Packages changed: PackageKit conmon (2.0.26 -> 2.0.27) containers-systemd (0.0+git20210318.fea98a6 -> 0.0+git20210407.9384691) dbus-1 dracut (053+suse.90.gb89b6347 -> 053+suse.93.g039ac07d) gdk-pixbuf (2.42.2 -> 2.42.4) glib-networking (2.66.0 -> 2.68.0) glib2 (2.66.7 -> 2.68.0) gobject-introspection (1.66.1 -> 1.68.0) gsettings-desktop-schemas (3.38.0 -> 40.0) kdump kernel-source (5.11.11 -> 5.11.12) kubic-control libassuan (2.5.4 -> 2.5.5) libcontainers-common libpeas (1.28.0 -> 1.30.0) multipath-tools (0.8.5+29+suse.5dabcd2 -> 0.8.5+30+suse.633836e) open-vm-tools pam podman python-gobject (3.38.0 -> 3.40.0) rbac-lookup (0.6.3 -> 0.6.4) snapper systemd-presets-common-SUSE talloc (2.3.1 -> 2.3.2) toolbox (2.1+git20210311.15cb3ad -> 2.1+git20210329.d14ac82) wpa_supplicant === Details === ==== PackageKit ==== Subpackages: PackageKit-backend-dnf libpackagekit-glib2-18 - Add PackageKit-cancel-transaction-if-daemon-disappears.patch: Fix hangs in packagekit-glib2 client if daemon crashes (gh#hughsie/PackageKit#464). ==== conmon ==== Version update (2.0.26 -> 2.0.27) - Update to version 2.0.27: * bump to v2.0.27 * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary * bump to v2.0.27-dev ==== containers-systemd ==== Version update (0.0+git20210318.fea98a6 -> 0.0+git20210407.9384691) - Update to version 0.0+git20210407.9384691: * Add service for wsdd ==== dbus-1 ==== Subpackages: libdbus-1-3 - avoid listing cmake directory - owned by cmake package ==== dracut ==== Version update (053+suse.90.gb89b6347 -> 053+suse.93.g039ac07d) Subpackages: dracut-ima - Update to version 053+suse.93.g039ac07d: * fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs - Update to version 053+suse.91.g4a0bdda1: * fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs (bsc#1180822) ==== gdk-pixbuf ==== Version update (2.42.2 -> 2.42.4) Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 - Disable building of docs: creates a cycle with python: + Drop python3-gi-docgen BuildRequires. + Pass gtk_doc=false to meson - Update to version 2.42.4: + Make enum type registration thread safe. + Do not install skipped test files. + Fix GIF initialization. + Always run GIF loader tests. + Fix leaks discovered via ASan. + Expose GdkPixbufLoader API via introspection. + Fix revert-to-previous first frame behaviour for GIF files. + Link to libintl if needed. + Improve support for using gdk-pixbuf as a subproject. + Fix build with GModule disabled. + Use gi-docgen to generate the API reference from introspection data. - Replace gtk-doc BuildRequires with python3-gi-docgen: follow upstreams port. - As a workaround to https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/177, delete the installed gi-docgen program files. ==== glib-networking ==== Version update (2.66.0 -> 2.68.0) - Update to version 2.68.0: + Fix double free in GnuTLS client certificate request code. - Update to version 2.68.rc: + Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED. + Fix check for certain handshake failure conditions. - Update to version 2.68.alpha: + Download and validate missing intermediate certificates (requires GnuTLS 3.7). + OpenSSL backend now uses system crypto policy. + Remove use of g_assert in testsuite. + Restore support for old versions of OpenSSL. + Implement TLS channel bindings API. + Implement PKCS#11 API. + Update testsuite for Fedora 33 crypto policy. + Fix NULL dereference in g_tls_connection_base_read_message. + Fix a couple code issues found by Coverity. ==== glib2 ==== Version update (2.66.7 -> 2.68.0) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.68.0: + Bugs fixed: - build: Drop gconstructor_as_data_h usage from glib-compile-schemas. - glib.supp: Generalize some suppressions. - gbytesicon: Fix error in g_bytes_icon_new() documentation. - glocalfileoutputstream: Tidy up error handling. - tests: Fix copy/paste error in queue test. - Update to version 2.67.6: + Fix a security issue when using `g_file_replace()` with `G_FILE_CREATE_REPLACE_DESTINATION`. + Disallow operations on the empty path with `g_file_new_from_path()`. + Various fixes for GLib when building with clang-cl on Windows. + Updated translations. - Update to version 2.67.5: + Fix more issues with `glib_typeof` macro from 2.67.3?2.67.4. + Fix regression with some FD mappings passed to `g_subprocess_launcher_spawnv()` caused by changes for #2097 in GLib 2.67.4. + Fix detection of `str[n]casecmp()` when building with `clang-cl`. + Use zlib from subproject if configured with `wrap_mode=forcefallback`. + Updated translations. - Update to version 2.67.4: + Add a `g_string_replace()` function. + Add `G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER` flag to simplify the common case for writing a D-Bus authentication observer, allowing most uses of `GDBusAuthObserver` to be dropped. + Add a new `g_spawn_with_pipes_and_fds()` variant which supports renumbering FDs. + Add new g_memdup2() API to replace g_memdup(), which is vulnerable to a silent integer truncation and heap overflow problem if not used carefully. + Fix various regressions caused by rushed security fixes in 2.66.6. + Fix a silent integer truncation when calling g_byte_array_new_take() for byte arrays bigger than G_MAXUINT. + Fix `g_utf8_strdown()` to fix some issues in Turkish. + Updated translations. ==== gobject-introspection ==== Version update (1.66.1 -> 1.68.0) Subpackages: girepository-1_0 libgirepository-1_0-1 - Update to version 1.68.0: + Update GLib annotations. + docs: cleanup. + Fix syntax errors in gir-1.2.rnc. - Update to version 1.67.1: + Requires Python 3.6+. + Update GLib annotations. + Fix compatibility with Python 3.10. + Fix build with GIR data disabled. + Add test object for signal marshallers. ==== gsettings-desktop-schemas ==== Version update (3.38.0 -> 40.0) - Update to version 40.0: + Updated translations. - Update to version 40.rc: + Updated translations. - Update to version 40.beta: + Use pgUp/Down shortcuts for horizontal workspace switching. + Add super-based workspace navigation shortcuts. + Remove ?gnome-fallback? as a valid session name. + Fix summary of `two-finger-scroll-enabled` key. + Updated translations. - Update to version 40.alpha: + Add scroll button locking to trackballs. + Move mouse drag-threshold/double-click settings here. + Move antialiasing/hinting/rgba-order settings here. + Updated translations. ==== kdump ==== - kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to dracut command line (bsc#1182309). ==== kernel-source ==== Version update (5.11.11 -> 5.11.12) - Linux 5.11.12 (bsc#1012628). - arm64: mm: correct the inside linear map range during hotplug check (bsc#1012628). - virtiofs: Fail dax mount if device does not support it (bsc#1012628). - ext4: shrink race window in ext4_should_retry_alloc() (bsc#1012628). - ext4: fix bh ref count on error paths (bsc#1012628). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (bsc#1012628). - rpc: fix NULL dereference on kmalloc failure (bsc#1012628). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1012628). - ASoC: rt1015: fix i2c communication error (bsc#1012628). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (bsc#1012628). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (bsc#1012628). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (bsc#1012628). - ASoC: es8316: Simplify adc_pga_gain_tlv table (bsc#1012628). - ASoC: soc-core: Prevent warning if no DMI table is present (bsc#1012628). - ASoC: cs42l42: Fix Bitclock polarity inversion (bsc#1012628). - ASoC: cs42l42: Fix channel width support (bsc#1012628). - ASoC: cs42l42: Fix mixer volume control (bsc#1012628). - ASoC: cs42l42: Always wait at least 3ms after reset (bsc#1012628). - NFSD: fix error handling in NFSv4.0 callbacks (bsc#1012628). - ASoC: mediatek: mt8192: fix tdm out data is valid on rising edge (bsc#1012628). - kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing (bsc#1012628). - vhost: Fix vhost_vq_reset() (bsc#1012628). - io_uring: fix ->flags races by linked timeouts (bsc#1012628). - io_uring: halt SQO submission on ctx exit (bsc#1012628). - scsi: st: Fix a use after free in st_open() (bsc#1012628). - scsi: qla2xxx: Fix broken #endif placement (bsc#1012628). - staging: comedi: cb_pcidas: fix request_irq() warn (bsc#1012628). - staging: comedi: cb_pcidas64: fix request_irq() warn (bsc#1012628). - ASoC: rt5659: Update MCLK rate in set_sysclk() (bsc#1012628). - ASoC: rt711: add snd_soc_component remove callback (bsc#1012628). - thermal/core: Add NULL pointer check before using cooling device stats (bsc#1012628). - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling (bsc#1012628). - locking/ww_mutex: Fix acquire/release imbalance in ww_acquire_init()/ww_acquire_fini() (bsc#1012628). - nvmet-tcp: fix kmap leak when data digest in use (bsc#1012628). - io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls (bsc#1012628). - Revert "PM: ACPI: reboot: Use S5 for reboot" (bsc#1012628). - nouveau: Skip unvailable ttm page entries (bsc#1012628). - static_call: Align static_call_is_init() patching condition (bsc#1012628). - ext4: do not iput inode under running transaction in ext4_rename() (bsc#1012628). - io_uring: call req_set_fail_links() on short send[msg]()/recv[msg]() with MSG_WAITALL (bsc#1012628). - net: mvpp2: fix interrupt mask/unmask skip condition (bsc#1012628). - mptcp: deliver ssk errors to msk (bsc#1012628). - mptcp: fix poll after shutdown (bsc#1012628). - mptcp: init mptcp request socket earlier (bsc#1012628). - mptcp: add a missing retransmission timer scheduling (bsc#1012628). - flow_dissector: fix TTL and TOS dissection on IPv4 fragments (bsc#1012628). - mptcp: fix DATA_FIN processing for orphaned sockets (bsc#1012628). - mptcp: provide subflow aware release function (bsc#1012628). - can: dev: move driver related infrastructure into separate subdir (bsc#1012628). - net: introduce CAN specific pointer in the struct net_device (bsc#1012628). - mptcp: fix race in release_cb (bsc#1012628). - net: bonding: fix error return code of bond_neigh_init() (bsc#1012628). - mptcp: fix bit MPTCP_PUSH_PENDING tests (bsc#1012628). - can: tcan4x5x: fix max register value (bsc#1012628). - brcmfmac: clear EAP/association status bits on linkdown events (bsc#1012628). - ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL pointer (bsc#1012628). - rtw88: coex: 8821c: correct antenna switch function (bsc#1012628). - netdevsim: dev: Initialize FIB module after debugfs (bsc#1012628). - iwlwifi: pcie: don't disable interrupts for reg_lock (bsc#1012628). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (bsc#1012628). - net: ethernet: aquantia: Handle error cleanup of start on open (bsc#1012628). - appletalk: Fix skb allocation size in loopback case (bsc#1012628). - net: ipa: remove two unused register definitions (bsc#1012628). - net: ipa: use a separate pointer for adjusted GSI memory (bsc#1012628). - net: ipa: fix register write command validation (bsc#1012628). - net: wan/lmc: unregister device when no matching device is found (bsc#1012628). - net: 9p: advance iov on empty read (bsc#1012628). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1012628). - ACPI: tables: x86: Reserve memory occupied by ACPI tables (bsc#1012628). - ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead() (bsc#1012628). - ACPI: scan: Fix _STA getting called on devices with unmet dependencies (bsc#1012628). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (bsc#1012628). - ALSA: hda: Re-add dropped snd_poewr_change_state() calls (bsc#1012628). - ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks (bsc#1012628). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (bsc#1012628). - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8 (bsc#1012628). - xtensa: fix uaccess-related livelock in do_page_fault (bsc#1012628). - xtensa: move coprocessor_flush to the .text section (bsc#1012628). - KVM: SVM: load control fields from VMCB12 before checking them (bsc#1012628). - KVM: SVM: ensure that EFER.SVME is set when running nested guest or on nested vmexit (bsc#1012628). - PM: runtime: Fix race getting/putting suppliers at probe (bsc#1012628). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (bsc#1012628). - tracing: Fix stack trace event size (bsc#1012628). - s390/vdso: copy tod_steering_delta value to vdso_data page (bsc#1012628). - s390/vdso: fix tod_steering_delta type (bsc#1012628). - drm/ttm: make ttm_bo_unpin more defensive (bsc#1012628). - mm: fix race by making init_zero_pfn() early_initcall (bsc#1012628). - drm/amdkfd: dqm fence memory corruption (bsc#1012628). - drm/amd/pm: no need to force MCLK to highest when no display connected (bsc#1012628). - drm/amdgpu/vangogh: don't check for dpm in is_dpm_running when in suspend (bsc#1012628). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (bsc#1012628). - drm/amdgpu: Set a suitable dev_info.gart_page_size (bsc#1012628). - drm/amdgpu: check alignment on CPU page for bo map (bsc#1012628). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1012628). - drm/imx: fix memory leak when fails to init (bsc#1012628). - drm/tegra: dc: Restore coupling of display controllers (bsc#1012628). - drm/tegra: sor: Grab runtime PM reference across reset (bsc#1012628). - vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends (bsc#1012628). - pinctrl: microchip-sgpio: Fix wrong register offset for IRQ trigger (bsc#1012628). - pinctrl: rockchip: fix restore error in resume (bsc#1012628). - pinctrl: qcom: sc7280: Fix SDC_QDSD_PINGROUP and UFS_RESET offsets (bsc#1012628). - pinctrl: qcom: sc7280: Fix SDC1_RCLK configurations (bsc#1012628). - pinctrl: qcom: lpass lpi: use default pullup/strength values (bsc#1012628). - pinctrl: qcom: fix unintentional string concatenation (bsc#1012628). - extcon: Add stubs for extcon_register_notifier_all() functions (bsc#1012628). - extcon: Fix error handling in extcon_dev_register (bsc#1012628). - firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 (bsc#1012628). - powerpc/pseries/mobility: use struct for shared state (bsc#1012628). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1012628). - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (bsc#1012628). - video: hyperv_fb: Fix a double free in hvfb_probe (bsc#1012628). - powerpc/mm/book3s64: Use the correct storage key value when calling H_PROTECT (bsc#1012628). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (bsc#1012628). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (bsc#1012628). - usb: musb: Fix suspend with devices connected for a64 (bsc#1012628). - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (bsc#1012628). - cdc-acm: fix BREAK rx code path adding necessary calls (bsc#1012628). - USB: cdc-acm: untangle a circular dependency between callback and softint (bsc#1012628). - USB: cdc-acm: downgrade message to debug (bsc#1012628). - USB: cdc-acm: fix double free on probe failure (bsc#1012628). - USB: cdc-acm: fix use-after-free after probe failure (bsc#1012628). - usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference (bsc#1012628). - usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (bsc#1012628). - usb: dwc2: Prevent core suspend when port connection flag is 0 (bsc#1012628). - usb: dwc3: qcom: skip interconnect init for ACPI probe (bsc#1012628). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (bsc#1012628). - soc: qcom-geni-se: Cleanup the code to remove proxy votes (bsc#1012628). - staging: rtl8192e: Fix incorrect source in memcpy() (bsc#1012628). - staging: rtl8192e: Change state information from u16 to u8 (bsc#1012628). - driver core: clear deferred probe reason on probe retry (bsc#1012628). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1012628). - riscv: evaluate put_user() arg before enabling user access (bsc#1012628). - io_uring: do ctx sqd ejection in a clear context (bsc#1012628). - Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing" (bsc#1012628). - Revert "net: bonding: fix error return code of bond_neigh_init()" (bsc#1012628). - commit 92a542e - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483 bsc#1184393). - commit c90d8a9 - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - commit 6dbaa20 ==== kubic-control ==== Subpackages: kubic-haproxycfg kubicctl kubicd - kubicd: require kubernetes-kubeadm - pin to go 1.14, the certificate handling changes in 1.15 are incompatible (issues/30) ==== libassuan ==== Version update (2.5.4 -> 2.5.5) - update to 2.5.5: * Fix a crash in the logging code * Upgrade autoconf ==== libcontainers-common ==== - Update common to 0.35.3 - Update podman to 3.1.0 - Update storage to 1.28.1 - Update image to 5.10.5 ==== libpeas ==== Version update (1.28.0 -> 1.30.0) - Update to version 1.30.0: + Build system improvements. + Improvements when running on Windows. + Updated translations. ==== multipath-tools ==== Version update (0.8.5+29+suse.5dabcd2 -> 0.8.5+30+suse.633836e) Subpackages: kpartx libmpath0 - Update to version 0.8.5+30+suse.633836e: * multipathd: give up "add missing path" after multiple failures (bsc#1183963) ==== open-vm-tools ==== Subpackages: libvmtools0 - Add open-vm-tools-glib-2.67.patch: Fix build with glib 2.67. Patch has been borrowed by Fedora, upstream is still busy working out a patch (I'd not be surprised if they end up merging this finally. https://github.com/vmware/open-vm-tools/issues/500 - prepare usrmerge (boo#1029961) ==== pam ==== Subpackages: pam_unix - If "LOCAL" is configured in access.conf, and a login attempt from a remote host is made, pam_access tries to resolve "LOCAL" as a hostname and logs a failure. Checking explicitly for "LOCAL" and rejecting access in this case resolves this issue. [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] - pam_limits: "unlimited" is not a legitimate value for "nofile" (see setrlimit(2)). So, when "nofile" is set to one of the "unlimited" values, it is set to the contents of "/proc/sys/fs/nr_open" instead. Also changed the manpage of pam_limits to express this. [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] ==== podman ==== Subpackages: podman-cni-config - Create docker subpackage to allow replacing docker with corresponding aliases to podman. ==== python-gobject ==== Version update (3.38.0 -> 3.40.0) - Update to version 3.40.0: + GTK 4 compatibility fixes. + Python 3.9 and 3.10 compatibility fixes. + New minimal dependency requirements. - Up glib2, gobject-introspection, and cairo required versions. ==== rbac-lookup ==== Version update (0.6.3 -> 0.6.4) - Update to version 0.6.4: * Update documentation from template (#176) * Managed by Terraform * Add documentation site (#175) * Bump google.golang.org/api from 0.40.0 to 0.41.0 (#172) * Bump google.golang.org/api from 0.39.0 to 0.40.0 (#164) * Bump k8s.io/client-go from 0.20.2 to 0.20.4 (#168) * Bump google.golang.org/api from 0.38.0 to 0.39.0 (#163) * Bump google.golang.org/api from 0.37.0 to 0.38.0 (#162) * Update GoReleaser to version 0.155, add Linux/arm and Windows builds (#161) * Bump google.golang.org/api from 0.36.0 to 0.37.0 (#160) ==== snapper ==== Subpackages: libsnapper5 - move org.opensuse.Snapper.conf from /etc to /usr (bsc#1183398 and gh#openSUSE/snapper#492) - run boot.service iff root config exists (gh#openSUSE/snapper#630) - avoid redundant quota rescans for same btrfs (see gh#openSUSE/snapper#507) - allow absolute sizes for SPACE_LIMIT and FREE_LIMIT (gh#openSUSE/snapper#507) ==== systemd-presets-common-SUSE ==== - Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155). ==== talloc ==== Version update (2.3.1 -> 2.3.2) - Update to 2.3.2 ==== toolbox ==== Version update (2.1+git20210311.15cb3ad -> 2.1+git20210329.d14ac82) - Update to version 2.1+git20210329.d14ac82: * Fix localtime and mount sys, e.g., for tracing * Fix 'toolbox list' returning an error code even if working ==== wpa_supplicant ==== - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)