Packages changed: colord hwinfo (21.78 -> 21.80) installation-images-MicroOS (17.28 -> 17.30) iputils (20210722 -> 20211215) kernel-source (5.15.7 -> 5.15.8) kubernetes (1.22.2 -> 1.23.0) kubernetes1.22 (1.22.2 -> 1.22.4) kubic-control (0.12.2 -> 0.12.3) libgcrypt ncurses (6.3.20211120 -> 6.3.20211127) openssl-1_1 p11-kit pam pango (1.48.10 -> 1.50.1) patterns-base python-SQLAlchemy (1.4.26 -> 1.4.27) qemu runc (1.0.3 -> 1.1.0~rc1) shadow util-linux util-linux-systemd wireless-regdb (20210828 -> 20211209) xen xfsprogs (5.14.0 -> 5.14.2) xxhash (0.8.0 -> 0.8.1) yast2 (4.4.27 -> 4.4.30) === Details === ==== colord ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_colord.service.patch ==== hwinfo ==== Version update (21.78 -> 21.80) - merge gh#openSUSE/hwinfo#109 - fix logic around cdrom detection - 21.80 - merge gh#openSUSE/hwinfo#108 - Donot close the open tray after read_cdrom_info. - Donot close the open tray after read. - 21.79 ==== installation-images-MicroOS ==== Version update (17.28 -> 17.30) - merge gh#openSUSE/installation-images#555 - don't add Y2* install boot options to target system (jsc#SLE-21308) - 17.30 - merge gh#openSUSE/installation-images#552 - etc: update module.config to match 5.16 - etc/module.config: sort the network modules - kernel 5.16 update - 17.29 ==== iputils ==== Version update (20210722 -> 20211215) - Update to version 20211215 https://github.com/iputils/iputils/releases/tag/20211215 - rarpd and rdisc are going to be removed in next release (https://github.com/iputils/iputils/issues/363) therefore don't pack it since this release - Drop harden_rdisc.service.patch, which was 1) merged upstream 4bb0ace ("systemd: Add ProtectHostname, ProtectKernelLogs") for all services 2) we don't build rdisc since this release ==== kernel-source ==== Version update (5.15.7 -> 5.15.8) - Revert "- rpm/*build: use buildroot macro instead of env variable" buildroot macro is not being expanded inside a shell script. go back to the environment variable usage. This reverts parts of commit e2f60269b9330d7225b2547e057ef0859ccec155. - commit fe85f96 - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - commit a631240 - Linux 5.15.8 (bsc#1012628). - bpf: Add selftests to cover packet access corner cases (bsc#1012628). - clocksource/drivers/dw_apb_timer_of: Fix probe failure (bsc#1012628). - misc: fastrpc: fix improper packet size calculation (bsc#1012628). - irqchip: nvic: Fix offset for Interrupt Priority Offsets (bsc#1012628). - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (bsc#1012628). - aio: Fix incorrect usage of eventfd_signal_allowed() (bsc#1012628). - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (bsc#1012628). - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (bsc#1012628). - irqchip/aspeed-scu: Replace update_bits with write_bits (bsc#1012628). - csky: fix typo of fpu config macro (bsc#1012628). - bus: mhi: core: Add support for forced PM resume (bsc#1012628). - bus: mhi: pci_generic: Fix device recovery failed issue (bsc#1012628). - nvmem: eeprom: at25: fix FRAM byte_len (bsc#1012628). - misc: rtsx: Avoid mangling IRQ during runtime PM (bsc#1012628). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (bsc#1012628). - iio: ad7768-1: Call iio_trigger_notify_done() on error (bsc#1012628). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (bsc#1012628). - iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda (bsc#1012628). - iio: at91-sama5d2: Fix incorrect sign extension (bsc#1012628). - iio: dln2: Check return value of devm_iio_trigger_register() (bsc#1012628). - iio: dln2-adc: Fix lockdep complaint (bsc#1012628). - iio: itg3200: Call iio_trigger_notify_done() on error (bsc#1012628). - iio: kxsd9: Don't return error code in trigger handler (bsc#1012628). - iio: ltr501: Don't return error code in trigger handler (bsc#1012628). - iio: mma8452: Fix trigger reference couting (bsc#1012628). - iio: stk3310: Don't return error code in interrupt handler (bsc#1012628). - iio: trigger: stm32-timer: fix MODULE_ALIAS (bsc#1012628). - iio: trigger: Fix reference counting (bsc#1012628). - iio: gyro: adxrs290: fix data signedness (bsc#1012628). - xhci: avoid race between disable slot command and host runtime suspend (bsc#1012628). - usb: core: config: using bit mask instead of individual bits (bsc#1012628). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (bsc#1012628). - usb: core: config: fix validation of wMaxPacketValue entries (bsc#1012628). - Revert "usb: dwc3: dwc3-qcom: Enable tx-fifo-resize property by default" (bsc#1012628). - USB: gadget: zero allocate endpoint 0 buffers (bsc#1012628). - USB: gadget: detect too-big endpoint 0 requests (bsc#1012628). - selftests/fib_tests: Rework fib_rp_filter_test() (bsc#1012628). - net/qla3xxx: fix an error code in ql_adapter_up() (bsc#1012628). - net, neigh: clear whole pneigh_entry at alloc time (bsc#1012628). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (bsc#1012628). - net: altera: set a couple error code in probe() (bsc#1012628). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (bsc#1012628). - tools build: Remove needless libpython-version feature check that breaks test-all fast path (bsc#1012628). - dt-bindings: net: Reintroduce PHY no lane swap binding (bsc#1012628). - Documentation/locking/locktypes: Update migrate_disable() bits (bsc#1012628). - perf tools: Fix SMT detection fast read path (bsc#1012628). - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (bsc#1012628). - Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge" (bsc#1012628). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (bsc#1012628). - bpf, sockmap: Re-evaluate proto ops when psock is removed from sockmap (bsc#1012628). - mtd: rawnand: fsmc: Fix timing computation (bsc#1012628). - mtd: rawnand: fsmc: Take instruction delay into account (bsc#1012628). - i40e: Fix pre-set max number of queues for VF (bsc#1012628). - i40e: Fix failed opcode appearing if handling messages from VF (bsc#1012628). - clk: qcom: clk-alpha-pll: Don't reconfigure running Trion (bsc#1012628). - clk: imx: use module_platform_driver (bsc#1012628). - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (bsc#1012628). - RDMA/hns: Do not destroy QP resources in the hw resetting phase (bsc#1012628). - RDMA/hns: Do not halt commands during reset until later (bsc#1012628). - ASoC: codecs: wcd934x: return correct value from mixer put (bsc#1012628). - ASoC: codecs: wcd934x: handle channel mappping list correctly (bsc#1012628). - ASoC: codecs: wsa881x: fix return values from kcontrol put (bsc#1012628). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (bsc#1012628). - ASoC: rt5682: Fix crash due to out of scope stack vars (bsc#1012628). - PM: runtime: Fix pm_runtime_active() kerneldoc comment (bsc#1012628). - qede: validate non LSO skb length (bsc#1012628). - ALSA: usb-audio: Reorder snd_djm_devices[] entries (bsc#1012628). - scsi: scsi_debug: Fix buffer size of REPORT ZONES command (bsc#1012628). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (bsc#1012628). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1012628). - i2c: mpc: Use atomic read and fix break condition (bsc#1012628). - tracefs: Set all files to the same group ownership as the mount option (bsc#1012628). - aio: fix use-after-free due to missing POLLFREE handling (bsc#1012628). - aio: keep poll requests on waitqueue until completed (bsc#1012628). - signalfd: use wake_up_pollfree() (bsc#1012628). - binder: use wake_up_pollfree() (bsc#1012628). - wait: add wake_up_pollfree() (bsc#1012628). - io_uring: ensure task_work gets run as part of cancelations (bsc#1012628). - libata: add horkage for ASMedia 1092 (bsc#1012628). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (bsc#1012628). - thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL (bsc#1012628). - clk: qcom: regmap-mux: fix parent clock lookup (bsc#1012628). - mmc: renesas_sdhi: initialize variable properly when tuning (bsc#1012628). - hwmon: (pwm-fan) Ensure the fan going on in .probe() (bsc#1012628). - selftests: KVM: avoid failures due to reserved HyperTransport region (bsc#1012628). - tracefs: Have new files inherit the ownership of their parent (bsc#1012628). - nfsd: Fix nsfd startup race (again) (bsc#1012628). - nfsd: fix use-after-free due to delegation race (bsc#1012628). - md: fix update super 1.0 on rdev size change (bsc#1012628). - perf intel-pt: Fix error timestamp setting on the decoder error path (bsc#1012628). - perf intel-pt: Fix missing 'instruction' events with 'q' option (bsc#1012628). - perf intel-pt: Fix next 'err' value, walking trace (bsc#1012628). - perf intel-pt: Fix state setting when receiving overflow (OVF) packet (bsc#1012628). - perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type (bsc#1012628). - perf intel-pt: Fix sync state when a PSB (synchronization) packet is found (bsc#1012628). - perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage (bsc#1012628). - btrfs: free exchange changeset on failures (bsc#1012628). - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (bsc#1012628). - btrfs: fix re-dirty process of tree-log nodes (bsc#1012628). - btrfs: clear extent buffer uptodate when we fail to write it (bsc#1012628). - scsi: qla2xxx: Format log strings only if needed (bsc#1012628). - cifs: Fix crash on unload of cifs_arc4.ko (bsc#1012628). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (bsc#1012628). - ALSA: pcm: oss: Limit the period size to 16MB (bsc#1012628). - ALSA: pcm: oss: Fix negative period/buffer sizes (bsc#1012628). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (bsc#1012628). - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (bsc#1012628). - ALSA: ctl: Fix copy of updated id with element read/write (bsc#1012628). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1012628). - mm/slub: fix endianness bug for alloc/free_traces attributes (bsc#1012628). - mm/damon/core: fix fake load reports due to uninterruptible sleeps (bsc#1012628). - timers: implement usleep_idle_range() (bsc#1012628). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (bsc#1012628). - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req (bsc#1012628). - KVM: x86: Don't WARN if userspace mucks with RCX during string I/O exit (bsc#1012628). - net: mvpp2: fix XDP rx queues registering (bsc#1012628). - net/sched: fq_pie: prevent dismantle issue (bsc#1012628). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (bsc#1012628). - net: dsa: mv88e6xxx: error handling for serdes_power functions (bsc#1012628). - net: bcm4908: Handle dma_set_coherent_mask error codes (bsc#1012628). - devlink: fix netns refcount leak in devlink_nl_cmd_reload() (bsc#1012628). - IB/hfi1: Correct guard on eager buffer deallocation (bsc#1012628). - iavf: Fix reporting when setting descriptor count (bsc#1012628). - iavf: restore MSI state on reset (bsc#1012628). - netfilter: conntrack: annotate data-races around ct->timeout (bsc#1012628). - netfilter: nft_exthdr: break evaluation if setting TCP option fails (bsc#1012628). - udp: using datalen to cap max gso segments (bsc#1012628). - seg6: fix the iif in the IPv6 socket control block (bsc#1012628). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1012628). - bonding: make tx_rebalance_counter an atomic (bsc#1012628). - ethtool: do not perform operations on net devices being unregistered (bsc#1012628). - ice: ignore dropped packets during init (bsc#1012628). - bpf: Fix the off-by-two error in range markings (bsc#1012628). - bpf: Make sure bpf_disable_instrumentation() is safe vs preemption (bsc#1012628). - bpf, sockmap: Attach map progs to psock early for feature probes (bsc#1012628). - bpf, x86: Fix "no previous prototype" warning (bsc#1012628). - vrf: don't run conntrack on vrf with !dflt qdisc (bsc#1012628). - selftests: netfilter: add a vrf+conntrack testcase (bsc#1012628). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (bsc#1012628). - platform/x86: amd-pmc: Fix s2idle failures on certain AMD laptops (bsc#1012628). - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1012628). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (bsc#1012628). - net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's" (bsc#1012628). - can: m_can: Disable and ignore ELO interrupt (bsc#1012628). - can: m_can: pci: fix iomap_read_fifo() and iomap_write_fifo() (bsc#1012628). - can: m_can: pci: fix incorrect reference clock rate (bsc#1012628). - can: m_can: m_can_read_fifo: fix memory leak in error branch (bsc#1012628). - can: pch_can: pch_can_rx_normal: fix use after free (bsc#1012628). - can: sja1000: fix use after free in ems_pcmcia_add_card() (bsc#1012628). - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter (bsc#1012628). - can: kvaser_usb: get CAN clock frequency from device (bsc#1012628). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (bsc#1012628). - IB/hfi1: Fix early init panic (bsc#1012628). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (bsc#1012628). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1012628). - platform/x86/intel: hid: add quirk to support Surface Go 3 (bsc#1012628). - HID: Ignore battery for Elan touchscreen on Asus UX550VE (bsc#1012628). - HID: sony: fix error path in probe (bsc#1012628). - mmc: spi: Add device-tree SPI IDs (bsc#1012628). - mtd: dataflash: Add device-tree SPI IDs (bsc#1012628). - HID: check for valid USB device for many HID drivers (bsc#1012628). - HID: wacom: fix problems when device is not a valid USB device (bsc#1012628). - HID: bigbenff: prevent null pointer dereference (bsc#1012628). - HID: add USB_HID dependancy on some USB HID drivers (bsc#1012628). - HID: add USB_HID dependancy to hid-chicony (bsc#1012628). - HID: add USB_HID dependancy to hid-prodikeys (bsc#1012628). - HID: add hid_is_usb() function to make it simpler for USB detection (bsc#1012628). - HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested (bsc#1012628). - HID: google: add eel USB id (bsc#1012628). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (bsc#1012628). - usb: gadget: uvc: fix multiple opens (bsc#1012628). - commit 3f92609 - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - commit 301a3a7 - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - commit e2f6026 - Update BT fix patch for regression with 8087:0026 device (bsc#1193124) Also corrected the references and patch description - commit 634695b ==== kubernetes ==== Version update (1.22.2 -> 1.23.0) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Bump coredns to 1.8.6 and coredns for *-minus1 to 1.8.4 - Bump kubernetes-* to 1.23.0, *-minus1 to 1.22.4 and etcd to 3.5.1 ==== kubernetes1.22 ==== Version update (1.22.2 -> 1.22.4) - Update to version 1.22.4: * defer close the rotated log open * proxy/iptables: fix all-vs-ready endpoints a bit * proxy/iptables: Remove a no-op check * proxy/iptables: Add more stuff to the unit test * proxy/iptables: Fix TestOnlyLocalNodePortsNoClusterCIDR * proxy/iptables: test that we create a consistent set of iptables rules * proxy/iptables: Misc improvements to unit test * proxy/iptables: Improve the sorting logic in TestOverallIPTablesRulesWithMultipleServices * proxy/iptables: Fix sync_proxy_rules_iptables_total metric * Fixed nil pointer dereference * Add tests for checking bind mounts * Check subpath file * Add check for subpaths * Fixed unit test SELinux support * Add shortcut for SELinux detection * Don't guess SELinux support on error * Manual cherry pick of kube-openapi changes for release-1.22 Bump kube-openapi against kube-openapi/release-1.22 branch * kube-proxy: fix stale detection logic * Use separate pathSpec for local and remote to properly handle cleaning paths * [go1.16] Update to go1.16.10 * Automated cherry pick of #105122: added keys for structured logging (#105137) * Update debian, debian-iptables, setcap images to pick up CVE-2021-33910 fixes * Fixing how EndpointSlice Mirroring handles Service selector transitions * Add unit tests to cover scheduler's setup * sched: ensure feature gate is honored when instantiating scheduler * Fix race condition in logging when request times out * use original requests in NodeResourcesBalancedAllocation instead of NonZero * Remove nodes with Cluster Autoscaler taint from LB backends. * Fix issue in node status updating VolumeAttached list * Support cgroupv2 in node problem detector test * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.3 * Free APF seats for watches handled by an aggregated apiserver. * parameter 'disabled-metrics' is invalid * Run storage hostpath e2e test client pod as privileged * support more than 100 disk mounts on Windows * [go1.16] Update to go1.16.9 * Clear initial UDP conntrack entries for loadBalancerIPs * Verifying the auth headers are set for upgraded aggregated API requests * apiserver aggregator upgrade unit test * Aggregator uses the regular transport even if the request requires upgrades * Fix PreferNominatedNode test * Remove Error Message Check Dynamic PV Tests * go fmt * Add e2e test to verify kubelet restart behaviour * kubelet: set terminated podWorker status for terminated pods * Fix quota controller hotloop in integration tests * remove StartedPodsErrorsTotal metrice message * Copy VolumeSnapshotContent annotations in snapshottable.go test * Fix bugs in e2e pod test * Ensure terminal pods maintain terminal status * Do not sync Waiting statuses for Terminated pods * Adds CancelRequest function to CommandHeadersRoundTripper * Fixes kubectl command headers which hangs on kubectl run * Revert "Build non-static binaries with PIE buildmode" * Ignore VMs in vmss delete backend pools * Fix CSR test to accept certs shorter than the requested duration * fix: skip not found nodes when reconciling LB backend address pools * fix: consolidate logs for instance not found error * Remove a duplicate StorageClass creation call * Update Containerd version - GCE Windows * e2e scheduling priorities: do not reference control loop variable * storege e2etest: Delete restored PVC/Pod in snapshottable * pkg/kubelet/cm/memorymanager: Fix ErrorS key/value pair * v1.22: Fix test flake in old svc registry * 'New' Event namespace validate failed * kubelet: Handle UID reuse in pod worker * Add test for recreating a static pod * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.2 * Refine locking in API Priority and Fairness config controller * kube-controller-manager: properly check generic ephemeral volume feature * Fix null JSON round tripping * Propagate conversion errors * integration test * fix 104329: check for headless before trying to release the ClusterIPs * fix detach disk issue on deleting node * kubelet: fix sandbox creation error suppression when pods are quickly deleted * remove listx from OWNERS_ALIASES ==== kubic-control ==== Version update (0.12.2 -> 0.12.3) Subpackages: kubic-haproxycfg kubicctl kubicd - Revert to go 1.14 until we have a solution for the go certificate handling changes - Update to version 0.12.3 - Fix last PR - Require go 1.17 or newer ==== libgcrypt ==== - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480] * gcry_mpi_sub_ui: fix subtracting from negative value * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch ==== ncurses ==== Version update (6.3.20211120 -> 6.3.20211127) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20211127 + fix errata in description fields (report by Eric Lindblad) -TD + add x10term+sl, aixterm+sl, ncr260vp+sl, ncr260vp+vt, wyse+sl -TD - Correct offsets of patch ncurses-6.3.dif ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. ==== p11-kit ==== Subpackages: libp11-kit0 p11-kit-tools - Enable systemd support ==== pam ==== Subpackages: pam_unix - Drop pam_umask-usergroups-login_defs.patch, does more harm than helps. If not explizit specified as module option, we use UMASK from login.defs unmodified. ==== pango ==== Version update (1.48.10 -> 1.50.1) - Update to version 1.50.1: + Fix a crash in tab handling. + Fix tab positioning without line wrapping. + Fix an assertion failure found by fuzzing. + Make underlines work again for broken fonts. - Update to version 1.50.0: + Fix glyph placement in gravity east + Fix line heights in improper gravities + Only shown selected ignorables with nicks + Support tab alignments other than left + Support custom decimal points on decimal tabs + Fix a pango-view crash + Optimize handling of many tabs + Drop json-glib dependency - Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed. - Update to version 1.49.4: + Require fontconfig 2.13 + Require harfbuzz 2.6 + Many fixes to line breaking accuracy + coretext: Correctly clamp text weights at min/max values + Add serialization api for PangoLayout, PangoFont and PangoAttrList + Require json-glib + tests: - Use serialized layouts for test cases - Include fonts in git + pango-view: Accept serialized layouts + Fix a rounding problem with font metrics + Fix visible space display using ? - Changes from version 1.49.3: + Fix hinting of glyph metrics + Fix logical glyph extents in vertical gravities + Visualize more default-ignorable glyphs + Fix advance widths in transformed contexts + Implement Small Caps and other casing variations - Changes from version 1.49.2: + Update Unicode data to Unicode 14 + Fix underlining of spaces + Round font metrics when appropriate + Fix some corner cases of cursor positioning + Handle Catalan middle-dot in text segmentation - Changes from version 1.49.1: + Only recompute log attrs when needed + Validate log attrs + Fix conformance issues in Thai and Indic linebreaking + Add pango_attr_break to support customizing line and word breaks + Add font-dependent baseline shifts and sizing for super- and subscripts + Improve hyphenation support + pango-view: - Visualize caret positions and slopes - Show glyph rects - Make --annotate easier to use + Add pango_layout_get_caret_pos to support sloped carets + Improve caret positioning for ligatures + Better under- and overline placement + layout: - Allocate a bit less - Fix cluster extents with rise + Add pango_layout_iter_get_run_baseline + Add pango_glyph_string_index_to_x_full + coretext: Set size on font descriptions + Add color information to PangoGlyphVisAttr - Changes from version 1.49.0: + Require fribidi 1.0.6 + Fix threadsafety issues with Thai + Fix a rounding problem on i386 + Fix font choice for ellipsis + New api: - pango_font_get_languages - Introspection helpers for attributes + Ignore width in horizontal context when itemizing + markup: - Allow specifying size and rise in points - Allow specifying size as percentage + Rewrite pango_layout_move_cursor_visually + Add a line-height attribute and make logical line extents respect it + Add pango_justify_last_line + Add pango_shape_item + Add a text-transform attribute and implement it + Clean up fribidi api usage + Fix a bug in the gravity data table + pango-view: Improve the --annotate option + Fix a possible crash in rendering strikethroughs - Add pkgconfig(json-glib-1.0) BuildRequires, new dependency. ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Drop low-memory-monitor: It's not enabled by default, not used by any of the default applications and would conflict with other installed OOM handling daemons like earlyoom or oomd - Run pre_checkin.sh - base: favour psmisc over busybox-psmisc or other equivalents - enhanced_base: Recommend low-memory-monitor an early boot daemon to monitor memory pressure and react to low memory. - Run pre_checkin.sh to sync 32-bit patterns. ==== python-SQLAlchemy ==== Version update (1.4.26 -> 1.4.27) - update to 1.4.27: Bugfixes * see https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.27 ==== qemu ==== - Reinstate Lin Ma's fixes for bsc#1192147 as they were submitted only to IBS. * Patches added: hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch pcie-rename-native-hotplug-to-x-native-h.patch - Rename the Guest Agent service qemu-guest-agent, like in other distros (and upstream). bsc#1185543 - disable QOM cast debug outside the testsuite as the corresponding asserts show up occassionally as top #1 in perf(1) traces under heavy virtio load - enable LTO when we'd like to use LTO ==== runc ==== Version update (1.0.3 -> 1.1.0~rc1) - Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has?exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. - Drop runc-rpmlintrc because we don't have runc-test anymore. ==== shadow ==== Subpackages: login_defs - Really enable USERGROUPS_ENAB [bsc#1189139]. Did go lost during merges. ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954) on released products. ==== util-linux-systemd ==== - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954) on released products. ==== wireless-regdb ==== Version update (20210828 -> 20211209) - Update to version 20211209: * wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US ==== xen ==== - bsc#1193307 - pci backend does not exist when attach a vf to a pv guest libxl-PCI-defer-backend-wait.patch ==== xfsprogs ==== Version update (5.14.0 -> 5.14.2) - update to 5.14.2: - libxfs: move rogue fallthrough macro out of linux.h - libxfs: fix atomic64_t for 32-bit architectures - libfrog: fix crc32c self test code on cross builds ==== xxhash ==== Version update (0.8.0 -> 0.8.1) - update to 0.8.1: * perf : much improved performance for XXH3 streaming variants, notably on gcc and msvc * perf : improved XXH64 speed and latency on small inputs * perf : small XXH32 speed and latency improvement on small inputs of random size * perf : minor stack usage improvement for XXH32 and XXH64 * api : new experimental variants XXH3_*_withSecretandSeed() * api : update XXH3_generateSecret(), can no generate secret of any size (>= XXH3_SECRET_SIZE_MIN) * cli : xxhsum can now generate and check XXH3 checksums, using command `-H3` * build: can build xxhash without XXH3, with new build macro XXH_NO_XXH3 * build: fix xxh_x86dispatch build with MSVC, by @apankrat * build: XXH_INLINE_ALL can always be used safely, even after XXH_NAMESPACE or a previous XXH_INLINE_ALL * build: improved PPC64LE vector support * install: fix pkgconfig * install: compatibility with Haiku * doc : code comments made compatible with doxygen * misc : XXH_ACCEPT_NULL_INPUT_POINTER is no longer necessary, all functions can accept NULL input pointers, as long as size == 0 * misc : complete refactor of CI tests on Github Actions, offering much larger coverage * misc : xxhsum code base split into multiple specialized units, within directory cli/ - add 836f4e735cf368542f14005e41d2f84ec29dfd60.patch (fix manpage installation) ==== yast2 ==== Version update (4.4.27 -> 4.4.30) - Fixed RelURL to work properly with the FTP URLs (related to jsc#SLE-22669) - 4.4.30 - Fixed RelURL unit test randomly crashing (related to jsc#SLE-22669) - 4.4.29 - Added RelURL class for working with relative URLs ("relurl://") (jsc#SLE-22669) - 4.4.28