Packages changed: bzip2 cloud-init glibc gpg2 installation-images-MicroOS (17.6 -> 17.7) kbd kernel-source (5.12.9 -> 5.12.10) libzypp (17.26.0 -> 17.27.0) sysconfig (0.85.6 -> 0.85.7) systemd-presets-common-SUSE xz zypper (1.14.45 -> 1.14.46) === Details === ==== bzip2 ==== - Drop --with-pic (no effect with --disable-static) - Use %autosetup (rediff bzip2-1.0.6.2-autoconfiscated.patch to p1) ==== cloud-init ==== - Add cloud-init-log-file-mode.patch (bsc#1183939) + Change log file creation mode to 640 - Add cloud-init-no-pwd-in-log.patch (bsc#1184758) + Do not write the generated password to the log file - Add cloud-init-purge-cache-py-ver-change.patch ==== glibc ==== Subpackages: glibc-locale-base - mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify (CVE-2021-33574, bsc#1186489, BZ #27896) - Drop glibc-usrmerge-bootstrap-helper package ==== gpg2 ==== - Remove the "files-are-digests" option from the openSUSE package. This feature was not upstream and only used in the OBS signing daemon. The recommended upstream feature for separating the data to be signed from the private keys is gpg agent forwarding, available from 2.1. Drop gnupg-2.2.8-files-are-digests.patch ==== installation-images-MicroOS ==== Version update (17.6 -> 17.7) - merge gh#openSUSE/installation-images#514 - Include the yast2-widget-demo package (bsc#1186426) - 17.7 ==== kbd ==== Subpackages: kbd-legacy - Update the installed license file. COPYING is a symlink to LICENSE. Let's use this file directly. ==== kernel-source ==== Version update (5.12.9 -> 5.12.10) - tipc: fix kernel-doc warnings (git-fixes). - commit b92eaf7 - Linux 5.12.10 (bsc#1012628). - mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report (bsc#1012628). - mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report (bsc#1012628). - mt76: mt76x0e: fix device hang during suspend/resume (bsc#1012628). - hwmon: (dell-smm-hwmon) Fix index values (bsc#1012628). - hwmon: (pmbus/isl68137) remove READ_TEMPERATURE_3 for RAA228228 (bsc#1012628). - netfilter: conntrack: unregister ipv4 sockopts on error unwind (bsc#1012628). - efi/fdt: fix panic when no valid fdt found (bsc#1012628). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (bsc#1012628). - efi/libstub: prevent read overflow in find_file_option() (bsc#1012628). - efi: cper: fix snprintf() use in cper_dimm_err_location() (bsc#1012628). - vfio/pci: Fix error return code in vfio_ecap_init() (bsc#1012628). - vfio/pci: zap_vma_ptes() needs MMU (bsc#1012628). - samples: vfio-mdev: fix error handing in mdpy_fb_probe() (bsc#1012628). - vfio/platform: fix module_put call in error flow (bsc#1012628). - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (bsc#1012628). - HID: logitech-hidpp: initialize level variable (bsc#1012628). - HID: pidff: fix error return code in hid_pidff_init() (bsc#1012628). - HID: amd_sfh: Fix memory leak in amd_sfh_work (bsc#1012628). - HID: i2c-hid: fix format string mismatch (bsc#1012628). - kbuild: Quote OBJCOPY var to avoid a pahole call break the build (bsc#1012628). - devlink: Correct VIRTUAL port to not have phys_port attributes (bsc#1012628). - net/sched: act_ct: Offload connections with commit action (bsc#1012628). - net/sched: act_ct: Fix ct template allocation for zone 0 (bsc#1012628). - mptcp: fix sk_forward_memory corruption on retransmission (bsc#1012628). - mptcp: always parse mptcp options for MPC reqsk (bsc#1012628). - mptcp: do not reset MP_CAPABLE subflow on mapping errors (bsc#1012628). - nvme-rdma: fix in-casule data send for chained sgls (bsc#1012628). - ACPICA: Clean up context mutex during object deletion (bsc#1012628). - perf probe: Fix NULL pointer dereference in convert_variable_location() (bsc#1012628). - net: dsa: tag_8021q: fix the VLAN IDs used for encoding sub-VLANs (bsc#1012628). - net: sock: fix in-kernel mark setting (bsc#1012628). - net/tls: Replace TLS_RX_SYNC_RUNNING with RCU (bsc#1012628). - net/tls: Fix use-after-free after the TLS device goes down and up (bsc#1012628). - net/mlx5e: Fix incompatible casting (bsc#1012628). - net/mlx5: Check firmware sync reset requested is set before trying to abort it (bsc#1012628). - net/mlx5e: Check for needed capability for cvlan matching (bsc#1012628). - net/mlx5e: Fix adding encap rules to slow path (bsc#1012628). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (bsc#1012628). - nvmet: fix freeing unallocated p2pmem (bsc#1012628). - netfilter: nft_ct: skip expectations for confirmed conntrack (bsc#1012628). - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (bsc#1012628). - drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (bsc#1012628). - bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks (bsc#1012628). - ieee802154: fix error return code in ieee802154_add_iface() (bsc#1012628). - ieee802154: fix error return code in ieee802154_llsec_getparams() (bsc#1012628). - igb: Fix XDP with PTP enabled (bsc#1012628). - igb: add correct exception tracing for XDP (bsc#1012628). - ixgbevf: add correct exception tracing for XDP (bsc#1012628). - ice: track AF_XDP ZC enabled queues in bitmap (bsc#1012628). - cxgb4: fix regression with HASH tc prio value update (bsc#1012628). - ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1012628). - ice: Fix allowing VF to request more/less queues via virtchnl (bsc#1012628). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (bsc#1012628). - ice: handle the VF VSI rebuild failure (bsc#1012628). - ice: report supported and advertised autoneg using PHY capabilities (bsc#1012628). - ice: Allow all LLDP packets from PF to Tx (bsc#1012628). - i2c: qcom-geni: Add shutdown callback for i2c (bsc#1012628). - sch_htb: fix refcount leak in htb_parent_to_leaf_offload (bsc#1012628). - cxgb4: avoid link re-train during TC-MQPRIO configuration (bsc#1012628). - i40e: optimize for XDP_REDIRECT in xsk path (bsc#1012628). - i40e: add correct exception tracing for XDP (bsc#1012628). - ice: optimize for XDP_REDIRECT in xsk path (bsc#1012628). - ice: add correct exception tracing for XDP (bsc#1012628). - ixgbe: optimize for XDP_REDIRECT in xsk path (bsc#1012628). - ixgbe: add correct exception tracing for XDP (bsc#1012628). - arm64: dts: ti: j7200-main: Mark Main NAVSS as dma-coherent (bsc#1012628). - optee: use export_uuid() to copy client UUID (bsc#1012628). - bus: ti-sysc: Fix am335x resume hang for usb otg module (bsc#1012628). - arm64: dts: ls1028a: fix memory node (bsc#1012628). - arm64: dts: zii-ultra: remove second GEN_3V3 regulator instance (bsc#1012628). - arm64: dts: zii-ultra: fix 12V_MAIN voltage (bsc#1012628). - arm64: dts: freescale: sl28: var4: fix RGMII clock and voltage (bsc#1012628). - arm64: dts: freescale: sl28: var1: fix RGMII clock and voltage (bsc#1012628). - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (bsc#1012628). - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (bsc#1012628). - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (bsc#1012628). - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (bsc#1012628). - arm64: meson: select COMMON_CLK (bsc#1012628). - tipc: add extack messages for bearer/media failure (bsc#1012628). - tipc: fix unique bearer names sanity check (bsc#1012628). - riscv: vdso: fix and clean-up Makefile (bsc#1012628). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1012628). - io_uring: fix link timeout refs (bsc#1012628). - io_uring: use better types for cflags (bsc#1012628). - io_uring: wrap io_kiocb reference count manipulation in helpers (bsc#1012628). - io_uring: fix ltout double free on completion race (bsc#1012628). - drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (bsc#1012628). - Bluetooth: fix the erroneous flush_work() order (bsc#1012628). - Bluetooth: use correct lock to prevent UAF of hdev object (bsc#1012628). - wireguard: do not use -O3 (bsc#1012628). - wireguard: peer: allocate in kmem_cache (bsc#1012628). - wireguard: use synchronize_net rather than synchronize_rcu (bsc#1012628). - wireguard: selftests: remove old conntrack kconfig value (bsc#1012628). - wireguard: selftests: make sure rp_filter is disabled on vethc (bsc#1012628). - wireguard: allowedips: initialize list head in selftest (bsc#1012628). - wireguard: allowedips: remove nodes in O(1) (bsc#1012628). - wireguard: allowedips: allocate nodes in kmem_cache (bsc#1012628). - wireguard: allowedips: free empty intermediate nodes when removing single node (bsc#1012628). - net: caif: added cfserl_release function (bsc#1012628). - net: caif: add proper error handling (bsc#1012628). - net: caif: fix memory leak in caif_device_notify (bsc#1012628). - net: caif: fix memory leak in cfusbl_device_notify (bsc#1012628). - HID: i2c-hid: Skip ELAN power-on command after reset (bsc#1012628). - HID: magicmouse: fix NULL-deref on disconnect (bsc#1012628). - HID: multitouch: require Finger field to mark Win8 reports as MT (bsc#1012628). - gfs2: fix scheduling while atomic bug in glocks (bsc#1012628). - ALSA: timer: Fix master timer notification (bsc#1012628). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (bsc#1012628). - ALSA: hda: update the power_state during the direct-complete (bsc#1012628). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (bsc#1012628). - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (bsc#1012628). - ext4: fix memory leak in ext4_fill_super (bsc#1012628). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1012628). - ext4: fix fast commit alignment issues (bsc#1012628). - ext4: fix memory leak in ext4_mb_init_backend on error path (bsc#1012628). - ext4: fix accessing uninit percpu counter variable with fast_commit (bsc#1012628). - usb: dwc2: Fix build in periphal-only mode (bsc#1012628). - Revert "MIPS: make userspace mapping young by default" (bsc#1012628). - kfence: maximize allocation wait timeout duration (bsc#1012628). - kfence: use TASK_IDLE when awaiting allocation (bsc#1012628). - pid: take a reference when initializing `cad_pid` (bsc#1012628). - ocfs2: fix data corruption by fallocate (bsc#1012628). - mm/debug_vm_pgtable: fix alignment for pmd/pud_advanced_tests() (bsc#1012628). - mm/page_alloc: fix counting of free pages after take off from buddy (bsc#1012628). - scsi: lpfc: Fix failure to transmit ABTS on FC link (bsc#1012628). - x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid() (bsc#1012628). - dmaengine: idxd: Use cpu_feature_enabled() (bsc#1012628). - x86/sev: Check SME/SEV support in CPUID first (bsc#1012628). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1012628). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (bsc#1012628). - drm/amdgpu: Don't query CE and UE errors (bsc#1012628). - drm/amdgpu: make sure we unpin the UVD BO (bsc#1012628). - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1012628). - x86/thermal: Fix LVT thermal setup for SMI delivery mode (bsc#1012628). - powerpc/kprobes: Fix validation of prefixed instructions across page boundary (bsc#1012628). - btrfs: mark ordered extent and inode with error if we fail to finish (bsc#1012628). - btrfs: fix error handling in btrfs_del_csums (bsc#1012628). - btrfs: return errors from btrfs_del_csums in cleanup_ref_head (bsc#1012628). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1012628). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1012628). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1012628). - btrfs: abort in rename_exchange if we fail to insert the second ref (bsc#1012628). - btrfs: fix deadlock when cloning inline extents and low on available space (bsc#1012628). - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY (bsc#1012628). - drm/msm/dpu: always use mdp device to scale bandwidth (bsc#1012628). - KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode (bsc#1012628). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1012628). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1012628). - x86/kvm: Disable all PV features on crash (bsc#1012628). - KVM: arm64: Commit pending PC adjustemnts before returning to userspace (bsc#1012628). - KVM: arm64: Resolve all pending PC updates before immediate exit (bsc#1012628). - ARM: OMAP1: isp1301-omap: Add missing gpiod_add_lookup_table function (bsc#1012628). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (bsc#1012628). - x86/fault: Don't send SIGSEGV twice on SEGV_PKUERR (bsc#1012628). - netfilter: nf_tables: missing error reporting for not selected expressions (bsc#1012628). - xen-netback: take a reference to the RX task thread (bsc#1012628). - neighbour: allow NUD_NOARP entries to be forced GCed (bsc#1012628). - commit c24c929 - x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186884). - commit e0a9eac - brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186857). - commit aeed335 - brcmfmac: Delete second brcm folder hierarchy (bsc#1186857). - commit 1d77a5f ==== libzypp ==== Version update (17.26.0 -> 17.27.0) - Enhance XML output of repo GPG options (fixes openSUSE/zypper#390) In addition to the effective values, add optional attributes showing the raw values actually present in the .repo file. (raw_gpgcheck, raw_repo_gpgcheck, raw_pkg_gpgcheck) - Link all executables with -pie (bsc#1186447) - Ship an empty /etc/zypp/needreboot per default (fixes #311, jsc#PM-2645) If packages want to trigger the reboot-needed hiint upon installation they may provide 'installhint(reboot-needed)'. Builtin packages triggering the hint without the provides are only kernel and kernel-firmware related. - Add Solvable::isBlacklisted as superset of retracted and ptf packages (bsc#1186503) - Fix segv if ZYPP_FULLOG is set (fixes #317) - version 17.27.0 (22) ==== sysconfig ==== Version update (0.85.6 -> 0.85.7) Subpackages: sysconfig-netconfig - version 0.85.7 - spec: Drop hard dependency on /sbin/ifup - spec: Suggest instead of recommend wicked-service - spec: Mention that the .spec file is in git as well ==== systemd-presets-common-SUSE ==== - To make update of package man work with its new upstream timer and service units both called man-db enable also man-db.timer ==== xz ==== Subpackages: liblzma5 - Upgrade old rpm constructs. ==== zypper ==== Version update (1.14.45 -> 1.14.46) Subpackages: zypper-needs-restarting - Link all executables with -pie (bsc#1186447) - Tag PTF packages in the status column (bsc#1186503) Like retracted packages, a program temporary fix must be explicitly selected and will otherwise not be considered in dependency resolution. - BuildRequires: libzypp-devel >= 17.26.1. - version 1.14.46