- SUSEConnect
-
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
- apparmor
-
- Don't provide python2 symbol for python3 package (bsc#1191690).
- Be explicit about using python2 macros, when needed.
- augeas
-
- Allow all printable ASCII characters in WPA-PSK definition
* augeas-allow_printable_ASCII.patch
* bsc#1187512
* Sourced from https://github.com/hercules-team/augeas/pull/723/commits
* Credit to Michal Filka <mfilka@suse.com
- ca-certificates-mozilla
-
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
- containerd
-
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Install systemd service file as well (fixes bsc#1190826)
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
- bsc1188282-use-chmod-path-for-checking-symlink.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
- Build with go1.15 for reproducible build results (boo#1102408)
- curl
-
- MIME: Properly check Content-Type even if it has parameters
* Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
* STARTTLS protocol injection via MITM
* Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
* Protocol downgrade required TLS bypassed
* Add curl-CVE-2021-22946.patch
- docker
-
- Update to Docker 20.10.9-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1191355
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
bsc#1190670
+ 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Add shell requires for the *-completion subpackages.
- dracut
-
- Update to version 049.1+suse.209.gebcf4f33:
* fix(systemd): add unit files for systemd-coredump (bsc#1190845)
- Update to version 049.1+suse.207.g72a93d93:
* fcoe/fcoe-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1186260)
* fix: /var/lib/nfs/statd/sm is /var/lib/nfs/sm on SUSE (bsc#1184970)
- glibc
-
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
(CVE-2021-33574, bsc#1186489, BZ #27896)
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- iproute2
-
ss-fix-end-of-line-printing-in-misc-ss.c.patch
xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch
bridge-Fix-typo.patch
bridge-Fix-output-with-empty-vlan-lists.patch
tc-action-fix-time-values-output-in-JSON-format.patch
Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch
bpf-Fixes-a-snprintf-truncation-warning.patch
tipc-fixed-a-compile-warning-in-tipc-link.c.patch
ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch
bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch
ip-link-Fix-indenting-in-help-text.patch
ip-iplink_ipoib.c-Remove-extra-spaces.patch
devlink-fix-uninitialized-warning.patch
bridge-fix-string-length-warning.patch
f_u32-fix-compiler-gcc-10-compiler-warning.patch
rdma-Fix-statistics-bind-unbing-argument-handling.patch
lib-namespace-fix-ip-all-netns-return-code.patch
lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch
lib-fs-avoid-double-call-to-mkdir-on-make_path.patch
q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch
ip-xfrm-limit-the-length-of-the-security-context-nam.patch
erspan-fix-JSON-output.patch
devlink-always-check-strslashrsplit-return-value.patch
nexthop-fix-memory-leak-in-add_nh_group_attr.patch
rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch
rdma-stat-fix-return-code.patch
lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch
lib-bpf_legacy-fix-missing-socket-close-when-connect.patch
ip-drop-2-char-command-assumption.patch
man-fix-syntax-for-ip-link-property.patch
lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch
ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch
libnetlink-check-error-handler-is-present-before-a-c.patch
ipmonitor-Fix-recvmsg-with-ancillary-data.patch
tc-u32-Fix-key-folding-in-sample-option.patch
man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch
ss-fix-fallback-to-procfs-for-raw-sockets.patch
iptuntap-fix-multi-queue-flag-display.patch
tc-f_flower-fix-port-range-parsing.patch
lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch
- refresh:
ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
- kdump
-
- kdump-do-not-iterate-past-end-of-string.patch:
URLParser::extractAuthority(): Do not iterate past end of string
(bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
code checking after "/local"/ with assignment (bsc#1184616
LTC#192282).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
/etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
initrd.target.wants directory exists (bsc#1172670).
- kernel-default
-
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- powercap: intel_rapl: add support for Sapphire Rapids
(jsc#SLE-15289).
- commit 053c38b
- series.conf: cleanup
- move a kabi workaround into correct section:
patches.kabi/ipvs-Fix-up-kabi-for-expire_nodest_conn_work-additio.patch
- commit bc02214
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
(bsc#1191292).
- commit d8d828e
- blacklist.conf: Update for 51e1bb9eeaf7
- commit fe28675
- x86/alternatives: Teach text_poke_bp() to emulate instructions
(bsc#1185302).
- Refresh
patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit ef191ae
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
(bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 71f9eaf
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
(bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 57a6cb7
- blacklist.conf: 3a1255396b5a x86/alternatives: add missing insn.h include
- commit 53a5b9c
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
state is enforced from sysfs (git-fixes).
- commit 2560193
- ipc: remove memcg accounting for sops objects in do_semtimedop()
(bsc#1190115).
- Delete
patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
Refreshing patch with upstream metadata.
- commit 2d6ef2e
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit 628c3ee
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 466f31b
- powerpc/powernv: Fix machine check reporting of async store
errors (bsc#1065729).
- commit 0b715ae
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
flags (bsc#1065729).
- commit f3110f1
- drm/i915/rkl: Remove require_force_probe protection
(bsc#1189257).
- commit 94530db
- apparmor: remove duplicate macro list_entry_is_head()
(git-fixes).
- commit 514b75b
- xhci: Set HCD flag to defer primary roothub registration
(git-fixes).
- commit 8f4e75e
- USB: serial: option: add device id for Foxconn T99W265
(git-fixes).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
Multimeter (git-fixes).
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
(git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- commit 0a6378c
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (git-fixes).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
(git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations
(git-fixes).
- commit dbd9f90
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
(git-fixes).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
(git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ASoC: fsl_micfil: register platform component before registering
cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume
function (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- watchdog/sb_watchdog: fix compilation problem due to
COMPILE_TEST (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
(git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- commit 71b860e
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies() (git-fixes).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
(git-fixes).
- pwm: rockchip: Don't modify HW state in .remove() callback
(git-fixes).
- pwm: img: Don't modify HW state in .remove() callback
(git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
(git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety
(git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- commit a8d4022
- fpga: machxo2-spi: Fix missing error code in
machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
(git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- gpio: uniphier: Fix void functions to remove return value
(git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
(git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- commit 79aec8d
- clk: at91: clk-generated: pass the id of changeable parent at
registration (git-fixes).
- Refresh
patches.suse/clk-at91-clk-generated-Limit-the-requested-rate-to-o.patch.
- commit 39cefdd
- drm/amd/amdgpu: Update debugfs link_settings output link_rate
field in hex (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section
(git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry
(git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd
(git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing
to the head (git-fixes).
- commit 60017cf
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix
possible uninitialized-variable access in
amdgpu_i2c_router_select_ddc_port() (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value
(git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
(git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional
regulator (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status'
structure (git-fixes).
- iwlwifi: mvm: fix a memory leak in
iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object
to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- commit 4c6f48f
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- mfd: Don't use irq_create_mapping() to resolve a mapping
(git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error
(git-fixes).
- media: uvc: don't do DMA on stack (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- mmc: core: Return correct emmc response in case of ioctl error
(git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled
(git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions
(git-fixes).
- commit 9209c5a
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
(git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
for PIO response (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PM: base: power: don't try to use non-existing RTC for storing
data (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices
(git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
(git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
(git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
(git-fixes).
- commit 61f24a4
- rtc: tps65910: Correct driver module alias (git-fixes).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
(git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference
(git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet
(git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly
unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
(git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line
changes (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size
(git-fixes).
- commit f3797b6
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input
(git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state
(git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup
(git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb
(git-fixes).
- usb: host: fotg210: fix the endpoint's transactional
opportunities calculation (git-fixes).
- commit f1407f0
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
ath9k modules have some exported symbols for the common helpers
and the recent fixes broke kABI of those. They are specific to
ath9k's own usages, so safe to ignore.
- commit 7579b4b
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
bsc#1191193).
- commit bc02804
- ath9k: Postpone key cache entry deletion for TXQ frames
reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
(CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- commit 5fe383f
- Refresh
patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch.
- commit 7f69543
- Update patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch
(bsc#1190746 bsc#1191172).
cache.group_info (aka cache.cred) was not properly initialized when
- >access() was called.
- commit 9ff84db
- ipc: replace costly bailout check in sysvipc_find_ipc()
(bsc#1159886 bsc#1188986 CVE-2021-3669).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- commit af97833
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition
(bsc#1171688 bsc#1174003 bsc#1190576).
- commit 3952cc0
- Update config files.
- commit 48075c9
- fix patch metadata
- fix Patch-mainline:
- patches.suse/net-mana-Fix-a-memory-leak-in-an-error-handling-path.patch
- commit 12cbf84
- series.conf: cleanup
- move submitted patches to "/almost mainline"/ section:
- patches.suse/NFS-change-nfs_access_get_cached-to-only-report-the-.patch
- patches.suse/NFS-pass-cred-explicitly-for-access-tests.patch
- patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch
- commit a3b4285
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit b88ab2e
- blacklist.conf: too intrusive, gone in through SP3
- commit a81e8d3
- blacklist.conf: too intrusive, gone in through SP3
- commit 4bedee6
- blacklist.conf: too intrusive, gone in through SP3
- commit 0474866
- blacklist.conf: kABI
- commit e8337cf
- cpuidle: pseries: Do not cap the CEDE0 latency in
fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes
jsc#SLE-18128).
- commit cfe4b84
- x86/mm: Fix kern_addr_valid() to cope with existing but not
present entries (bsc#1152489).
- commit 1efaf04
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- commit 54b59b3
- Refresh
patches.suse/drm-amd-display-Initialize-attribute-for-hdcp_srm-sy.patch.
Added Alt-commit for duplicate
- commit 86167e7
- drm/ast: Fix missing conversions to managed API (git-fixes).
- commit cab6852
- Refresh patches.suse/drm-i915-Fix-crash-in-auto_retire.patch.
Added Alt-commit for duplicate
- commit 334db42
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- commit ed3952b
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- commit 4e7e865
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- commit 44e26ca
- Refresh
patches.suse/drm-amdgpu-Init-GFX10_ADDR_CONFIG-for-VCN-v3-in-DPG-.patch.
Added Alt-commit for duplicate
- commit fa028bf
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- commit bac299d
- nvme: fix refcounting imbalance when all paths are down
(bsc#1188067).
- Refresh
patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch.
- commit 44b2d54
- series: Update meta data and resort
Refresh the metad data and sort into correct position:
patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch
patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch
patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch
patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch
patches.suse/scsi-lpfc-Remove-unneeded-variable.patch
patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch
- commit 12f1564
- Update
patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
(CVE-2021-3752 bsc#1190023).
- commit 6b966b4
- Update
patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
(CVE-2021-3752 bsc#1190023).
- commit 65458cc
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- commit 8e058be
- Restore kabi after NFS: pass cred explicitly for access tests
(bsc#1190746).
- NFS: don't store 'struct cred *' in struct nfs_access_entry
(bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- NFS: change nfs_access_get_cached to only report the mask
(bsc#1190746).
- commit 907996a
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER
(git-fixes).
- commit 931b672
- usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned() (git-fixes).
- commit 11a541f
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume
__maybe_unused (git-fixes).
- commit 6bec20e
- drm/i915: Allow the sysadmin to override security mitigations
(git-fixes).
- commit c1eb827
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- commit 3009743
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
(bsc#1152489).
- commit 15eb225
- enetc: Fix uninitialized struct dim_sample field usage
(git-fixes).
- PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing
'ranges' (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config
(git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch
use-cases (git-fixes).
- optee: Fix memory leak when failing to register shm pages
(git-fixes).
- commit 1758b20
- powerpc: fix function annotations to avoid section mismatch
warnings with gcc-10 (bsc#1148868).
- commit 9e9276f
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit e17894e
- Revert "/rpm: Abolish scritplet templating (bsc#1189841)."/ (bsc#1190598)
This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f.
These changes depend on a suse-module-tools update which has not reached
SLE15-SP2/3 and Leap 15.2/3 yet, causing both build failures and
unsatisfiable dependency of resulting binary packages.
Revert the commit temporarily until suse-module-tools is updated.
- commit 7d43568
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 9763078
- powerpc/pseries: Prevent free CPU ids being reused on another
node (bsc#1190620 ltc#194498).
- commit 7097b6c
- net: sched: sch_teql: fix null-pointer dereference
(bsc#1190717).
- commit 0a89f09
- x86/alternatives: Teach text_poke_bp() to emulate instructions
(bsc#1190561).
- Refresh
patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit 1c9f1df
- mm/swap: consider max pages in iomap_swapfile_add_extent
(bsc#1190785).
- commit afb626e
- iomap: Fix negative assignment to unsigned sis->pages in
iomap_swapfile_activate (bsc#1190784).
- commit 7126cba
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
(bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
(bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
(bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
(bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
(bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
(bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
(bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
(bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
(bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
(bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
processing (bsc#1190576).
- commit 1435c13
- blacklist.conf: kABI
- commit 3cb18d9
- blacklist.conf: kABI
- commit dcb25ee
- blacklist.conf: kABI
- commit d400b4c
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0fb9cd2
- usb: dwc2: Avoid leaving the error_debugfs label unused
(git-fixes).
- commit fb08350
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758
ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758
ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758
ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758
ltc#191943).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758
ltc#191943).
- commit dea5bd2
- x86/resctrl: Fix a maybe-uninitialized build warning treated
as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting
(bsc#1152489).
- commit 450cdb2
- vmxnet3: update to version 6 (bsc#1190406).
- commit 8d3dc67
- vmxnet3: increase maximum configurable mtu to 9190
(bsc#1190406).
- commit bd5109d
- vmxnet3: set correct hash type based on rss information
(bsc#1190406).
- commit e1e474b
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- commit 1687646
- vmxnet3: remove power of 2 limitation on the queues
(bsc#1190406).
- commit f3834f6
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- commit fbdf2fe
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- commit 7e0fe82
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- commit 73351a3
- xfs: sync lazy sb accounting on quiesce of read-only mounts
(bsc#1190679).
- commit 668fdef
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 7e0dc1d
- s390/unwind: use current_frame_address() to unwind current task
(bsc#1185677).
- commit 92c31e7
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
(bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
(bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
(bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
(bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
(bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
Refresh and update:
- patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch
- scsi: core: Add helper to return number of logical blocks in
a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
(bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
(bsc#1190576).
- commit e13d431
- Refresh patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
Add else braces.
- commit f230c58
- series.conf: cleanup
- update upstream reference and resort:
- patches.suse/ibmvnic-check-failover_pending-in-login-response.patch
- commit 2b5f056
- kernel-binary.spec: Check for no kernel signing certificates.
Also remove unused variable.
- commit bdc323e
- Revert "/rpm/kernel-binary.spec: Use only non-empty certificates."/
This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- fuse: flush extending writes (bsc#1190595).
- cuse: fix broken release (bsc#1190596).
- commit 232b4ea
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- ipvs: Fix up kabi for expire_nodest_conn_work addition
(bsc#1190467).
- ipvs: queue delayed work to expire no destination connections
if expire_nodest_conn=1 (bsc#1190467).
- ipvs: allow connection reuse for unconfirmed conntrack
(bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- commit e0da213
- ext4: fix race writing to an inline_data file while its xattrs
are changing (bsc#1190159 CVE-2021-40490).
- commit 4fadd7d
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
(bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 4ee91a7
- xfs: allow mount/remount when stripe width alignment is zero
(bsc#1188651).
- commit e701c22
- bnxt_en: Fix asic.rev in devlink dev info command
(jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup
(jsc#SLE-13208).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- net/mlx5: Fix missing return value in
mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: drop useless check of PCI driver data validity
(bsc#1167773).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- igc: Use num_tx_queues when iterating over tx_ring queue
(jsc#SLE-13533).
- ice: do not abort devlink info if board identifier can't be
found (jsc#SLE-12878).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- ice: don't remove netdev->dev_addr from uc sync list
(git-fixes).
- bareudp: Fix invalid read beyond skb's linear data
(jsc#SLE-15172).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added
to it recently (jsc#SLE-15175).
- commit 3dc7052
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
(git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
(bsc#1173746).
- devlink: Break parameter notification sequence to be
before/after unload/load driver (bsc#1154353).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- ionic: cleanly release devlink instance (bsc#1167773).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- cxgb4: dont touch blocked freelist bitmap after free
(git-fixes).
- e1000e: Do not take care about recovery NVM checksum
(jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
(bsc#1170774).
- iavf: Fix ping is lost after untrusted VF had tried to change
MAC (jsc#SLE-7940).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
(git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells
(git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- net/mlx5: Fix return value from tracer initialization
(git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route
(git-fixes).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5: E-Switch, handle devcom events only for ports on
the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- ionic: count csum_none when offload enabled (bsc#1167773).
- i40e: Fix log TC creation failure when max num of queues is
exceeded (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware
(git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- commit f97144d
- powerpc/numa: Consider the max NUMA node for migratable LPAR
(bsc#1190544 ltc#194520).
- commit ea0d9bb
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha
(git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase
(git-fixes).
- drm/msm/mdp4: refactor HW revision detection into
read_mdp_hw_revision (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove()
(git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID
(git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- commit 6612614
- fbmem: don't allow too huge resolutions (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover
(git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
(git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc()
(git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- libata: fix ata_host_start() (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF
(git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on
readb / writeb errors (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- commit 0c36126
- time: Handle negative seconds correctly in timespec64_to_ns()
(git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted()
(git-fixes).
- commit b2d42ef
- ibmvnic: check failover_pending in login response (bsc#1190523
ltc#194510).
- commit 9f9cec0
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- Refresh
patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
- commit a89813f
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- commit 9def092
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
(bsc#1189297).
- commit 913942c
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT
state (bsc#1190062).
- commit e5272e8
- clk: at91: clk-generated: Limit the requested rate to our range
(git-fixes).
- commit c432b6b
- nvme: only call synchronize_srcu when clearing current path
(bsc#1188067).
- nvme-tcp: Do not reset transport on data digest errors
(bsc#1188418).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- commit 359f763
- phy: tegra: xusb: Fix dangling pointer on probe failure
(git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- commit b7afa19
- blacklist.conf: add efa non backportable patch
- commit ebbcbd1
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the
dest IP (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's
optstring (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map
(git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install'
(git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore
(git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog
load command (bsc#1177028).
- selftests/bpf: Define string const as global for
test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang
change (git-fixes).
- commit 37bd48e
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc()
fails (git-fixes).
- commit bc5a062
- ipc: remove memcg accounting for sops objects in do_semtimedop()
(bsc#1190115).
- commit 561fbd8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
(bsc#1190358).
The script part for base package case is completely separate from the
part for subpackages. Remove the part for subpackages from the base
package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
(bsc#1190358).
Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- EDAC/mce_amd: Do not load edac_mce_amd module on guests
(bsc#1190138).
- commit 2d1891d
- rpm: Abolish scritplet templating (bsc#1189841).
Outsource kernel-binary and KMP scriptlets to suse-module-tools.
This allows fixing bugs in the scriptlets as well as defining initrd
regeneration policy independent of the kernel packages.
- commit e98096d
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
suse-release has arbitrary values in staging, we can't use it for
dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
- bluetooth: eliminate the potential race condition when removing
the HCI controller (bsc#1184611 CVE-2021-32399).
- commit b57a022
- krb5
-
- Fix KDC null pointer dereference via a FAST inner body that
lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
* 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
- less
-
- Add missing runtime dependency on which, which is used by lessopen.sh.
Fix bsc#1190552.
- libsolv
-
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
- libzypp
-
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
- Make sure to keep states alives while transitioning
(bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
If environment variables are unhandy one may enable the desired
techpreview in zypp.conf as well:
[main]
techpreview.ZYPP_SINGLE_RPMTRANS=1
techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)
- Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a
not UsrMerged Tumbleweed system.
- version 17.28.2 (22)
- Fix crashes in logging code when shutting down (bsc#1189031)
- version 17.28.1 (22)
- Rephrase vendor conflict message in case 2 packages are
involved (bsc#1187760)
This covers the case where not the packages itself would change
its vendor, but replaces a package from a different vendor.
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails
(bsc#1187224)
Rpm by default only shows the short key ID when checking the
signature of a package fails. This patch reads the signatures
from the RPM headers and replaces she short IDs with the key
fingerprints fetched from the signatures.
- Implement alternative single transaction commit strategy.
This patch adds a experimental commit strategy that runs all
operations in a single rpm transaction, speeding up the execution
a lot.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media
backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails with kernels from Kernel:HEAD
(bsc#1187738)
There recently was a change in the kernel package naming scheme
in regards to rc kernels. Since kernel upstream uses characters
in the version that are not allowed in rpm versions a "/-rc"/ was
previously replaced with "/.rc"/ which broke sorting by version, to
fix this issue it was replaced with "/~rc"/, which unfortunately
broke the purge-kernels logic. This patch makes sure purge-kernel
does apply the same conversion.
- version 17.28.0 (22)
- lvm2
-
- vgextend crash when extending VG with missing PV (bsc#1191019)
+ bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch
- ncurses
-
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
CVE-2021-39537: ncurses: heap-based buffer overflow in
_nc_captoinfo in captoinfo.c
- pam
-
- Corrected a bad directive file which resulted in
the "/securetty"/ file to be installed as "/macros.pam"/.
[pam.spec]
- Added tmpfiles for pam to set up directory for pam_faillock.
[pam.conf]
- Corrected macros.pam entry for %_pam_moduledir
Cleanup in pam.spec:
* Replaced all references to ${_lib}/security in pam.spec by
%{_pam_moduledir}
* Removed definition of (unused) "/amdir"/.
- Added new file macros.pam on request of systemd.
[bsc#1190052, macros.pam]
- Added pam_faillock to the set of modules.
[jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
- pcre
-
- pcre 8.45 (the final release)
* Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
* Small patch to pcreposix.c to set the erroroffset field to -1 immediately
after a successful compile, instead of at the start of matching to avoid a
sanitizer complaint (regexec is supposed to be thread safe).
* Check the size of the number after (?C as it is read, in order to avoid
integer overflow. (bsc#1172974, CVE-2020-14155)
* Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
in pcretest.
- pcre 8.43
* In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
negative class with no characters less than 0x100 followed by a positive class
with only characters less than 0x100, the first class was incorrectly being
auto-possessified, causing incorrect match failures.
* If the only branch in a conditional subpattern was anchored, the whole
subpattern was treated as anchored, when it should not have been, since the
assumed empty second branch cannot be anchored. Demonstrated by test patterns
such as /(?(1)^())b/ or /(?(?=^))b/.
* Fix subject buffer overread in JIT when UTF is disabled and X or R has
a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
(bsc#1172973 CVE-2019-20838)
* If a pattern started with a subroutine call that had a quantifier with a
minimum of zero, an incorrect "/match must start with this character"/ could be
recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
be the first character of a match.
- pcre 8.42
* If a backreference with a minimum repeat count of zero was first in a
pattern, apart from assertions, an incorrect first matching character could be
recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
as the first character of a match.
* Fix out-of-bounds read for partial matching of /./ against an empty string
when the newline type is CRLF.
* When matching using the the REG_STARTEND feature of the POSIX API with a
non-zero starting offset, unset capturing groups with lower numbers than a
group that did capture something were not being correctly returned as "/unset"/
(that is, with offset values of -1).
* Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
containing multi-code-unit characters caused bad behaviour and possibly a
crash. This issue was fixed for other kinds of repeat in release 8.37 by change
38, but repeating character classes were overlooked.
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#136
- report error if config file could not be updated (bsc#1188768)
- 0.936
- merge gh#openSUSE/perl-bootloader#135
- fix typo in update-bootloader
- 0.935
- rpm-config-SUSE
-
- Support ZSTD compressed kernel modules
[bsc#1190850,
bsc1190850-support-zstd-compressed-kernel-modules.patch]
- runc
-
- Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the "/adding seccomp filter
rule for syscall ..."/ error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful "/failed to decode ..."/ errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
- Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ("/interrupted system call"/) on an
Azure volume.
* Fixed "/unable to find groups ... token too long"/ error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
with runc under openSUSE MicroOS's SELinux policy. boo#1187704
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert "/number of IOs"/ statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed "/retry on dbus disconnect"/ logic introduced in rc94
* cgroups/systemd: fixed returning "/unit already exists"/ error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make "/runc --version"/ output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
- Update to runc v1.0.0~rc95. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). bsc#1185405
- Update to runc v1.0.0~rc94. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix "/chdir to cwd: permission denied"/ for some setups
- Remove upstreamed patches:
- 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
syscalls unusable for glibc.
- suse-module-tools
-
- Update to version 15.3.13:
* fixup "/rpm-script: fix bad exit status in OpenQA (bsc#1191922)"/
- Update to version 15.3.12:
* rpm-script: fix bad exit status in OpenQA (bsc#1191922)
* cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
* cert-script: Deal with existing $cert.delete file (bsc#1191804).
- Update to version 15.3.11:
* inkmp-script(postun): don't pass existing files to weak-modules2
(boo#1191200)
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems
(boo#1191260)
- Update to version 15.3.10:
* Import kernel scriptlets from kernel-source
(bsc#1189841, bsc#1190598)
* Provide "/suse-kernel-rpm-scriptlets"/
- Update to version 15.3.9:
* fix problem that initrd may not be rebuilt after installing
kernel-$flavor-extra (bsc#1189441)
- systemd
-
- Import commit 263f7076bc77475045193653a785bbdc0457b5c6
239e0ce5e7 journalctl: never fail at flushing when the flushed flag is set (bsc#1188588)
0db7e590e1 manager: reexecute on SIGRTMIN+25, user instances only
ef8afc4545 core: Make sure cgroup_oom_queue is flushed on manager exit
f794e01080 cgroup: do 'catchup' for unit cgroup inotify watch files
54369b7660 manager: Fix HW watchdog when systemd starts before driver loaded (bsc#1189446)
1d0524bd54 pid1: various minor watchdog modernizations
- Drop 1007-tmpfiles-follow-SUSE-policies.patch
Since most of the tmpfiles config files shipped by upstream are
ignored (see previous commit "/Drop most of the tmpfiles that deal
with generic paths"/), this patch is no more relevant.
- Update 60-io-scheduler.rules (jsc#SLE-21032, bsc#1134353)
* rules weren't applied to dm devices (multipath), fix it
(bsc#1188713)
* ignore obsolete "/elevator"/ kernel parameter (bsc#1184994)
("/elevator"/ did falsely overide settings even for blk-mq, fixed).
* remove support for single-queue block IO which the kernel doesn't
support any more.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Import commit f5c33d9f82d3d782d28938df9ff09484360c540d (merge of v246.16)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d
- Avoid the error message when udev is updated due to udev being
already active when the sockets are started again (bsc#1188291)
- util-linux
-
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
fix testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- util-linux-systemd
-
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
fix testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- zypper
-
- Avoid calling 'su' to detect a too restrictive sudo user umask
(bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires: libzypp-devel >= 17.28.3.
- version 1.14.49
- Support new reports for singletrans rpm commit.
- BuildRequires: libzypp-devel >= 17.27.1.
For lock/query comments.
- Prompt: choose exact match if prompt options are not prefix
free (bsc#1188156)
- Install summary: Show new and removed packages closer to the
prompt (fixes #403)
These packages are usually more interesting than the updated
ones. In case of doubt less scrolling is needed to see them.
- Add need reboot/restart hint to XML install summary
(bsc#1188435)
- Add comment option for lock command (fixes #388).
- version 1.14.48
- Quick fix obs:// platform guessing for Leap (bsc#1187425)
- man: point out more clearly that patches update affected
packages to the latest version (bsc#1187466)
- version 1.14.47