Packages changed: grub2 irqbalance (1.7.0 -> 1.7.0+git20210222.9db8d5c) lua54 procps userspace-rcu (0.12.1 -> 0.12.2) === Details === ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix chainloading windows on dual boot machine (bsc#1183073) * 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch - VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch * 0036-util-mkimage-Improve-data_size-value-calculation.patch * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch * 0039-grub-install-common-Add-sbat-option.patch - Fix CVE-2021-20225 (bsc#1182262) * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - Fix CVE-2020-27749 (bsc#1179264) * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch * 0025-kern-parser-Fix-a-memory-leak.patch * 0026-kern-parser-Introduce-process_char-helper.patch * 0027-kern-parser-Introduce-terminate_arg-helper.patch * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - Fix CVE-2020-25647 (bsc#1177883) * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - Fix CVE-2020-25632 (bsc#1176711) * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch * 0005-efi-Add-secure-boot-detection.patch * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch * 0009-kern-Add-lockdown-support.patch * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch * 0018-gdb-Restrict-GDB-access-when-locked-down.patch * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch * 0042-squash-grub2-efi-chainload-harder.patch * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch * 0044-squash-kern-Add-lockdown-support.patch * 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - Drop patch supersceded by the new backport * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch - Add SBAT metadata section to grub.efi - Drop shim_lock module as it is part of core of grub.efi * grub2.spec ==== irqbalance ==== Version update (1.7.0 -> 1.7.0+git20210222.9db8d5c) - Update to version 1.7.0+git20210222.9db8d5c: * ui: fix cpu/irq menu off by one * fix uint64_t printf format (use PRIu64) * Also fetch node info for non-PCI devices * Add hot pull method for irqbalance * Add log for hotplug appropriately * add irq hotplug feature for irqbalance * Remove some unused constant macros in constants.h * Add a deprecation notice for IRQBALANCE_BANNED_CPUS * Add IRQBALANCE_BANNED_CPULIST to env file * log correctly for isolated and nohz_full cpus * Update README.md * Add some examples for IRQBALANCE_BANNED_CPUS * Adjust how we determine if a cpu is online * activate_mapping: activate only online CPUs * add env variable to ban cpus using cpulist syntax * put arg parsing detail into parse_command_line() * Updating configure script to version 1.7.0 * Add strlen checking for IRQBALANCE_BANNED_CPUS * remove redundant "/" in SOCKET_TMPFS * Fix typo in service unit file * arm64: Add irq aff change check For aarch64, the PPIs format in /proc/interrputs can be parsed and add to interrupt db, and next, the number of interrupts is counted and used to calculate the load. Finally these interrupts maybe scheduled between the NUMA domains. * Correct typos in irqbalance.c * free cpu_ban_string when the next request come * improve irq migrate rule to avoid high irq load * make the option 'V' closer to the option with no arg ==== lua54 ==== - Add upstream-bugs.patch and upstream-bugs-test.patch to fix bugs 2,3,4 for build and tests respectively. ==== procps ==== Subpackages: libprocps8 - Don't install translated man pages for non-installed binaries (uptime, kill). ==== userspace-rcu ==== Version update (0.12.1 -> 0.12.2) - update to 0.12.2: * fix: exclude clang from GCC version blacklists * aarch64: blacklist gcc prior to 5.1 * Fix: configure: support Autoconf 2.70 * fix: bump tests thread limit to 4096 * cleanup: Improve wording of CONFIG_RCU_DEBUG description * fix: explicitly include urcu/config.h in files using CONFIG_RCU_ defines * Fix typo in README.md * fix: add -lurcu-common to pkg-config libs for each flavor * call_rcu: Fix race between rcu_barrier() and call_rcu_data_free()