628). - alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile (bsc#1012628). - net: 6pack: Fix tx timeout and slot time (bsc#1012628). - spi: Fix tegra20 build with CONFIG_PM=n (bsc#1012628). - libperf evsel: Make use of FD robust (bsc#1012628). - Revert drm/vc4 hdmi runtime PM changes (bsc#1012628). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1012628). - EDAC/dmc520: Assign the proper type to dimm->edac_mode (bsc#1012628). - x86/setup: Call early_reserve_memory() earlier (bsc#1012628). - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (bsc#1012628). - irqchip/armada-370-xp: Fix ack/eoi breakage (bsc#1012628). - arm64: add MTE supported check to thread switching and syscall entry/exit (bsc#1012628). - USB: serial: cp210x: fix dropped characters with CP2102 (bsc#1012628). - software node: balance refcount for managed software nodes (bsc#1012628). - xen/balloon: fix balloon kthread freezing (bsc#1012628). - qnx4: work around gcc false positive warning bug (bsc#1012628). - usb: gadget: f_uac2: Add missing companion descriptor for feedback EP (bsc#1012628). - usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval (bsc#1012628). - Refresh patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch. - commit 85f5318 - arm64: Update config files. (bsc#1185927) Set PINCTRL_ZYNQMP as build-in. - commit 4ae263c - blacklist.conf: add idxd commit - commit 06dbf6b - nvmet: fix a width vs precision bug in nvmet_subsys_attr_serial_show() (git-fixes). - commit fef4ef0 - Linux 5.14.8 (bsc#1012628). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (bsc#1012628). - selinux,smack: fix subjective/objective credential use mixups (bsc#1012628). - io_uring: fix off-by-one in BUILD_BUG_ON check of __REQ_F_LAST_BIT (bsc#1012628). - cifs: properly invalidate cached root handle when closing it (bsc#1012628). - sched/idle: Make the idle timer expire in hard interrupt context (bsc#1012628). - rtc: rx8010: select REGMAP_I2C (bsc#1012628). - blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for multiple_queues (bsc#1012628). - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() (bsc#1012628). - block: genhd: don't call blkdev_show() with major_names_lock held (bsc#1012628). - nvmet: fixup buffer overrun in nvmet_subsys_attr_serial() (bsc#1012628). - pwm: stm32-lp: Don't modify HW state in .remove() callback (bsc#1012628). - pwm: rockchip: Don't modify HW state in .remove() callback (bsc#1012628). - pwm: img: Don't modify HW state in .remove() callback (bsc#1012628). - habanalabs: cannot sleep while holding spinlock (bsc#1012628). - habanalabs: add "in device creation" status (bsc#1012628). - habanalabs: fix mmu node address resolution in debugfs (bsc#1012628). - habanalabs: add validity check for event ID received from F/W (bsc#1012628). - drm/amdgpu: fix fdinfo race with process exit (bsc#1012628). - drm/amd/display: Fix memory leak reported by coverity (bsc#1012628). - drm/amdgpu: Fixes to returning VBIOS RAS EEPROM address (bsc#1012628). - habanalabs: fix nullifying of destroyed mmu pgt pool (bsc#1012628). - thermal/drivers/rcar_gen3_thermal: Store TSC id as unsigned int (bsc#1012628). - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group (bsc#1012628). - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group (bsc#1012628). - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group (bsc#1012628). - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group (bsc#1012628). - nilfs2: fix NULL pointer in nilfs_##name##_attr_release (bsc#1012628). - nilfs2: fix memory leak in nilfs_sysfs_create_device_group (bsc#1012628). - btrfs: fix lockdep warning while mounting sprout fs (bsc#1012628). - btrfs: delay blkdev_put until after the device remove (bsc#1012628). - btrfs: update the bdev time directly when closing (bsc#1012628). - s390/unwind: use current_frame_address() to unwind current task (bsc#1012628). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1012628). - ceph: remove the capsnaps when removing caps (bsc#1012628). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1012628). - ceph: fix memory leak on decode error in ceph_handle_caps (bsc#1012628). - ACPI: PM: s2idle: Run both AMD and Microsoft methods if both are supported (bsc#1012628). - ASoC: audio-graph: respawn Platform Support (bsc#1012628). - s390: add kmemleak annotation in stack_alloc() (bsc#1012628). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (bsc#1012628). - dmaengine: ioat: depends on !UML (bsc#1012628). - cxl/pci: Introduce cdevm_file_operations (bsc#1012628). - cxl: Move cxl_core to new directory (bsc#1012628). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - dmaengine: idxd: depends on !UML (bsc#1012628). - riscv: dts: microchip: mpfs-icicle: Fix serial console (bsc#1012628). - of: property: Disable fw_devlink DT support for X86 (bsc#1012628). - drm/ttm: Fix a deadlock if the target BO is not idle during swap (bsc#1012628). - arm64: mm: limit linear region to 51 bits for KVM in nVHE mode (bsc#1012628). - iommu/vt-d: Fix a deadlock in intel_svm_drain_prq() (bsc#1012628). - iommu/vt-d: Fix PASID leak in intel_svm_unbind_mm() (bsc#1012628). - iommu/amd: Relocate GAMSup check to early_enable_iommus (bsc#1012628). - parisc: Move pci_dev_is_behind_card_dino to where it is used (bsc#1012628). - dma-buf: DMABUF_DEBUG should depend on DMA_SHARED_BUFFER (bsc#1012628). - Update config files. - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (bsc#1012628). - Update config files. - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (bsc#1012628). - drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform (bsc#1012628). - thermal/core: Fix thermal_cooling_device_register() prototype (bsc#1012628). - tracing/boot: Fix to loop on only subkeys (bsc#1012628). - tools/bootconfig: Fix tracing_on option checking in ftrace2bconf.sh (bsc#1012628). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (bsc#1012628). - init: move usermodehelper_enable() to populate_rootfs() (bsc#1012628). - math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead of selecting it (bsc#1012628). - SUNRPC: don't pause on incomplete allocation (bsc#1012628). - s390/entry: make oklabel within CHKSTG macro local (bsc#1012628). - platform/chrome: cros_ec_trace: Fix format warnings (bsc#1012628). - platform/chrome: sensorhub: Add trace events for sample (bsc#1012628). - dmaengine: idxd: clear block on fault flag when clear wq (bsc#1012628). - dmaengine: idxd: fix abort status check (bsc#1012628). - dmaengine: idxd: fix wq slot allocation index check (bsc#1012628). - dmaengine: idxd: have command status always set (bsc#1012628). - dmanegine: idxd: cleanup all device related bits after disabling device (bsc#1012628). - pwm: mxs: Don't modify HW state in .probe() after the PWM chip was registered (bsc#1012628). - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered (bsc#1012628). - ceph: cancel delayed work instead of flushing on mdsc teardown (bsc#1012628). - thermal/drivers/qcom/spmi-adc-tm5: Don't abort probing if a sensor is not used (bsc#1012628). - PM: sleep: core: Avoid setting power.must_resume to false (bsc#1012628). - profiling: fix shift-out-of-bounds bugs (bsc#1012628). - nilfs2: use refcount_dec_and_lock() to fix potential UAF (bsc#1012628). - prctl: allow to setup brk for et_dyn executables (bsc#1012628). - pwm: ab8500: Fix register offset calculation to not depend on probe order (bsc#1012628). - 9p/trans_virtio: Remove sysfs file on probe failure (bsc#1012628). - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() (bsc#1012628). - n64cart: fix return value check in n64cart_probe() (bsc#1012628). - staging: rtl8723bs: fix wpa_set_auth_algs() function (bsc#1012628). - perf tools: Allow build-id with trailing zeros (bsc#1012628). - perf symbol: Look for ImageBase in PE file to compute .text offset (bsc#1012628). - perf test: Fix bpf test sample mismatch reporting (bsc#1012628). - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ (bsc#1012628). - RDMA/mlx5: Fix xlt_chunk_align calculation (bsc#1012628). - RDMA/hns: Enable stash feature of HIP09 (bsc#1012628). - um: virtio_uml: fix memory leak on init failures (bsc#1012628). - coredump: fix memleak in dump_vma_snapshot() (bsc#1012628). - um: fix stub location calculation (bsc#1012628). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (bsc#1012628). - console: consume APC, DM, DCS (bsc#1012628). - PCI: aardvark: Fix reporting CRS value (bsc#1012628). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (bsc#1012628). - commit 94242c6 - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).") - commit e082fbf - Linux 5.14.7 (bsc#1012628). - net: stmmac: fix MAC not working when system resume back with WoL active (bsc#1012628). - io_uring: ensure symmetry in handling iter types in loop_rw_iter() (bsc#1012628). - swiotlb-xen: avoid double free (bsc#1012628). - swiotlb-xen: fix late init retry (bsc#1012628). - xen: reset legacy rtc flag for PV domU (bsc#1012628). - xen: fix usage of pmd_populate in mremap for pv guests (bsc#1012628). - bnx2x: Fix enabling network interfaces without VFs (bsc#1012628). - arm64/sve: Use correct size when reinitialising SVE state (bsc#1012628). - PM: base: power: don't try to use non-existing RTC for storing data (bsc#1012628). - PCI: Add AMD GPU multi-function power dependencies (bsc#1012628). - drm/amd/display: Get backlight from PWM if DMCU is not initialized (bsc#1012628). - drm/amd/display: dsc mst 2 4K displays go dark with 2 lane HBR3 (bsc#1012628). - drm/amd/display: Fix white screen page fault for gpuvm (bsc#1012628). - drm/amd/pm: fix runpm hang when amdgpu loaded prior to sound driver (bsc#1012628). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (bsc#1012628). - drm/amdgpu: use IS_ERR for debugfs APIs (bsc#1012628). - drm/amdgpu: fix use after free during BO move (bsc#1012628). - drm/amdgpu: add amdgpu_amdkfd_resume_iommu (bsc#1012628). - drm/amdgpu: move iommu_resume before ip init/resume (bsc#1012628). - drm/amd/pm: fix the issue of uploading powerplay table (bsc#1012628). - drm/amdkfd: separate kfd_iommu_resume from kfd_resume (bsc#1012628). - drm/radeon: pass drm dev radeon_agp_head_init directly (bsc#1012628). - io_uring: allow retry for O_NONBLOCK if async is supported (bsc#1012628). - drm/etnaviv: return context from etnaviv_iommu_context_get (bsc#1012628). - drm/etnaviv: put submit prev MMU context when it exists (bsc#1012628). - drm/etnaviv: stop abusing mmu_context as FE running marker (bsc#1012628). - drm/etnaviv: keep MMU context across runtime suspend/resume (bsc#1012628). - drm/etnaviv: exec and MMU state is lost when resetting the GPU (bsc#1012628). - drm/etnaviv: fix MMU context leak on GPU reset (bsc#1012628). - drm/etnaviv: reference MMU context when setting up hardware state (bsc#1012628). - drm/etnaviv: add missing MMU context put when reaping MMU mapping (bsc#1012628). - s390/sclp: fix Secure-IPL facility detection (bsc#1012628). - net: qrtr: revert check in qrtr_endpoint_post() (bsc#1012628). - x86/pat: Pass valid address to sanitize_phys() (bsc#1012628). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1012628). - x86/mce: Avoid infinite loop for copy from user recovery (bsc#1012628). - net: remove the unnecessary check in cipso_v4_doi_free (bsc#1012628). - net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert (bsc#1012628). - net-caif: avoid user-triggerable WARN_ON(1) (bsc#1012628). - ptp: dp83640: don't define PAGE0 (bsc#1012628). - dccp: don't duplicate ccid when cloning dccp sock (bsc#1012628). - net/l2tp: Fix reference count leak in l2tp_udp_recv_core (bsc#1012628). - r6040: Restore MDIO clock frequency after MAC reset (bsc#1012628). - tipc: increase timeout in tipc_sk_enqueue() (bsc#1012628). - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (bsc#1012628). - rtc: cmos: Disable irq around direct invocation of cmos_interrupt() (bsc#1012628). - drm/i915/dp: return proper DPRX link training result (bsc#1012628). - perf machine: Initialize srcline string member in add_location struct (bsc#1012628). - net/mlx5: FWTrace, cancel work on alloc pd error flow (bsc#1012628). - net/mlx5: Fix potential sleeping in atomic context (bsc#1012628). - net: stmmac: fix system hang caused by eee_ctrl_timer during suspend/resume (bsc#1012628). - igc: fix tunnel offloading (bsc#1012628). - nvme-tcp: fix io_work priority inversion (bsc#1012628). - powerpc/64s: system call scv tabort fix for corrupt irq soft-mask state (bsc#1012628). - events: Reuse value read using READ_ONCE instead of re-reading it (bsc#1012628). - net: ipa: initialize all filter table slots (bsc#1012628). - gen_compile_commands: fix missing 'sys' package (bsc#1012628). - vhost_net: fix OoB on sendmsg() failure (bsc#1012628). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1012628). - net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup (bsc#1012628). - x86/uaccess: Fix 32-bit __get_user_asm_u64() when CC_HAS_ASM_GOTO_OUTPUT=y (bsc#1012628). - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() (bsc#1012628). - selftest: net: fix typo in altname test (bsc#1012628). - qed: Handle management FW error (bsc#1012628). - udp_tunnel: Fix udp_tunnel_nic work-queue type (bsc#1012628). - dt-bindings: arm: Fix Toradex compatible typo (bsc#1012628). - ibmvnic: check failover_pending in login response (bsc#1012628). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1012628). - powerpc/64s: system call rfscv workaround for TM bugs (bsc#1012628). - powerpc/mce: Fix access error in mce handler (bsc#1012628). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (bsc#1012628). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (bsc#1012628). - net: hns3: pad the short tunnel frame before sending to hardware (bsc#1012628). - net: hns3: change affinity_mask to numa node range (bsc#1012628). - net: hns3: disable mac in flr process (bsc#1012628). - net: hns3: fix the timing issue of VF clearing interrupt sources (bsc#1012628). - net: stmmac: platform: fix build warning when with !CONFIG_PM_SLEEP (bsc#1012628). - Drivers: hv: vmbus: Fix kernel crash upon unbinding a device from uio_hv_generic driver (bsc#1012628). - net/mlx5e: Fix mutual exclusion between CQE compression and HW TS (bsc#1012628). - ice: Correctly deal with PFs that do not support RDMA (bsc#1012628). - net: dsa: qca8k: fix kernel panic with legacy mdio mapping (bsc#1012628). - net: dsa: lantiq_gswip: Add 200ms assert delay (bsc#1012628). - net: hns3: fix the exception when query imp info (bsc#1012628). - nvme: avoid race in shutdown namespace removal (bsc#1012628). - blkcg: fix memory leak in blk_iolatency_init (bsc#1012628). - net: dsa: flush switchdev workqueue before tearing down CPU/DSA ports (bsc#1012628). - mlxbf_gige: clear valid_polarity upon open (bsc#1012628). - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation (bsc#1012628). - remoteproc: qcom: wcnss: Fix race with iris probe (bsc#1012628). - mfd: db8500-prcmu: Adjust map to reality (bsc#1012628). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (bsc#1012628). - fuse: fix use after free in fuse_read_interrupt() (bsc#1012628). - PCI: tegra194: Fix handling BME_CHGED event (bsc#1012628). - PCI: tegra194: Fix MSI-X programming (bsc#1012628). - PCI: tegra: Fix OF node reference leak (bsc#1012628). - mfd: Don't use irq_create_mapping() to resolve a mapping (bsc#1012628). - PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe() (bsc#1012628). - riscv: fix the global name pfn_base confliction error (bsc#1012628). - KVM: arm64: Make hyp_panic() more robust when protected mode is enabled (bsc#1012628). - tracing/probes: Reject events which have the same name of existing one (bsc#1012628). - PCI: cadence: Use bitfield for *quirk_retrain_flag* instead of bool (bsc#1012628). - PCI: cadence: Add quirk flag to set minimum delay in LTSSM Detect.Quiet state (bsc#1012628). - PCI: j721e: Add PCIe support for J7200 (bsc#1012628). - PCI: j721e: Add PCIe support for AM64 (bsc#1012628). - PCI: Add ACS quirks for Cavium multi-function devices (bsc#1012628). - watchdog: Start watchdog in watchdog_set_last_hw_keepalive only if appropriate (bsc#1012628). - octeontx2-af: Add additional register check to rvu_poll_reg() (bsc#1012628). - Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (bsc#1012628). - flow: fix object-size-mismatch warning in flowi{4,6}_to_flowi_common() (bsc#1012628). - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (bsc#1012628). - block, bfq: honor already-setup queue merges (bsc#1012628). - PCI: ibmphp: Fix double unmap of io_mem (bsc#1012628). - loop: reduce the loop_ctl_mutex scope (bsc#1012628). - ethtool: Fix an error code in cxgb2.c (bsc#1012628). - NTB: Fix an error code in ntb_msit_probe() (bsc#1012628). - NTB: perf: Fix an error code in perf_setup_inbuf() (bsc#1012628). - stmmac: dwmac-loongson:Fix missing return value (bsc#1012628). - net: phylink: add suspend/resume support (bsc#1012628). - mfd: axp20x: Update AXP288 volatile ranges (bsc#1012628). - backlight: ktd253: Stabilize backlight (bsc#1012628). - PCI: controller: PCI_IXP4XX should depend on ARCH_IXP4XX (bsc#1012628). - PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing 'ranges' (bsc#1012628). - PCI: iproc: Fix BCMA probe resource handling (bsc#1012628). - netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex (bsc#1012628). - KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and 16K page size (bsc#1012628). - PCI: Fix pci_dev_str_match_path() alloc while atomic bug (bsc#1012628). - mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set (bsc#1012628). - tracing/boot: Fix a hist trigger dependency for boot time tracing (bsc#1012628). - mtd: mtdconcat: Judge callback existence based on the master (bsc#1012628). - mtd: mtdconcat: Check _read, _write callbacks existence before assignment (bsc#1012628). - KVM: arm64: Fix read-side race on updates to vcpu reset state (bsc#1012628). - KVM: arm64: Handle PSCI resets before userspace touches vCPU state (bsc#1012628). - PCI/PTM: Remove error message at boot (bsc#1012628). - PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n (bsc#1012628). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (bsc#1012628). - ARC: export clear_user_page() for modules (bsc#1012628). - perf config: Fix caching and memory leak in perf_home_perfconfig() (bsc#1012628). - perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64} (bsc#1012628). - perf bench inject-buildid: Handle writen() errors (bsc#1012628). - gpio: mpc8xxx: Fix a resources leak in the error handling path of 'mpc8xxx_probe()' (bsc#1012628). - gpio: mpc8xxx: Fix a potential double iounmap call in 'mpc8xxx_probe()' (bsc#1012628). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (bsc#1012628). - io_uring: retry in case of short read on block device (bsc#1012628). - net: dsa: tag_rtl4_a: Fix egress tags (bsc#1012628). - tools build: Fix feature detect clean for out of source builds (bsc#1012628). - mptcp: fix possible divide by zero (bsc#1012628). - selftests: mptcp: clean tmp files in simult_flows (bsc#1012628). - net: hso: add failure handler for add_net_device (bsc#1012628). - net: dsa: b53: Fix calculating number of switch ports (bsc#1012628). - net: dsa: b53: Set correct number of ports in the DSA struct (bsc#1012628). - mptcp: Only send extra TCP acks in eligible socket states (bsc#1012628). - netfilter: socket: icmp6: fix use-after-scope (bsc#1012628). - fq_codel: reject silly quantum parameters (bsc#1012628). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (bsc#1012628). - iwlwifi: move get pnvm file name to a separate function (bsc#1012628). - iwlwifi: pnvm: Fix a memory leak in 'iwl_pnvm_get_from_fs()' (bsc#1012628). - ip_gre: validate csum_start only on pull (bsc#1012628). - net: dsa: b53: Fix IMP port setup on BCM5301x (bsc#1012628). - bnxt_en: fix stored FW_PSID version masks (bsc#1012628). - bnxt_en: Fix asic.rev in devlink dev info command (bsc#1012628). - bnxt_en: Fix possible unintended driver initiated error recovery (bsc#1012628). - ip6_gre: Revert "ip6_gre: add validation for csum_start" (bsc#1012628). - mfd: lpc_sch: Rename GPIOBASE to prevent build error (bsc#1012628). - cxgb3: fix oops on module removal (bsc#1012628). - net: renesas: sh_eth: Fix freeing wrong tx descriptor (bsc#1012628). - bnxt_en: Fix error recovery regression (bsc#1012628). - net: dsa: bcm_sf2: Fix array overrun in bcm_sf2_num_active_ports() (bsc#1012628). - s390/bpf: Fix optimizing out zero-extensions (bsc#1012628). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1012628). - s390/bpf: Fix branch shortening during codegen pass (bsc#1012628). - Update config files. - commit aa9b3e1 - Revert "Revert "rpm: Abolish scritplet templating (bsc#1189841)."" This reverts commit f924054cc523527b52203e352adb073db0962f5f. New suse-module-tools were accepted to factory: https://build.opensuse.org/request/show/919089 - commit 6abad1e ==== ldb ==== Version update (2.3.0 -> 2.4.0) Subpackages: libldb2 libldb2-32bit python3-ldb - Update to version 2.4.0 + Improve calculate_popt_array_length() + Use C99 initializers for builtin_popt_options[] + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + pyldb: fix a typo + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests + Add missing break in switch statement ==== libcap ==== Version update (2.51 -> 2.59) Subpackages: libcap2 libcap2-32bit - update to 2.59: * Fixed a potential libcap memory leak by adding a destructor * Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now * Added libcap cap_proc_root() API function * Added color support to captree * Fixed contrib/sucap/su to correctly handle the Inheritable flag * capsh enhancements * getcap -r / now generates readable output * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries * The module pam_cap.so now contains support for a default= module argument * Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions * Added capsh --current support * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su * Fix for a corner case infinite loop handling long strings * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs * Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree. ==== libjpeg-turbo ==== Subpackages: libjpeg8 libjpeg8-32bit libturbojpeg0 - previous version updates fixes following bugs: CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541 (bsc#1128712, bsc#1186764, bsc#807183, bsc#906761) ==== libsolv ==== Version update (0.7.19 -> 0.7.20) Subpackages: libsolv-tools python3-solv ruby-solv - fix misparsing of '&' in attributes with libxml2 - choice rules: treat orphaned packages as newest [bsc#1190465] - fix compatibility with Python 3.10 - new SOLVER_EXCLUDEFROMWEAK job type - support for environments in comps parser - bump version to 0.7.20 - Disable python2 usage on suse_version >= 1550 by default (still possible to use osc build --with=python). ==== libsoup2 ==== Subpackages: libsoup-2_4-1 libsoup2-lang typelib-1_0-Soup-2_4 - Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840) ==== libstorage-ng ==== Version update (4.4.41 -> 4.4.43) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#835 - generate pools with dasds - extended testsuite - 4.4.43 - merge gh#openSUSE/libstorage-ng#834 - added get_dasd_type_name() and get_dasd_format_name() - 4.4.42 ==== llvm12 ==== Subpackages: clang12 clang12-doc libLLVM12 libLTO12 libclang12 - Don't build clang-tools, libc++ and python3-clang anymore, because they come from llvm13 now. - Remove version requirement from clang-tools dependency. ==== lz4 ==== Subpackages: liblz4-1 liblz4-1-32bit - version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438] ==== mhvtl ==== Version update (1.63_release+759.35ddb48e5262_k5.14.6_2 -> 1.63_release+759.35ddb48e5262_k5.14.9_1) - Remoed the "BuildRequires: lzo-devel" line from the SPEC file, since this dependence was removed with upstream commit c327afb77cff ("Remove dependency on external lzo packages"). ==== mozilla-nss ==== Version update (3.69.1 -> 3.70) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.70 * bmo#1726022 - Update test case to verify fix. * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback * bmo#1681975 - Avoid using a lookup table in nssb64d. * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true. * bmo#1726022 - Cache additional PBE entries. * bmo#1709750 - Read HPKE vectors from official JSON. - required for Firefox 93 ==== opensc ==== Version update (0.21.0 -> 0.22.0) - Update to OpenSC 0.22.0: * Removed changes in opensc-gcc11.patch already present in upstream. - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda * Removed some false positives from the openrc-rpmlintrc file. * Use standard paths for file cache on Linux (#2148) and OSX (#2214) * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) * Add threading test to `pkcs11-tool` (#2067) * Add support to generate generic secret keys (#2140) * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195) * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179). * Support for gcc11 and its new strict aliasing rules (#2241, #2260) * Initial support for building with OpenSSL 3.0 (#2343) * pkcs15-tool: Write data objects in binary mode (#2324) * Avoid limited size of log messages (#2352) * Support for ECDSA verification (#2211) * Support for ECDSA with different SHA hashes (#2190) * Prevent issues in p11-kit by not returning unexpected return codes (#2207) * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293) * Standardize the version 2 on 2.20 in the code (#2096) * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176) * Copy arguments of C_Initialize (#2350) * Fix RSA-PSS signing (#2234) * Fix DO deletion (#2215) * Add support for (X)EdDSA keys (#1960) * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205) * Add support for applet version 4 (#2332) * New configuration option for opensc.conf to disable pkcs1_padding (#2193) * Add support for ECDSA with different hashes (#2190) * Enable more mechanisms (#2178) * Fixed asking for a user pin when formatting a card (#1737) * Added support for French CPx Healthcare cards (#2217) * Added ATR for new CardOS 5.4 version (#2296) ==== python-lazr.config ==== Version update (2.2.2 -> 2.2.3) - Update to 2.2.3: - Fix tests with zope.interface >= 5.0.0. - Fix deprecation warning on Python >= 3.2. (lp#1870199) ==== redis ==== Version update (6.2.5 -> 6.2.6) - redis 6.2.6 with security fixes for * Security fixes: - CVE-2021-41099: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value (boo#1191299) - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms (boo#1191300) - CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value (boo#1191302) - CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections (boo#1191303) - CVE-2021-32672: Random heap reading issue with Lua Debugger (boo#1191304) - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value (boo#1191305) - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit (boo#1191305) - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow (boo#1191306) * Bug fixes that involve behavior changes: - GEO* STORE with empty source key deletes the destination key and return 0 Previously it would have returned an empty array like the non-STORE variant. - PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions This actually changed in 6.2.0 but was overlooked and omitted from the release notes. * Bug fixes that are only applicable to previous releases of Redis 6.2: - Fix CLIENT PAUSE, used an old timeout from previous PAUSE - Fix CLIENT PAUSE in a replica would mess the replication offset - Add some missing error statistics in INFO errorstats * Other bug fixes: - Fix incorrect reply of COMMAND command key positions for MIGRATE command - Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) - Fix the wrong misdetection of sync_file_range system call, affecting performance * CLI tools: - When redis-cli received ASK response, it didn't handle it * Improvements: - Add latency monitor sample when key is deleted via lazy expire - Sanitize corrupt payload improvements - Delete empty keys when loading RDB file or handling a RESTORE command ==== rng-tools ==== - disable nistbeacon support ==== rubygem-sassc-2.2 ==== - Rename rpmlintrc, cleanup dotfiles & cleanup spec file ==== samba ==== Version update (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials1 libsamba-credentials1-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit - Adjust spec to use pam macros; (bsc#1191046). - Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded. - Add missing build dependency on bison when building with the embedded Heimdal Kerberos - Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed - Update to 4.14.7 * smbd panic on force-close share during offload write; (bso#14769); * smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK; (bso#12033); * Fix returned attributes on fake quota file handle and avoid hitting the VFS; (bso#14731); * vfs_shadow_copy2 fix inodes not correctly updating inode numbers; (bso#14756); * Fix build on Solaris; (bso#14774); * Make dos attributes available for unreadable files; (bso#14654); * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7; (bso#14607); * Start the SMB encryption as soon as possible; (bso#14793); ==== squid ==== Version update (4.16 -> 5.2) - transition to squid 5.x. This is a major release and for changes and how to transition from 4.x, see the release notes, http://www.squid-cache.org/Versions/v5/RELEASENOTES.html - update to 5.2 * fixes issues with WCCP protocol that may lead to information disclosure (bsc#1189403, CVE-2021-28116) - drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb) - new BR: pkgconfig(tdb) ==== step ==== Version update (21.08.1 -> 21.08.2) Subpackages: step-lang - Update to 21.08.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.08.2/ - No code change since 21.08.1 ==== suse-module-tools ==== Version update (16.0.10+7 -> 16.0.11) - Update to version 16.0.11: * inkmp-script(postun): don't pass existing files to weak-modules2 (boo#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (boo#1191260) ==== sweeper ==== Version update (21.08.1 -> 21.08.2) Subpackages: sweeper-lang - Update to 21.08.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.08.2/ - No code change since 21.08.1 ==== tar ==== Subpackages: tar-lang tar-rmt - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1181131 * bsc#1120610 ==== texinfo ==== Subpackages: info info-std - Move to /usr for UsrMerge (boo#1191099) ==== timezone ==== Version update (2021a -> 2021c) - timezone update 2021c: * Revert almost all of 2021b's changes to the 'backward' file * Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - timezone update 2021b: * Jordan now starts DST on February's last Thursday. * Samoa no longer observes DST. * Move some backward-compatibility links to 'backward'. * Rename Pacific/Enderbury to Pacific/Kanton. * Correct many pre-1993 transitions in Malawi, Portugal, etc. * zic now creates each output file or link atomically. * zic -L no longer omits the POSIX TZ string in its output. * zic fixes for truncation and leap second table expiration. * zic now follows POSIX for TZ strings using all-year DST. * Fix some localtime crashes and bugs in obscure cases. * zdump -v now outputs more-useful boundary cases. * tzfile.5 better matches a draft successor to RFC 8536. ==== timezone-java ==== Version update (2021a -> 2021c) - timezone update 2021c: * Revert almost all of 2021b's changes to the 'backward' file * Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - timezone update 2021b: * Jordan now starts DST on February's last Thursday. * Samoa no longer observes DST. * Move some backward-compatibility links to 'backward'. * Rename Pacific/Enderbury to Pacific/Kanton. * Correct many pre-1993 transitions in Malawi, Portugal, etc. * zic now creates each output file or link atomically. * zic -L no longer omits the POSIX TZ string in its output. * zic fixes for truncation and leap second table expiration. * zic now follows POSIX for TZ strings using all-year DST. * Fix some localtime crashes and bugs in obscure cases. * zdump -v now outputs more-useful boundary cases. * tzfile.5 better matches a draft successor to RFC 8536. ==== transactional-update ==== Version update (3.5.5 -> 3.5.6) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.6 - tukit: Add S/390 bootloader support [bsc#1189807] - t-u: support purge-kernels with t-u patch [bsc#1190788] ==== trousers ==== - move libraries to /usr/lib (bsc#1191102) ==== umbrello ==== Version update (21.08.1 -> 21.08.2) Subpackages: umbrello-lang - Update to 21.08.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.08.2/ - No code change since 21.08.1 ==== yakuake ==== Version update (21.08.1 -> 21.08.2) Subpackages: yakuake-lang - Update to 21.08.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.08.2/ - No code change since 21.08.1