Packages changed: ldb (2.4.2 -> 2.5.0) libmnl (1.0.4 -> 1.0.5) libnfnetlink (1.0.1 -> 1.0.2) libopenmpt (0.6.1 -> 0.6.2) libqt5-qtdeclarative libqt5-qtwebengine mozilla-nss (3.75 -> 3.76.1) open-iscsi qemu re2 (20220201 -> 20220401) samba (4.15.5+git.328.f1f29505d84 -> 4.16.0+git.224.70319beb8f8) systemd tdb (1.4.4 -> 1.4.6) xen (4.16.0_06 -> 4.16.0_08) === Details === ==== ldb ==== Version update (2.4.2 -> 2.5.0) - Update to version 2.5.0 + No code changes, just bump version for samba 4.16.0 release ==== libmnl ==== Version update (1.0.4 -> 1.0.5) - Update to release 1.0.5 * New example program * "MNL_SOCKET_DUMP_SIZE" define, holding a recommended buffer size for netlink dumps. * Resolved compiler warnings ==== libnfnetlink ==== Version update (1.0.1 -> 1.0.2) - Update to release 1.0.2 * Resolved Valgrind warnings due to uninitialized padding in netlink messages. ==== libopenmpt ==== Version update (0.6.1 -> 0.6.2) - Update to 0.6.2: * [**Sec**] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076) * [**Sec**] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079) * ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters. * MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM. * Correctly apply ST3-style effect memory when seeking in S3M files. * Command S (S3M / IT style) effect memory was not applied when seeking. * Initial channel mute status was not reported correctly in `get_channel_mute_status` since libopenmpt 0.6.0. - Fix build on Leap by using GCC-11 as charconv header is only included from GCC-8 onwards ==== libqt5-qtdeclarative ==== - Increase the disk constraint to 6GB since the SLE build use 5.5GB already (boo#1197992) ==== libqt5-qtwebengine ==== - Add security fixes: * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) ==== mozilla-nss ==== Version update (3.75 -> 3.76.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.76.1 NSS 3.76.1 * bmo#1756271 - Remove token member from NSSSlot struct. NSS 3.76 * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. * bmo#1370866 - Check return value of PK11Slot_GetNSSToken. * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS * bmo#1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. * bmo#1753505 - Avoid truncating files in nss-release-helper.py. * bmo#1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated to latest upstream, including bug fixes and cleanups. Changes included: * add handling name/value pairs for firmware login (bsc#1196113), including man page update for same * Fix bug where some package parts were installed using DESTDIR twice * general build cleanup (in prep for removing DB files from /etc/iscsi some day soon) Also, now delivering a "package config" file for libopeniscsiusr. ==== qemu ==== - Backport aqmp patches from upstream which can fix iotest issues * Patches added: python-aqmp-add-__del__-method-to-legacy.patch python-aqmp-add-_session_guard.patch python-aqmp-add-SocketAddrT-to-package-r.patch python-aqmp-add-socket-bind-step-to-lega.patch python-aqmp-add-start_server-and-accept-.patch python-aqmp-copy-type-definitions-from-q.patch python-aqmp-drop-_bind_hack.patch python-aqmp-fix-docstring-typo.patch python-aqmp-Fix-negotiation-with-pre-oob.patch python-aqmp-fix-race-condition-in-legacy.patch Python-aqmp-fix-type-definitions-for-myp.patch python-aqmp-handle-asyncio.TimeoutError-.patch python-aqmp-refactor-_do_accept-into-two.patch python-aqmp-remove-_new_session-and-_est.patch python-aqmp-rename-accept-to-start_serve.patch python-aqmp-rename-AQMPError-to-QMPError.patch python-aqmp-split-_client_connected_cb-o.patch python-aqmp-squelch-pylint-warning-for-t.patch python-aqmp-stop-the-server-during-disco.patch python-introduce-qmp-shell-wrap-convenie.patch python-machine-raise-VMLaunchFailure-exc.patch python-move-qmp-shell-under-the-AQMP-pac.patch python-move-qmp-utilities-to-python-qemu.patch python-qmp-switch-qmp-shell-to-AQMP.patch python-support-recording-QMP-session-to-.patch python-upgrade-mypy-to-0.780.patch - Drop the patches which are workaround to fix iotest issues * Patches dropped: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch ==== re2 ==== Version update (20220201 -> 20220401) - Update to 2022-04-01: * Improve performance slightly * Prog::Fangout() is no longer experimental ==== samba ==== Version update (4.15.5+git.328.f1f29505d84 -> 4.16.0+git.224.70319beb8f8) Subpackages: samba-client samba-client-libs samba-libs - Update to 4.16.0 * New samba-dcerpcd binary to provide DCERPC in the member server setup * Certificate Auto Enrollment * Ability to add ports to dns forwarder addresses in internal DNS backend * No longer using Linux mandatory locks for sharemodes * SMB1 protocol has been deprecated, particularly older dialects * SMB1 protocol SMBCopy command removed * SMB1 server-side wildcard expansion removed - Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101); - Use systemd-sysusers to create system users; (bsc#1182847); - Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); ==== systemd ==== Subpackages: libsystemd0 libudev1 udev - Import commit e43a1b018899266b764ab81afb9c30fb417675c6 1c229f8fc1 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails 8881f21539 cryptsetup: fix typo 5882148902 journald: make use of CLAMP() in cache_space_refresh() 6ee0601f73 journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) fe928f3d49 fs-util: make sure openat_report_new() initializes return param also on shortcut 3881af1806 fs-util: fix typos in comments 96060b73ba journal-file: port journal_file_open() to openat_report_new() 611d9955bb fs-util: add openat_report_new() wrapper around openat() f16edb41d4 network: ignore all errors in loading .network files (bsc#1197968) 5422730a7b meson: build kernel-install man page when necessary 45c627cfc2 build: include status of TPM2 in the feature string show by --version - Drop 0001-meson-build-kernel-install-man-page-when-necessary.patch It's been merged in the SUSE git repo. - spec: define %bootstrap with %bcond_with so it can be used with %when. Also re-order the meson options a bit. - spec: make sure /lib exists when installing conf files in /lib/modprobe.d ==== tdb ==== Version update (1.4.4 -> 1.4.6) - Update to 1.4.6 + Drop obsolete patch 0001-tdb-Fix-invalid-syntax-in-tdb.h.patch + Fix Python docstrings + Use atomic operations for tdb_[increment|get]_seqnum + Raw performance torture to beat tdb_increment_seqnum ==== xen ==== Version update (4.16.0_06 -> 4.16.0_08) - bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions between dirty vram tracking and paging log dirty hypercalls (XSA-397) xsa397.patch - bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID cleanup (XSA-399) xsa399.patch - bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) xsa400-01.patch xsa400-02.patch xsa400-03.patch xsa400-04.patch xsa400-05.patch xsa400-06.patch xsa400-07.patch xsa400-08.patch xsa400-09.patch xsa400-10.patch xsa400-11.patch xsa400-12.patch - Additional upstream bug fixes for XSA-400 (bsc#1027519) 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch