Packages changed: flannel gawk glib2-branding-openSUSE grub2 (2.02 -> 2.04) hwdata (0.326 -> 0.328) installation-images-MicroOS (14.442 -> 14.443) kail (0.11.0 -> 0.12.0) kernel-source (5.3.7 -> 5.3.8) metallb (0.8.1 -> 0.8.2) mozilla-nspr (4.21 -> 4.22) mozilla-nss (3.45 -> 3.46.1) python-Jinja2 (2.10.1 -> 2.10.3) python-PyJWT python-attrs (19.1.0 -> 19.3.0) python-base (2.7.16 -> 2.7.17) python-cffi (1.12.3 -> 1.13.0) python-chardet python-cryptography (2.7 -> 2.8) python-ecdsa (0.13.2 -> 0.13.3) python-jsonschema python-pyparsing python-requests python-urllib3 systemd vim (8.1.2148 -> 8.1.2233) xen yast2 (4.2.29 -> 4.2.30) zlib === Details === ==== flannel ==== - Use Tumbleweed Kubic flannel containers instead of devel:kubic containers. This fixes aarch64 and ppc64* (boo#1152185) ==== gawk ==== - Fix typo in Summary - Stop overriding %_libexecdir with %_libdir - Fix the backward compatibility of the inplace extension: * Add gawk-inplace-namespace-part1.patch * Add gawk-inplace-namespace-part2.patch * Add gawk-inplace-namespace-part3.patch - Run autoreconf as part of the build process ==== glib2-branding-openSUSE ==== - Add super+f1 key binding for help to match GNOME default. ==== grub2 ==== Version update (2.02 -> 2.04) Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Disable btrfs zstd support for i386-pc to workaround core.img too large to be embedded in btrfs bootloader area or MBR gap (boo#1154809) * 0001-btrfs-disable-zstd-support-for-i386-pc.patch - Fix grub2.sleep to load old kernel after hibernation (boo#1154783) - Enable support for riscv64 - Backports from upstream: * risc-v-fix-computation-of-pc-relative-relocation-offset.patch * risc-v-add-clzdi2-symbol.patch * grub-install-define-default-platform-for-risc-v.patch - Version bump to 2.04 * removed - translations-20170427.tar.xz * grub2.spec - Make signed grub-tpm.efi specific to x86_64-efi build, the platform currently shipped with tpm module from upstream codebase - Add shim_lock to signed grub.efi in x86_64-efi build - x86_64: linuxefi now depends on linux, both will verify kernel via shim_lock - Remove translation tarball and po file hacks as it's been included in upstream tarball * rediff - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch - grub2-commands-introduce-read_file-subcommand.patch - grub2-secureboot-add-linuxefi.patch - 0001-add-support-for-UEFI-network-protocols.patch - grub2-efi-HP-workaround.patch - grub2-secureboot-install-signed-grub.patch - grub2-linux.patch - use-grub2-as-a-package-name.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-secureboot-use-linuxefi-on-uefi.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-provide-linuxefi-config.patch - grub2-secureboot-chainloader.patch - grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch - grub2-s390x-02-kexec-module-added-to-emu.patch - grub2-s390x-04-grub2-install.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-efi-chainloader-root.patch - grub2-ppc64le-disable-video.patch - grub2-ppc64-cas-reboot-support.patch - grub2-Fix-incorrect-netmask-on-ppc64.patch - 0003-bootp-New-net_bootp6-command.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0012-tpm-Build-tpm-as-module.patch - grub2-emu-4-all.patch - grub2-btrfs-09-get-default-subvolume.patch - grub2-ppc64le-memory-map.patch - grub2-ppc64-cas-fix-double-free.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch * drop upstream patches - grub2-fix-locale-en.mo.gz-not-found-error-message.patch - grub2-fix-build-with-flex-2.6.4.patch - grub2-accept-empty-module.patch - 0001-Fix-packed-not-aligned-error-on-GCC-8.patch - 0001-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled-MMIO-da.patch - unix-exec-avoid-atexit-handlers-when-child-exits.patch - 0001-xfs-Accept-filesystem-with-sparse-inodes.patch - grub2-binutils2.31.patch - grub2-msdos-fix-overflow.patch - 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch - grub2-efi-Move-grub_reboot-into-kernel.patch - grub2-efi-Free-malloc-regions-on-exit.patch - grub2-move-initrd-upper.patch - 0002-Add-Virtual-LAN-support.patch - 0001-ofnet-Initialize-structs-in-bootpath-parser.patch - 0001-misc-fix-invalid-character-recongition-in-strto-l.patch - 0001-tpm-Core-TPM-support.patch - 0002-tpm-Measure-kernel-initrd.patch - 0003-tpm-Add-BIOS-boot-measurement.patch - 0004-tpm-Rework-linux-command.patch - 0005-tpm-Rework-linux16-command.patch - 0006-tpm-Measure-kernel-and-initrd-on-BIOS-systems.patch - 0007-tpm-Measure-the-kernel-commandline.patch - 0008-tpm-Measure-commands.patch - 0009-tpm-Measure-multiboot-images-and-modules.patch - 0010-tpm-Fix-boot-when-there-s-no-TPM.patch - 0011-tpm-Fix-build-error.patch - 0013-tpm-i386-pc-diskboot-img.patch - grub2-freetype-pkgconfig.patch - 0001-cpio-Disable-gcc9-Waddress-of-packed-member.patch - 0002-jfs-Disable-gcc9-Waddress-of-packed-member.patch - 0003-hfs-Fix-gcc9-error-Waddress-of-packed-member.patch - 0004-hfsplus-Fix-gcc9-error-with-Waddress-of-packed-membe.patch - 0005-acpi-Fix-gcc9-error-Waddress-of-packed-member.patch - 0006-usbtest-Disable-gcc9-Waddress-of-packed-member.patch - 0007-chainloader-Fix-gcc9-error-Waddress-of-packed-member.patch - 0008-efi-Fix-gcc9-error-Waddress-of-packed-member.patch - Consistently find btrfs snapshots on s390x. (bsc#1136970) * grub2-s390x-04-grub2-install.patch ==== hwdata ==== Version update (0.326 -> 0.328) - Update to version 0.328: * Updated pci, usb and vendor ids. ==== installation-images-MicroOS ==== Version update (14.442 -> 14.443) - merge gh#openSUSE/installation-images#340 - fix initial sshd key generation - setup /etc/sysconfig/ssh in rescue system - 14.443 ==== kail ==== Version update (0.11.0 -> 0.12.0) - Update to version 0.12.0 - Handle the case when listing namespaces is forbidden (#42) - Update vendor.tar.gz ==== kernel-source ==== Version update (5.3.7 -> 5.3.8) - Refresh patches.suse/stacktrace-don-t-skip-first-entry-on-noncurrent-task.patch. v3 of the patch - commit ea4c828 - Linux 5.3.8 (bnc#1151927). - drm: Free the writeback_job when it with an empty fb (bnc#1151927). - drm: Clear the fence pointer when writeback job signaled (bnc#1151927). - clk: ti: dra7: Fix mcasp8 clock bits (bnc#1151927). - ARM: dts: Fix wrong clocks for dra7 mcasp (bnc#1151927). - nvme-pci: Fix a race in controller removal (bnc#1151927). - scsi: ufs: skip shutdown if hba is not powered (bnc#1151927). - scsi: megaraid: disable device when probe failed after enabled device (bnc#1151927). - scsi: qla2xxx: Silence fwdump template message (bnc#1151927). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bnc#1151927). - scsi: qla2xxx: Fix stale mem access on driver unload (bnc#1151927). - scsi: qla2xxx: Fix N2N link reset (bnc#1151927). - scsi: qla2xxx: Fix N2N link up fail (bnc#1151927). - ARM: dts: Fix gpio0 flags for am335x-icev2 (bnc#1151927). - ARM: OMAP2+: Fix missing reset done flag for am3 and am43 (bnc#1151927). - ARM: OMAP2+: Add missing LCDC midlemode for am335x (bnc#1151927). - ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage() (bnc#1151927). - nvme-tcp: fix wrong stop condition in io_work (bnc#1151927). - nvme-pci: Save PCI state before putting drive into deepest state (bnc#1151927). - nvme: fix an error code in nvme_init_subsystem() (bnc#1151927). - nvme-rdma: Fix max_hw_sectors calculation (bnc#1151927). - Added QUIRKs for ADATA XPG SX8200 Pro 512GB (bnc#1151927). - nvme: Add quirk for Kingston NVME SSD running FW E8FK11.T (bnc#1151927). - nvme: allow 64-bit results in passthru commands (bnc#1151927). - drm/komeda: prevent memory leak in komeda_wb_connector_add (bnc#1151927). - nvme-rdma: fix possible use-after-free in connect timeout (bnc#1151927). - blk-mq: honor IO scheduler for multiqueue devices (bnc#1151927). - ieee802154: ca8210: prevent memory leak (bnc#1151927). - ARM: dts: am4372: Set memory bandwidth limit for DISPC (bnc#1151927). - net: dsa: qca8k: Use up to 7 ports for all operations (bnc#1151927). - MIPS: dts: ar9331: fix interrupt-controller size (bnc#1151927). - xen/efi: Set nonblocking callbacks (bnc#1151927). - loop: change queue block size to match when using DIO (bnc#1151927). - nl80211: fix null pointer dereference (bnc#1151927). - mac80211: fix txq null pointer dereference (bnc#1151927). - netfilter: nft_connlimit: disable bh on garbage collection (bnc#1151927). - net: mscc: ocelot: add missing of_node_put after calling of_get_child_by_name (bnc#1151927). - net: dsa: rtl8366rb: add missing of_node_put after calling of_get_child_by_name (bnc#1151927). - net: stmmac: xgmac: Not all Unicast addresses may be available (bnc#1151927). - net: stmmac: dwmac4: Always update the MAC Hash Filter (bnc#1151927). - net: stmmac: Correctly take timestamp for PTPv2 (bnc#1151927). - net: stmmac: Do not stop PHY if WoL is enabled (bnc#1151927). - net: ag71xx: fix mdio subnode support (bnc#1151927). - RISC-V: Clear load reservations while restoring hart contexts (bnc#1151927). - riscv: Fix memblock reservation for device tree blob (bnc#1151927). - drm/amdgpu: fix multiple memory leaks in acp_hw_init (bnc#1151927). - drm/amd/display: memory leak (bnc#1151927). - mips: Loongson: Fix the link time qualifier of 'serial_exit()' (bnc#1151927). - net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() (bnc#1151927). - net: stmmac: Avoid deadlock on suspend/resume (bnc#1151927). - selftests: kvm: Fix libkvm build error (bnc#1151927). - lib: textsearch: fix escapes in example code (bnc#1151927). - s390/mm: fix -Wunused-but-set-variable warnings (bnc#1151927). - r8152: Set macpassthru in reset_resume callback (bnc#1151927). - net: phy: allow for reset line to be tied to a sleepy GPIO controller (bnc#1151927). - net: phy: fix write to mii-ctrl1000 register (bnc#1151927). - namespace: fix namespace.pl script to support relative paths (bnc#1151927). - Convert filldir[64]() from __put_user() to unsafe_put_user() (bnc#1151927). - elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings (bnc#1151927). - Make filldir[64]() verify the directory entry filename is valid (bnc#1151927). - uaccess: implement a proper unsafe_copy_to_user() and switch filldir over to it (bnc#1151927). - filldir[64]: remove WARN_ON_ONCE() for bad directory entries (bnc#1151927). - net_sched: fix backward compatibility for TCA_KIND (bnc#1151927). - net_sched: fix backward compatibility for TCA_ACT_KIND (bnc#1151927). - libata/ahci: Fix PCS quirk application (bnc#1151927). - md/raid0: fix warning message for parameter default_layout (bnc#1151927). - Revert "drm/radeon: Fix EEH during kexec" (bnc#1151927). - ocfs2: fix panic due to ocfs2_wq is null (bnc#1151927). - nvme-pci: Set the prp2 correctly when using more than 4k page (bnc#1151927). - ipv4: fix race condition between route lookup and invalidation (bnc#1151927). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (bnc#1151927). - net: avoid potential infinite loop in tc_ctl_action() (bnc#1151927). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (bnc#1151927). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (bnc#1151927). - net: i82596: fix dma_alloc_attr for sni_82596 (bnc#1151927). - net/ibmvnic: Fix EOI when running in XIVE mode (bnc#1151927). - net: ipv6: fix listify ip6_rcv_finish in case of forwarding (bnc#1151927). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (bnc#1151927). - rxrpc: Fix possible NULL pointer access in ICMP handling (bnc#1151927). - sched: etf: Fix ordering of packets with same txtime (bnc#1151927). - sctp: change sctp_prot .no_autobind with true (bnc#1151927). - net: aquantia: temperature retrieval fix (bnc#1151927). - net: aquantia: when cleaning hw cache it should be toggled (bnc#1151927). - net: aquantia: do not pass lro session with invalid tcp checksum (bnc#1151927). - net: aquantia: correctly handle macvlan and multicast coexistence (bnc#1151927). - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (bnc#1151927). - net: phy: micrel: Update KSZ87xx PHY name (bnc#1151927). - net: avoid errors when trying to pop MLPS header on non-MPLS packets (bnc#1151927). - net/sched: fix corrupted L2 header with MPLS 'push' and 'pop' actions (bnc#1151927). - netdevsim: Fix error handling in nsim_fib_init and nsim_fib_exit (bnc#1151927). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bnc#1151927). - net: phy: Fix "link partner" information disappear issue (bnc#1151927). - LSM: SafeSetID: Stop releasing uninitialized ruleset (bnc#1151927). - rxrpc: use rcu protection while reading sk->sk_user_data (bnc#1151927). - io_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD (bnc#1151927). - io_uring: Fix corrupted user_data (bnc#1151927). - USB: legousbtower: fix memleak on disconnect (bnc#1151927). - ALSA: hda/realtek - Add support for ALC711 (bnc#1151927). - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA (bnc#1151927). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bnc#1151927). - ALSA: hda - Force runtime PM on Nvidia HDMI codecs (bnc#1151927). - usb: udc: lpc32xx: fix bad bit shift operation (bnc#1151927). - USB: serial: ti_usb_3410_5052: fix port-close races (bnc#1151927). - USB: ldusb: fix memleak on disconnect (bnc#1151927). - USB: usblp: fix use-after-free on disconnect (bnc#1151927). - USB: ldusb: fix read info leaks (bnc#1151927). - binder: Don't modify VMA bounds in ->mmap handler (bnc#1151927). - MIPS: tlbex: Fix build_restore_pagemask KScratch restore (bnc#1151927). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bnc#1151927). - scsi: zfcp: fix reaction on bit error threshold notification (bnc#1151927). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (bnc#1151927). - scsi: core: save/restore command resid for error handling (bnc#1151927). - scsi: core: try to get module before removing device (bnc#1151927). - scsi: ch: Make it possible to open a ch device multiple times again (bnc#1151927). - Revert "Input: elantech - enable SMBus on new (2018+) systems" (bnc#1151927). - Input: da9063 - fix capability and drop KEY_SLEEP (bnc#1151927). - Input: synaptics-rmi4 - avoid processing unknown IRQs (bnc#1151927). - Input: st1232 - fix reporting multitouch coordinates (bnc#1151927). - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bnc#1151927). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bnc#1151927). - ACPI: NFIT: Fix unlock on error in scrub_show() (bnc#1151927). - iwlwifi: pcie: change qu with jf devices to use qu configuration (bnc#1151927). - mac80211: Reject malformed SSID elements (bnc#1151927). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bnc#1151927). - drm/ttm: Restore ttm prefaulting (bnc#1151927). - drm/panfrost: Handle resetting on timeout better (bnc#1151927). - drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1 (bnc#1151927). - drm/amdgpu/sdma5: fix mask value of POLL_REGMEM packet for pipe sync (bnc#1151927). - drm/i915/userptr: Never allow userptr into the mappable GGTT (bnc#1151927). - drm/i915: Favor last VBT child device with conflicting AUX ch/DDC pin (bnc#1151927 bnc#1152971 fdo#112028). - drm/amdgpu/vce: fix allocation size in enc ring test (bnc#1151927). - drm/amdgpu/vcn: fix allocation size in enc ring test (bnc#1151927). - drm/amdgpu/uvd6: fix allocation size in enc ring test (v2) (bnc#1151927). - drm/amdgpu/uvd7: fix allocation size in enc ring test (v2) (bnc#1151927). - drm/amdgpu: user pages array memory leak fix (bnc#1151927). - drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store() (bnc#1151927). - fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c (bnc#1151927). - io_uring: Fix broken links with offloading (bnc#1151927). - io_uring: Fix race for sqes with userspace (bnc#1151927). - io_uring: used cached copies of sq->dropped and cq->overflow (bnc#1151927). - mmc: mxs: fix flags passed to dmaengine_prep_slave_sg (bnc#1151927). - mmc: cqhci: Commit descriptors before setting the doorbell (bnc#1151927). - mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C (bnc#1151927). - mm/memory-failure.c: don't access uninitialized memmaps in memory_failure() (bnc#1151927). - mm/slub: fix a deadlock in show_slab_objects() (bnc#1151927). - mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo (bnc#1151927). - mm/memunmap: don't access uninitialized memmap in memunmap_pages() (bnc#1151927). - mm: memcg/slab: fix panic in __free_slab() caused by premature memcg pointer release (bnc#1151927). - mm, compaction: fix wrong pfn handling in __reset_isolation_pfn() (bnc#1151927). - mm: memcg: get number of pages on the LRU list in memcgroup base on lru_zone_size (bnc#1151927). - mm: memblock: do not enforce current limit for memblock_phys* family (bnc#1151927). - hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic() (bnc#1151927). - mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped more than once (bnc#1151927). - zram: fix race between backing_dev_show and backing_dev_store (bnc#1151927). - xtensa: drop EXPORT_SYMBOL for outs*/ins* (bnc#1151927). - xtensa: fix change_bit in exclusive access option (bnc#1151927). - s390/zcrypt: fix memleak at release (bnc#1151927). - s390/kaslr: add support for R_390_GLOB_DAT relocation type (bnc#1151927). - lib/vdso: Make clock_getres() POSIX compliant again (bnc#1151927). - parisc: Fix vmap memory leak in ioremap()/iounmap() (bnc#1151927). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bnc#1151927). - arm64: KVM: Trap VM ops when ARM64_WORKAROUND_CAVIUM_TX2_219_TVM is set (bnc#1151927). - arm64: Avoid Cavium TX2 erratum 219 when switching TTBR (bnc#1151927). - arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT (bnc#1151927). - arm64: Allow CAVIUM_TX2_ERRATUM_219 to be selected (bnc#1151927). - CIFS: avoid using MID 0xFFFF (bnc#1151927). - cifs: Fix missed free operations (bnc#1151927). - CIFS: Fix use after free of file info structures (bnc#1151927). - perf/aux: Fix AUX output stopping (bnc#1151927). - tracing: Fix race in perf_trace_buf initialization (bnc#1151927). - fs/dax: Fix pmd vs pte conflict detection (bnc#1151927). - dm cache: fix bugs when a GFP_NOWAIT allocation fails (bnc#1151927). - irqchip/sifive-plic: Switch to fasteoi flow (bnc#1151927). - x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu (bnc#1151927). - x86/hyperv: Make vapic support x2apic mode (bnc#1151927). - pinctrl: cherryview: restore Strago DMI workaround for all versions (bnc#1151927). - pinctrl: armada-37xx: fix control of pins 32 and up (bnc#1151927). - pinctrl: armada-37xx: swap polarity on LED group (bnc#1151927). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bnc#1151927). - Btrfs: add missing extents release on file extent cluster relocation error (bnc#1151927). - btrfs: don't needlessly create extent-refs kernel thread (bnc#1151927). - Btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bnc#1151927). - Btrfs: check for the full sync flag while holding the inode lock during fsync (bnc#1151927). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bnc#1151927). - btrfs: tracepoints: Fix bad entry members of qgroup events (bnc#1151927). - KVM: PPC: Book3S HV: XIVE: Ensure VP isn't already in use (bnc#1151927). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bnc#1151927). - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (bnc#1151927). - ceph: just skip unrecognized info in ceph_reply_info_extra (bnc#1151927). - xen/netback: fix error path of xenvif_connect_data() (bnc#1151927). - PCI: PM: Fix pci_power_up() (bnc#1151927). - opp: of: drop incorrect lockdep_assert_held() (bnc#1151927). - of: reserved_mem: add missing of_node_put() for proper ref-counting (bnc#1151927). - blk-rq-qos: fix first node deletion of rq_qos_del() (bnc#1151927). - RDMA/cxgb4: Do not dma memory off of the stack (bnc#1151927). - Delete patches.suse/Revert-drm-i915-bios-make-child-device-order-the-pri.patch. - Update config files. CAVIUM_TX2_ERRATUM_219=y (default) - commit f0ffcb7 - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - commit 3501dc2 - drm/amdgpu: Add DC feature mask to disable fractional pwm (bsc#1154010). - commit 6ffba6e - stacktrace: don't skip first entry on noncurrent tasks (bnc#1154866). - commit 387f2bb - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578). - commit 7f1e881 - ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary (bsc#1122614). - commit 9f59038 - rtlwifi: Fix potential overflow on P2P code (bsc#1154372 CVE-2019-17666). - cfg80211: wext: avoid copying malformed SSIDs (bsc#1153158 CVE-2019-17133). - commit e229e3d - libertas: fix a potential NULL pointer dereference (CVE-2019-16232,bsc#1150465). - iwlwifi: pcie: fix rb_allocator workqueue allocation (CVE-2019-16234,bsc#1150452). - commit 23c6b73 - kernel-binary.spec.in: Obsolete kgraft packages only when not building them. - commit 25f7690 - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - commit 4bf73c8 ==== metallb ==== Version update (0.8.1 -> 0.8.2) - Update to version 0.8.2 - Fix layer2 node selection when healthy and unhealthy replicas are colocated on a single node. (#474) - Drop support for helm chart installation - Refresh vendor.tar.gz ==== mozilla-nspr ==== Version update (4.21 -> 4.22) - update to version 4.22 * added support for the ARC architecture * removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS * correctness and build fixes ==== mozilla-nss ==== Version update (3.45 -> 3.46.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.46.1 * required by Firefox 70.0 Notable changes in 3.46 * The following CA certificates were Removed: expired Class 2 Primary root certificate expired UTN-USERFirst-Client root certificate expired Deutsche Telekom Root CA 2 root certificate Swisscom Root CA 2 root certificate * Significant improvements to AES-GCM performance on ARM Many bugfixes Bug fixes in 3.46.1 * Soft token MAC verification not constant time (bmo#1582343) * Remove arbitrary HKDF output limit by allocating space as needed (bmo#1577953) - requires NSPR 4.22 ==== python-Jinja2 ==== Version update (2.10.1 -> 2.10.3) - Update to 2.10.3: * Fix Python 3.7 deprecation warnings. * Using range in the sandboxed environment uses xrange on Python 2 to avoid memory use. :issue:`933` * Use Python 3.7's better traceback support to avoid a core dump when using debug builds of Python 3.7. :issue:`1050` * Fix a typo in Babel entry point in setup.py that was preventing installation. - Remove merged python38.patch ==== python-PyJWT ==== - Fix build with ecdsa >= 0.13.3, #447 * 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch ==== python-attrs ==== Version update (19.1.0 -> 19.3.0) - update to 19.3.0 * Fixed auto_attribs usage when default values cannot be compared directly with ==, such as numpy arrays. - update to version 19.2.0: * Backward-incompatible Changes + Removed deprecated "Attribute" attribute "convert" per scheduled removal on 2019/1. This planned deprecation is tracked in issue `#307 `_. `#504 `_ + "__lt__", "__le__", "__gt__", and "__ge__" do not consider subclasses comparable anymore. This has been deprecated since 18.2.0 and was raising a "DeprecationWarning" for over a year. `#570 `_ * Deprecations + The "cmp" argument to "attr.s()" and "attr.ib()" is now deprecated. Please use "eq" to add equality methods ("__eq__" and "__ne__") and "order" to add ordering methods ("__lt__", "__le__", "__gt__", and "__ge__") instead ? just like with `dataclasses `_. Both are effectively "True" by default but it's enough to set "eq=False" to disable both at once. Passing "eq=False, order=True" explicitly will raise a "ValueError" though. Since this is arguably a deeper backward-compatibility break, it will have an extended deprecation period until 2021-06-01. After that day, the "cmp" argument will be removed. "attr.Attribute" also isn't orderable anymore. `#574 `_ * Changes + Updated "attr.validators.__all__" to include new validators added in `#425`_. `#517 `_ + Slotted classes now use a pure Python mechanism to rewrite the "__class__" cell when rebuilding the class, so "super()" works even on environments where "ctypes" is not installed. `#522 `_ + When collecting attributes using "@attr.s(auto_attribs=True)", attributes with a default of "None" are now deleted too. `#523 `_, `#556 `_ + Fixed "attr.validators.deep_iterable()" and "attr.validators.deep_mapping()" type stubs. `#533 `_ + "attr.validators.is_callable()" validator now raises an exception "attr.exceptions.NotCallableError", a subclass of "TypeError", informing the received value. `#536 `_ + "@attr.s(auto_exc=True)" now generates classes that are hashable by ID, as the documentation always claimed it would. `#543 `_, `#563 `_ + Added "attr.validators.matches_re()" that checks string attributes whether they match a regular expression. `#552 `_ + Keyword-only attributes ("kw_only=True") and attributes that are excluded from the "attrs"'s "__init__" ("init=False") now can appear before mandatory attributes. `#559 `_ + The fake filename for generated methods is now more stable. It won't change when you restart the process. `#560 `_ + The value passed to "@attr.ib(repr=?)" can now be either a boolean (as before) or a callable. That callable must return a string and is then used for formatting the attribute by the generated "__repr__()" method. `#568 `_ + Added "attr.__version_info__" that can be used to reliably check the version of "attrs" and write forward- and backward-compatible code. Please check out the `section on deprecated APIs `_ on how to use it. `#580 `_ ==== python-base ==== Version update (2.7.16 -> 2.7.17) Subpackages: libpython2_7-1_0 - Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch ==== python-cffi ==== Version update (1.12.3 -> 1.13.0) - Update to 1.13.0: * No changelog provided upstream ==== python-chardet ==== - Replace %fdupes -s with plain %fdupes; hardlinks are better. ==== python-cryptography ==== Version update (2.7 -> 2.8) - update to 2.8 * Added support for Python 3.8. * Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations. * Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9. * We now ship manylinux2010 wheels in addition to our manylinux1 wheels. * Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder. * cryptography no longer depends on asn1crypto. * FreshestCRL is now allowed as a CertificateRevocationList extension. ==== python-ecdsa ==== Version update (0.13.2 -> 0.13.3) - updated to 0.13.3 (bsc#1153165) + CVE-2019-14853 DOS atack during signature decoding + CVE-2019-14859 signature malleability caused by insufficient checks of DER encoding ==== python-jsonschema ==== - Replace %fdupes -s with plain %fdupes; hardlinks are better. ==== python-pyparsing ==== - Do not pull in setuptools dependency at all to avoid cycles ==== python-requests ==== - Add two patches only updating test logic to remove pytest 3 pin - merged_pr_5049.patch - pr_5251-pytest5.patch ==== python-urllib3 ==== - Require a new enough release of python-six. 1.25.6 needs at least 1.12.0 for ensure_text() and friends. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Drop 0001-compat-rules-escape-when-used-for-shell-expansion.patch It's part of the previous import. - Import commit b7467b7b553d6d0d6f92758d966b69f1a88b6b42 441f44f371 fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495) 8a1bb5c66b swap: do not make swap units wanted by its device unit anymore - Import commit 5df9000899ef7d45ddbcacd0fdf73afa07a40f6b f0ed7237e4 udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) b37054aa5a compat-rules: escape '$' when used for shell expansion Changes from the v243-stable: ef677436aa test: Pass personality test even when i686 userland runs on x86_64 kernel 3f6398c450 docs: fix inadvertent change in uid range 25bb377a73 cgroup: fix typo in BPF firewall support warning message 6d97aca0d5 fix build with compilers with default stack-protector enabled fbad077cec nspawn: surrender controlling terminal to PID2 when using the PID1 stub 0553c3c668 pid1: fix DefaultTasksMax initialization f406a691a7 src/core/automount: use DirectoryMode when calling mkdir -p 20438f96c3 udevadm trigger: do not propagate EACCES and ENODEV 6480630bc3 hwdb: Correct WWWW Pattern In Documentation Comment 9d8e889810 nspawn: consistenly fail if parsing the environment fails 40e169b304 nspawn: default to unified hierarchy if --as-pid2 is used b5df1037a0 cgroup: Mark memory protections as explicitly set in transient units f14e3e02cc cgroup: Respect DefaultMemoryMin when setting memory.min ea248e53bf cgroup: Check ancestor memory min for unified memory config de1d25a506 cgroup: docs: memory.high doc fixups 2ab45f38d8 cgroup: docs: Mention unbounded protection for memory.{low,min} 19a43dc38a Consider smb3 as remote filesystem 5c0224c7bf Handle d_type == DT_UNKNOWN correctly 8282bc61df util-lib: Don't propagate EACCES from find_binary PATH lookup to caller 9d0ae987a6 network: drop noisy log message f67f0e4ec4 Updated log message when the timesync happens for the first time (#13624) e151bf4674 units: make systemd-binfmt.service easier to work with no autofs 2b8e574d82 Corect man page reference in systemd-nologin.conf comments a0577353f1 man: Add a missing space in machinectl(1) 693e983988 log: Add missing "%" in "%m" log format strings ea7151b8c4 pid1: do not warn if /run/systemd/relabel-extra.d/ doesn't exist b90549290e man: fix typo - Remove intltool BuildRequires, not needed since v237 - Use python3-base BuildRequires instead of full python3 ==== vim ==== Version update (8.1.2148 -> 8.1.2233) Subpackages: vim-data-common - Updated to version 8.1.2233, fixes the following problems - dropped python38-config.patch (upstream merged) - refreshed disable-unreliable-tests.patch and vim-8.0.1568-defaults.patch * No test for right click extending Visual area. * Crash when running out of memory very early. * No test for 'ttymouse' set from xterm version response. * State test is a bit flaky. * Combining text property and syntax highlight is wrong. (Nick Jensen) * Quickfix window height wrong when there is a tabline. (Daniel Hahler) * In a terminal window 'cursorlineopt' does not work properly. * First character after Tab is not highlighted. * Libvterm source files missing from distribution. * Terminal attributes missing in Terminal-normal mode. * Some mappings are listed twice. * Cannot build with +syntax but without +terminal. * Mapping test fails. * Popup resize test is flaky. (Christian Brabandt) * Cannot build with +spell but without +syntax. * Stuck when using "j" in a popupwin with popup_filter_menu if a line wraps. * Rubyeval() not tested as a method. * Mapping test fails on MS-Windows. * Heredoc assignment not skipped in if block. * Terminal flags are never reset. * Cannot build without the +termresponse feature. * Mouse support not always available. * Spell highlight is wrong at start of the line. * Searchit() has too many arguments. * Screen not recognized as supporting "sgr" mouse codes. * Meson files are not recognized. * Syntax attributes not combined with Visual highlighting. (Arseny Nasokin) * Dart files are not recognized. * Accessing uninitialized memory in test. * Pressing "q" at the more prompt doesn't stop Python output. (Daniel Hahler) * Error E303 is not useful when 'directory' is empty. * Highlighting wrong when item follows tab. * Test42 seen as binary by git diff. * Running a test is a bit verbose. * Option context is not copied when splitting a window. (Daniel Hahler) * Syntax test fails. * Cannot build without the +eval feature. * Error for bad regexp even though regexp is not used when writing a file. (Arseny Nasokin) * Build error for missing define. * Syntax highlighting wrong for tab. * Syntax test fails on Mac. * When using modifyOtherKeys CTRL-X mode may not work. * Cannot easily fill the info popup asynchronously. * Popup_setoptions(popup_getoptions()) does not work. * ModifyOtherKeys is not enabled by default. * Vim does not exit when closing a terminal window and it is the last window. * ExitPre autocommand may cause accessing freed memory. * Crash when using :center in autocommand. * Build failure when using normal features without GUI and EXITFREE defined. * Crash when memory allocation fails. * Cannot build with dynamically linked Python 3.8. * Running libvterm tests without the +terminal feature. * Crash on exit when closing terminals. (Corey Hickey) * Sign entry structure has confusing name. * No test for fixed issue #3893. * "gn" doesn't work quite right. (Jaehwang Jerry Jung) * Unix: Tabs in output might be expanded to spaces. * LF in escape codes may be expanded to CR-LF. * Using negative offset for popup_create() does not work. * Listener callback "added" argument is not the total. (Andy Massimino) * Cannot see the selection type in :reg output. (Ayberk Ayd?n) * Popup_textprop tests fail. * Too much is redrawn when 'cursorline' is set. * Unreachable code in adjusting text prop columns. * Text property in wrong place after :substitute. * Compiler warning for unused variable. * "gN" is off by one in Visual mode. * No autocommand for open window with terminal. * :cfile does not abort like other quickfix commands. * Cannot filter :disp output. * Accessing invalid memory. (Dominique Pelle) * Cannot see what buffer an ml_get error is for. * Cannot build Amiga version. * The "last used" info of a buffer is under used. * Cannot use system copy/paste in non-xterm terminals. * Layout wrong if 'lines' changes while cmdline window is open. * screenpos() returns wrong values when 'number' is set. (Ben Jackson) * Cannot color number column above/below cursor differently. * Not easy to move to the middle of a text line. * Cannot get the Vim command line arguments. ==== xen ==== - Add python38-build.patch fixing build with Python 3.8 (add - -embed to python-config call) ==== yast2 ==== Version update (4.2.29 -> 4.2.30) - fix showing release notes for online upgrade (bsc#1155134) - 4.2.30 ==== zlib ==== - Update the zlib-no-version-check.patch to be even more forgiving with the versions on the zlib to allow updates without rebuilds