Packages changed: SDL2 (2.24.1 -> 2.24.2) autoconf-el highway (1.0.1 -> 1.0.2) kernel-source (6.0.5 -> 6.0.6) kexec-tools libxml2 libxml2-python lvm2 lvm2-device-mapper (1.02.185 -> 2.03.16_1.02.185) mpg123 (1.31.0 -> 1.31.1) ntfs-3g_ntfsprogs (2022.5.17 -> 2022.10.3) python-Twisted (22.4.0 -> 22.10.0) quagga tar === Details === ==== SDL2 ==== Version update (2.24.1 -> 2.24.2) - Update to release 2.24.2 * Fixed crash in Wayland_HasScreenKeyboardSupport() ==== autoconf-el ==== - fix testsuite failure by bash 5.2 update * [fix-testsuite-failures-with-bash-5.2.patch] - convert to use _multibuild - fix keyring gpg validation - use https urls ==== highway ==== Version update (1.0.1 -> 1.0.2) - Update to release 1.0.2 * Add ExclusiveNeither, FindKnownFirstTrue, Ne128 * Add 16-bit SumOfLanes/ReorderWidenMulAccumulate/ReorderDemote2To * Faster sort for low-entropy input, improved pivot selection * Support static dispatch to SVE2_128 and SVE_256 - Leap just needs a modern gcc, no need for clang - Fix build on openSUSE Leap by using clang ==== kernel-source ==== Version update (6.0.5 -> 6.0.6) - char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops (bsc#1204922 CVE-2022-44033). - commit aaed0f2 - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - commit 57f1f7d - Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch. Update upstream status. - commit 30b9c27 - char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops (bsc#1204901 CVE-2022-44034). - char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops (bsc#1204894 CVE-2022-44032). - commit 7d0ff8d - Refresh patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch. Update upstream status. - commit eaa1897 - Linux 6.0.6 (bsc#1012628). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1012628). - ACPI: video: Force backlight native for more TongFang devices (bsc#1012628). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1012628). - ext4: factor out ext4_fc_get_tl() (bsc#1012628). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1012628). - io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL (bsc#1012628). - wifi: mt76: mt7921e: fix random fw download fail (bsc#1012628). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (bsc#1012628). - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() (bsc#1012628). - rv/dot2c: Make automaton definition static (bsc#1012628). - drbd: only clone bio if we have a backing device (bsc#1012628). - net: phy: dp83822: disable MDI crossover status change interrupt (bsc#1012628). - net: sched: fix race condition in qdisc_graft() (bsc#1012628). - net: hns: fix possible memory leak in hnae_ae_register() (bsc#1012628). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (bsc#1012628). - sfc: include vport_id in filter spec hash and equal() (bsc#1012628). - io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() (bsc#1012628). - net: Fix return value of qdisc ingress handling on success (bsc#1012628). - net: sched: sfb: fix null pointer access issue when sfb_init() fails (bsc#1012628). - net: sched: delete duplicate cleanup of backlog and qlen (bsc#1012628). - net: sched: cake: fix null pointer access issue when cake_init() fails (bsc#1012628). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (bsc#1012628). - nvme-hwmon: kmalloc the NVME SMART log buffer (bsc#1012628). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (bsc#1012628). - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements (bsc#1012628). - netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces (bsc#1012628). - netfilter: rpfilter/fib: Populate flowic_l3mdev field (bsc#1012628). - ionic: catch NULL pointer issue on reconfig (bsc#1012628). - net: hsr: avoid possible NULL deref in skb_clone() (bsc#1012628). - bnxt_en: fix memory leak in bnxt_nvm_test() (bsc#1012628). - drm/amd/display: Increase frame size limit for display_mode_vba_util_32.o (bsc#1012628). - dm: remove unnecessary assignment statement in alloc_dev() (bsc#1012628). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1012628). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1012628). - cifs: Fix xid leak in cifs_flock() (bsc#1012628). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1012628). - cifs: Fix xid leak in cifs_create() (bsc#1012628). - ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed (bsc#1012628). - udp: Update reuse->has_conns under reuseport_lock (bsc#1012628). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1012628). - net: ethernet: mtk_eth_wed: add missing of_node_put() (bsc#1012628). - net: ethernet: mtk_eth_wed: add missing put_device() in mtk_wed_add_hw() (bsc#1012628). - net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe() (bsc#1012628). - io_uring/rw: remove leftover debug statement (bsc#1012628). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1012628). - erofs: shouldn't churn the mapping page for duplicated copies (bsc#1012628). ... changelog too long, skipping 80 lines ... - commit ba5b066 ==== kexec-tools ==== - add kexec-tools-riscv64.patch ==== libxml2 ==== Subpackages: libxml2-2 libxml2-2-32bit libxml2-tools - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ==== libxml2-python ==== - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ==== lvm2-device-mapper ==== Version update (1.02.185 -> 2.03.16_1.02.185) Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 libdevmapper1_03-32bit - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ==== mpg123 ==== Version update (1.31.0 -> 1.31.1) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.31.1 * Fix largefile aliases for the case of a largefile-insensitive build that still does define _FILE_OFFSET_BITS from the outside (sys/feature_tests.h on Illumos). ==== ntfs-3g_ntfsprogs ==== Version update (2022.5.17 -> 2022.10.3) Subpackages: libntfs-3g89 ntfs-3g ntfsprogs - update to 2022.10.3 (bsc#1204734 CVE-2022-40284): * Rejected zero-sized runs. * Avoided merging runlists with no runs. ==== python-Twisted ==== Version update (22.4.0 -> 22.10.0) Subpackages: python310-Twisted python310-Twisted-tls - Update to 22.10.0: * Features + twisted.internet.defer.maybeDeferred will now schedule a coroutine result as asynchronous operation and return a Deferred that fires with the result of the coroutine. + Twisted now works with Cryptography versions 37 and above, and as a result, its minimum TLS protocol version has been upgraded to TLSv1.2. + The systemd: endpoint parser now supports "named" file descriptors. This is a more reliable mechanism for choosing among several inherited descriptors. * Bugfixes + twisted.internet.base.DelayedCall.__repr__ will no longer raise AttributeError if the DelayedCall was created before debug mode was enabled. As a side-effect, twisted.internet.base.DelayedCall.creator is now defined as None in cases where previously it was undefined. + twisted.internet.iocpreactor.udp now properly re-queues its listener when there is a failure condition on the read from the socket. + twisted.internet.defer.inlineCallbacks no longer causes confusing StopIteration tracebacks to be added to the top of tracebacks originating in triggered callbacks. + The typing of twisted.internet.task.react no longer constrains the type of argv. + ContextVar.reset() now works correctly inside inlineCallbacks functions and coroutines. + Implement twisted.python.failure._Code.co_positions for compatibility with Python 3.11. + twisted.pair.tuntap._TUNSETIFF and ._TUNGETIFF values are now correct parisc, powerpc and sparc architectures. + twisted.web.vhost.NameVirtualHost will no longerreturn a NoResource error. (bsc#1204781, CVE-2022-39348) * Deprecations and Removals + Python 3.6 is no longer supported. + Twisted 22.4.0 was the last version with support for Python 3.6. + twisted.protocols.dict, which was deprecated in 17.9, has been removed. - Remove Python 3.6 Requires. - Drop patch skip-namespacewithwhitespace.patch, no longer required. - Refresh all patches. ==== quagga ==== Subpackages: libospf0 libospfapiclient0 libzebra1 - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ==== tar ==== Subpackages: tar-lang tar-rmt - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch - Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch - Refresh bsc1200657.patch