Packages changed: apparmor (2.13.3 -> 2.13.4) boost-base curl (7.69.0 -> 7.69.1) dracut (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02) gpg2 installation-images-MicroOS (14.461 -> 14.462) kernel-64kb (5.5.8 -> 5.5.9) kernel-source (5.5.8 -> 5.5.9) kexec-tools kubernetes (1.17.2 -> 1.17.4) libapparmor (2.13.3 -> 2.13.4) libsemanage (2.9 -> 3.0) lvm2 lvm2-device-mapper nfs-utils patterns-microos podman (1.8.0 -> 1.8.1) supportutils (3.1.8 -> 3.1.9) transactional-update === Details === ==== apparmor ==== Version update (2.13.3 -> 2.13.4) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-authentification.diff ==== boost-base ==== Subpackages: boost-license1_71_0 libboost_thread1_71_0 - Fix packaging errors in cases where python2 is disabled and unavailable. ==== curl ==== Version update (7.69.0 -> 7.69.1) Subpackages: libcurl4 - Update to 7.69.1 * Bugfixes: - ares: store dns parameters for duphandle - cirrus-ci: disable the FreeBSD 13 builds - curl_share_setopt.3: Note sharing cookies doesn't enable the engine - lib1564: reduce number of mid-wait wakeup calls - libssh: Fix matching user-specified MD5 hex key - MANUAL: update a dict-using command line - mime: do not perform more than one read in a row - mime: fix the binary encoder to handle large data properly - mime: latch last read callback status - multi: skip EINTR check on wakeup socket if it was closed - pause: bail out on bad input - pause: force a connection recheck after unpausing (take 2) - pause: return early for calls that don't change pause state - runtests.1: rephrase how to specify what tests to run - runtests: fix missing use of exe_ext helper function - seek: fix fall back for missing ftruncate on Windows - sftp: fix segfault regression introduced by #4747 in 7.69.0 - sha256: Added SecureTransport implementation - sha256: Added WinCrypt implementation - socks4: fix host resolve regression - socks5: host name resolv regression fix - tests/server: fix missing use of exe_ext helper function - tests: fix static ip:port instead of dynamic values being used - tests: make sleeping portable by avoiding select - unit1612: fix the inclusion and compilation of the HMAC unit test - urldata: remove the 'stream_was_rewound' connectdata struct member - version: make curl_version* thread-safe without using global context ==== dracut ==== Version update (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02) Subpackages: dracut-ima - Update to version 049.1+git135.46dceb02: * 40network: Do not require hostname binary * suse.spec: add new modules 90nvdimm and 99suse-initrd * 95fcoe: default rd.nofcoe to false (bsc#1163343) * Add module "99suse-initrd" for parsing "SUSE INITRD" lines (bsc#1161343) Dependent commits: * Add module "90nvdimm" for NVDIMM support * 90kernel-modules: remove nfit from static module list - Update to version 049.1+git129.0f19bbfd: * 35network-legacy: dhclient is optional (bsc#1166188) * suse.spec: Create -extra package (bsc#1166188) * suse.spec: Remove obsolete permission fixups * 00warpclock: Fix permissions in warpclock.sh ==== gpg2 ==== - Split dirmngr into a subpackage to avoid a hard dependency of gpg2 on libgnutls ==== installation-images-MicroOS ==== Version update (14.461 -> 14.462) - merge gh#openSUSE/installation-images#364 - use u-boot-rpiarm64 if available (bsc#1164080) - 14.462 ==== kernel-64kb ==== Version update (5.5.8 -> 5.5.9) - Linux 5.5.9 (bnc#1012628). - ASoC: intel/skl/hda - export number of digital microphones via control components (bnc#1012628). - block, bfq: get a ref to a group when adding it to a service tree (bnc#1012628). - block, bfq: get extra ref to prevent a queue from being freed during a group move (bnc#1012628). - block, bfq: do not insert oom queue into position tree (bnc#1012628). - dm thin metadata: fix lockdep complaint (bnc#1012628). - net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec (bnc#1012628). - RDMA/core: Fix pkey and port assignment in get_new_pps (bnc#1012628). - RDMA/core: Fix use of logical OR in get_new_pps (bnc#1012628). - blktrace: fix dereference after null check (bnc#1012628). - netfilter: hashlimit: do not use indirect calls during gc (bnc#1012628). - ALSA: hda: do not override bus codec_mask in link_get() (bnc#1012628). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (bnc#1012628). - Kernel selftests: tpm2: check for tpm support (bnc#1012628). - selftests: fix too long argument (bnc#1012628). - usb: gadget: composite: Support more than 500mA MaxPower (bnc#1012628). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (bnc#1012628). - usb: gadget: serial: fix Tx stall after buffer overflow (bnc#1012628). - habanalabs: halt the engines before hard-reset (bnc#1012628). - habanalabs: do not halt CoreSight during hard reset (bnc#1012628). - habanalabs: patched cb equals user cb in device memset (bnc#1012628). - drm/msm/mdp5: rate limit pp done timeout warnings (bnc#1012628). - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI (bnc#1012628). - drm/modes: Make sure to parse valid rotation value from cmdline (bnc#1012628). - drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode parameters (bnc#1012628). - scsi: megaraid_sas: silence a warning (bnc#1012628). - drm/msm/dsi: save pll state before dsi host is powered off (bnc#1012628). - drm/msm/dsi/pll: call vco set rate explicitly (bnc#1012628). - selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: fix tos value (bnc#1012628). - net: atlantic: check rpc result and wait for rpc address (bnc#1012628). - net: atlantic: ptp gpio adjustments (bnc#1012628). - net: ks8851-ml: Remove 8-bit bus accessors (bnc#1012628). - net: ks8851-ml: Fix 16-bit data access (bnc#1012628). - net: ks8851-ml: Fix 16-bit IO operation (bnc#1012628). - net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt() (bnc#1012628). - watchdog: da9062: do not ping the hw during stop() (bnc#1012628). - s390/cio: cio_ignore_proc_seq_next should increase position index (bnc#1012628). - s390: make 'install' not depend on vmlinux (bnc#1012628). - efi: Only print errors about failing to get certs if EFI vars are found (bnc#1012628). - net/mlx5: DR, Fix matching on vport gvmi (bnc#1012628). - iommu/amd: Disable IOMMU on Stoney Ridge systems (bnc#1012628). - nvme/pci: Add sleep quirk for Samsung and Toshiba drives (bnc#1012628). - nvme-pci: Use single IRQ vector for old Apple models (bnc#1012628). - x86/boot/compressed: Don't declare __force_order in kaslr_64.c (bnc#1012628). - s390/qdio: fill SL with absolute addresses (bnc#1012628). - nvme: Fix uninitialized-variable warning (bnc#1012628). - ice: Don't tell the OS that link is going down (bnc#1012628). - x86/xen: Distribute switch variables for initialization (bnc#1012628). - net: thunderx: workaround BGX TX Underflow issue (bnc#1012628). - csky/mm: Fixup export invalid_pte_table symbol (bnc#1012628). - csky: Set regs->usp to kernel sp, when the exception is from kernel (bnc#1012628). - csky/smp: Fixup boot failed when CONFIG_SMP (bnc#1012628). - csky: Fixup ftrace modify panic (bnc#1012628). - csky: Fixup compile warning for three unimplemented syscalls (bnc#1012628). - arch/csky: fix some Kconfig typos (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: use more proper tos value (bnc#1012628). - firmware: imx: scu: Ensure sequential TX (bnc#1012628). - binder: prevent UAF for binderfs devices (bnc#1012628). - binder: prevent UAF for binderfs devices II (bnc#1012628). - ALSA: hda/realtek - Add Headset Mic supported (bnc#1012628). - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bnc#1012628). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bnc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bnc#1012628). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bnc#1012628). - driver core: Call sync_state() even if supplier has no consumers (bnc#1012628). - cifs: don't leak -EAGAIN for stat() during reconnect (bnc#1012628). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bnc#1012628). - usb: storage: Add quirk for Samsung Fit flash (bnc#1012628). - usb: usb251xb: fix regulator probe and error handling (bnc#1012628). - usb: quirks: add NO_LPM quirk for Logitech Screen Share (bnc#1012628). - usb: dwc3: gadget: Update chain bit correctly when using sg list (bnc#1012628). - usb: cdns3: gadget: link trb should point to next request (bnc#1012628). - usb: cdns3: gadget: toggle cycle bit before reset endpoint (bnc#1012628). - usb: core: hub: fix unhandled return by employing a void function (bnc#1012628). - usb: core: hub: do error out if usb_autopm_get_interface() fails (bnc#1012628). - usb: core: port: do error out if usb_autopm_get_interface() fails (bnc#1012628). - vgacon: Fix a UAF in vgacon_invert_region (bnc#1012628). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bnc#1012628). - mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() (bnc#1012628). - mm: avoid data corruption on CoW fault into PFN-mapped VMA (bnc#1012628). - mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled (bnc#1012628). - fat: fix uninit-memory access for partial initialized inode (bnc#1012628). - btrfs: fix RAID direct I/O reads with alternate csums (bnc#1012628). - arm64: dts: socfpga: agilex: Fix gmac compatible (bnc#1012628). - arm: dts: dra76x: Fix mmc3 max-frequency (bnc#1012628). - phy: allwinner: Fix GENMASK misuse (bnc#1012628). - tty:serial:mvebu-uart:fix a wrong return (bnc#1012628). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bnc#1012628). - serial: 8250_exar: add support for ACCES cards (bnc#1012628). - serdev: Fix detection of UART devices on Apple machines (bnc#1012628). - media: hantro: Fix broken media controller links (bnc#1012628). - media: mc-entity.c: use & to check pad flags, not == (bnc#1012628). - media: vicodec: process all 4 components for RGB32 formats (bnc#1012628). - media: v4l2-mem2mem.c: fix broken links (bnc#1012628). - perf intel-pt: Fix endless record after being terminated (bnc#1012628). - perf intel-bts: Fix endless record after being terminated (bnc#1012628). - perf cs-etm: Fix endless record after being terminated (bnc#1012628). - perf arm-spe: Fix endless record after being terminated (bnc#1012628). - spi: spidev: Fix CS polarity if GPIO descriptors are used (bnc#1012628). - x86/ioperm: Add new paravirt function update_io_bitmap() (bnc#1012628). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bnc#1012628). - s390/pci: Fix unexpected write combine on resource (bnc#1012628). - s390/mm: fix panic in gup_fast on large pud (bnc#1012628). - selftests: pidfd: Add pidfd_fdinfo_test in .gitignore (bnc#1012628). - powerpc/mm: Fix missing KUAP disable in flush_coherent_icache() (bnc#1012628). - drm/amdgpu: disable 3D pipe 1 on Navi1x (bnc#1012628). - drm/amd/powerplay: fix pre-check condition for setting clock range (bnc#1012628). - dmaengine: imx-sdma: fix context cache (bnc#1012628). - dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 (bnc#1012628). - dmaengine: tegra-apb: Fix use-after-free (bnc#1012628). - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list (bnc#1012628). - dm integrity: fix recalculation when moving from journal mode to bitmap mode (bnc#1012628). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (bnc#1012628). - dm integrity: fix invalid table returned due to argument count mismatch (bnc#1012628). - dm cache: fix a crash due to incorrect work item cancelling (bnc#1012628). - dm: report suspended device during destroy (bnc#1012628). - dm writecache: verify watermark during resume (bnc#1012628). - dm zoned: Fix reference counter initial value of chunk works (bnc#1012628). - dm: fix congested_fn for request-based device (bnc#1012628). - arm64: dts: meson-sm1-sei610: add missing interrupt-names (bnc#1012628). - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (bnc#1012628). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bnc#1012628). - drm/virtio: fix resource id creation race (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_manifest_load() (bnc#1012628). - ASoC: SOF: Fix snd_sof_ipc_stream_posn() (bnc#1012628). - ASoC: intel: skl: Fix pin debug prints (bnc#1012628). - ASoC: intel: skl: Fix possible buffer overflow in debug outputs (bnc#1012628). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bnc#1012628). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bnc#1012628). - ASoC: Intel: Skylake: Fix available clock counter incrementation (bnc#1012628). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bnc#1012628). - ASoC: soc-component: tidyup snd_soc_pcm_component_sync_stop() (bnc#1012628). - spi: atmel-quadspi: fix possible MMIO window size overrun (bnc#1012628). - drm/panfrost: Don't try to map on error faults (bnc#1012628). - drm/mediatek: Handle component type MTK_DISP_OVL_2L correctly (bnc#1012628). - drm/ttm: fix leaking fences via ttm_buffer_object_transfer (bnc#1012628). - drm: kirin: Revert "Fix for hikey620 display offset problem" (bnc#1012628). - drm/sun4i: Add separate DE3 VI layer formats (bnc#1012628). - drm/sun4i: Fix DE2 VI layer format support (bnc#1012628). - drm/sun4i: de2/de3: Remove unsupported VI layer formats (bnc#1012628). - drm/i915: Program MBUS with rmw during initialization (bnc#1012628). - drm/i915/selftests: Fix return in assert_mmap_offset() (bnc#1012628). - drm/i915/perf: Reintroduce wait on OA configuration completion (bnc#1012628). - phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling (bnc#1012628). - phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval (bnc#1012628). - ARM: dts: imx6: phycore-som: fix emmc supply (bnc#1012628). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bnc#1012628). - firmware: imx: misc: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: Align imx_sc_msg_req_cpu_start to 4 (bnc#1012628). - soc: imx-scu: Align imx sc msg structs to 4 (bnc#1012628). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (bnc#1012628). - RDMA/rw: Fix error flow during RDMA context initialization (bnc#1012628). - RDMA/odp: Ensure the mm is still alive before creating an implicit child (bnc#1012628). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (bnc#1012628). - RDMA/siw: Fix failure handling during device creation (bnc#1012628). - RDMA/iwcm: Fix iwcm work deallocation (bnc#1012628). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bnc#1012628). - regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling (bnc#1012628). - regulator: qcom_spmi: Fix docs for PM8004 (bnc#1012628). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bnc#1012628). - IB/mlx5: Fix implicit ODP race (bnc#1012628). - IB/hfi1, qib: Ensure RCU is locked when accessing list (bnc#1012628). - ARM: imx: build v7_cpu_resume() unconditionally (bnc#1012628). - ARM: dts: imx7d: fix opp-supported-hw (bnc#1012628). - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (bnc#1012628). - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (bnc#1012628). - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (bnc#1012628). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bnc#1012628). - dma-buf: free dmabuf->name in dma_buf_release() (bnc#1012628). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bnc#1012628). - sched/fair: Fix statistics for find_idlest_group() (bnc#1012628). - arm64: dts: meson: fix gxm-khadas-vim2 wifi (bnc#1012628). - bus: ti-sysc: Fix 1-wire reset quirk (bnc#1012628). - dt-bindings: arm: fsl: fix APF6Dev compatible (bnc#1012628). - EDAC/synopsys: Do not print an error with back-to-back snprintf() calls (bnc#1012628). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bnc#1012628). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (bnc#1012628). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (bnc#1012628). - efi: READ_ONCE rng seed size before munmap (bnc#1012628). - net: stmmac: fix notifier registration (bnc#1012628). - block, bfq: remove ifdefs from around gets/puts of bfq groups (bnc#1012628). - csky: Implement copy_thread_tls (bnc#1012628). - commit 70a6377 - vt: selection, push sel_lock up (bnc#1162928 CVE-2020-8648). - vt: selection, push console lock down (bnc#1162928 CVE-2020-8648). - commit 1538c30 - Refresh patches.suse/vt-selection-close-sel_buffer-race.patch. Update upstream status. - commit e2b9350 ==== kernel-source ==== Version update (5.5.8 -> 5.5.9) - Linux 5.5.9 (bnc#1012628). - ASoC: intel/skl/hda - export number of digital microphones via control components (bnc#1012628). - block, bfq: get a ref to a group when adding it to a service tree (bnc#1012628). - block, bfq: get extra ref to prevent a queue from being freed during a group move (bnc#1012628). - block, bfq: do not insert oom queue into position tree (bnc#1012628). - dm thin metadata: fix lockdep complaint (bnc#1012628). - net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec (bnc#1012628). - RDMA/core: Fix pkey and port assignment in get_new_pps (bnc#1012628). - RDMA/core: Fix use of logical OR in get_new_pps (bnc#1012628). - blktrace: fix dereference after null check (bnc#1012628). - netfilter: hashlimit: do not use indirect calls during gc (bnc#1012628). - ALSA: hda: do not override bus codec_mask in link_get() (bnc#1012628). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (bnc#1012628). - Kernel selftests: tpm2: check for tpm support (bnc#1012628). - selftests: fix too long argument (bnc#1012628). - usb: gadget: composite: Support more than 500mA MaxPower (bnc#1012628). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (bnc#1012628). - usb: gadget: serial: fix Tx stall after buffer overflow (bnc#1012628). - habanalabs: halt the engines before hard-reset (bnc#1012628). - habanalabs: do not halt CoreSight during hard reset (bnc#1012628). - habanalabs: patched cb equals user cb in device memset (bnc#1012628). - drm/msm/mdp5: rate limit pp done timeout warnings (bnc#1012628). - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI (bnc#1012628). - drm/modes: Make sure to parse valid rotation value from cmdline (bnc#1012628). - drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode parameters (bnc#1012628). - scsi: megaraid_sas: silence a warning (bnc#1012628). - drm/msm/dsi: save pll state before dsi host is powered off (bnc#1012628). - drm/msm/dsi/pll: call vco set rate explicitly (bnc#1012628). - selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: fix tos value (bnc#1012628). - net: atlantic: check rpc result and wait for rpc address (bnc#1012628). - net: atlantic: ptp gpio adjustments (bnc#1012628). - net: ks8851-ml: Remove 8-bit bus accessors (bnc#1012628). - net: ks8851-ml: Fix 16-bit data access (bnc#1012628). - net: ks8851-ml: Fix 16-bit IO operation (bnc#1012628). - net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt() (bnc#1012628). - watchdog: da9062: do not ping the hw during stop() (bnc#1012628). - s390/cio: cio_ignore_proc_seq_next should increase position index (bnc#1012628). - s390: make 'install' not depend on vmlinux (bnc#1012628). - efi: Only print errors about failing to get certs if EFI vars are found (bnc#1012628). - net/mlx5: DR, Fix matching on vport gvmi (bnc#1012628). - iommu/amd: Disable IOMMU on Stoney Ridge systems (bnc#1012628). - nvme/pci: Add sleep quirk for Samsung and Toshiba drives (bnc#1012628). - nvme-pci: Use single IRQ vector for old Apple models (bnc#1012628). - x86/boot/compressed: Don't declare __force_order in kaslr_64.c (bnc#1012628). - s390/qdio: fill SL with absolute addresses (bnc#1012628). - nvme: Fix uninitialized-variable warning (bnc#1012628). - ice: Don't tell the OS that link is going down (bnc#1012628). - x86/xen: Distribute switch variables for initialization (bnc#1012628). - net: thunderx: workaround BGX TX Underflow issue (bnc#1012628). - csky/mm: Fixup export invalid_pte_table symbol (bnc#1012628). - csky: Set regs->usp to kernel sp, when the exception is from kernel (bnc#1012628). - csky/smp: Fixup boot failed when CONFIG_SMP (bnc#1012628). - csky: Fixup ftrace modify panic (bnc#1012628). - csky: Fixup compile warning for three unimplemented syscalls (bnc#1012628). - arch/csky: fix some Kconfig typos (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: use more proper tos value (bnc#1012628). - firmware: imx: scu: Ensure sequential TX (bnc#1012628). - binder: prevent UAF for binderfs devices (bnc#1012628). - binder: prevent UAF for binderfs devices II (bnc#1012628). - ALSA: hda/realtek - Add Headset Mic supported (bnc#1012628). - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bnc#1012628). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bnc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bnc#1012628). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bnc#1012628). - driver core: Call sync_state() even if supplier has no consumers (bnc#1012628). - cifs: don't leak -EAGAIN for stat() during reconnect (bnc#1012628). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bnc#1012628). - usb: storage: Add quirk for Samsung Fit flash (bnc#1012628). - usb: usb251xb: fix regulator probe and error handling (bnc#1012628). - usb: quirks: add NO_LPM quirk for Logitech Screen Share (bnc#1012628). - usb: dwc3: gadget: Update chain bit correctly when using sg list (bnc#1012628). - usb: cdns3: gadget: link trb should point to next request (bnc#1012628). - usb: cdns3: gadget: toggle cycle bit before reset endpoint (bnc#1012628). - usb: core: hub: fix unhandled return by employing a void function (bnc#1012628). - usb: core: hub: do error out if usb_autopm_get_interface() fails (bnc#1012628). - usb: core: port: do error out if usb_autopm_get_interface() fails (bnc#1012628). - vgacon: Fix a UAF in vgacon_invert_region (bnc#1012628). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bnc#1012628). - mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() (bnc#1012628). - mm: avoid data corruption on CoW fault into PFN-mapped VMA (bnc#1012628). - mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled (bnc#1012628). - fat: fix uninit-memory access for partial initialized inode (bnc#1012628). - btrfs: fix RAID direct I/O reads with alternate csums (bnc#1012628). - arm64: dts: socfpga: agilex: Fix gmac compatible (bnc#1012628). - arm: dts: dra76x: Fix mmc3 max-frequency (bnc#1012628). - phy: allwinner: Fix GENMASK misuse (bnc#1012628). - tty:serial:mvebu-uart:fix a wrong return (bnc#1012628). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bnc#1012628). - serial: 8250_exar: add support for ACCES cards (bnc#1012628). - serdev: Fix detection of UART devices on Apple machines (bnc#1012628). - media: hantro: Fix broken media controller links (bnc#1012628). - media: mc-entity.c: use & to check pad flags, not == (bnc#1012628). - media: vicodec: process all 4 components for RGB32 formats (bnc#1012628). - media: v4l2-mem2mem.c: fix broken links (bnc#1012628). - perf intel-pt: Fix endless record after being terminated (bnc#1012628). - perf intel-bts: Fix endless record after being terminated (bnc#1012628). - perf cs-etm: Fix endless record after being terminated (bnc#1012628). - perf arm-spe: Fix endless record after being terminated (bnc#1012628). - spi: spidev: Fix CS polarity if GPIO descriptors are used (bnc#1012628). - x86/ioperm: Add new paravirt function update_io_bitmap() (bnc#1012628). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bnc#1012628). - s390/pci: Fix unexpected write combine on resource (bnc#1012628). - s390/mm: fix panic in gup_fast on large pud (bnc#1012628). - selftests: pidfd: Add pidfd_fdinfo_test in .gitignore (bnc#1012628). - powerpc/mm: Fix missing KUAP disable in flush_coherent_icache() (bnc#1012628). - drm/amdgpu: disable 3D pipe 1 on Navi1x (bnc#1012628). - drm/amd/powerplay: fix pre-check condition for setting clock range (bnc#1012628). - dmaengine: imx-sdma: fix context cache (bnc#1012628). - dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 (bnc#1012628). - dmaengine: tegra-apb: Fix use-after-free (bnc#1012628). - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list (bnc#1012628). - dm integrity: fix recalculation when moving from journal mode to bitmap mode (bnc#1012628). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (bnc#1012628). - dm integrity: fix invalid table returned due to argument count mismatch (bnc#1012628). - dm cache: fix a crash due to incorrect work item cancelling (bnc#1012628). - dm: report suspended device during destroy (bnc#1012628). - dm writecache: verify watermark during resume (bnc#1012628). - dm zoned: Fix reference counter initial value of chunk works (bnc#1012628). - dm: fix congested_fn for request-based device (bnc#1012628). - arm64: dts: meson-sm1-sei610: add missing interrupt-names (bnc#1012628). - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (bnc#1012628). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bnc#1012628). - drm/virtio: fix resource id creation race (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_manifest_load() (bnc#1012628). - ASoC: SOF: Fix snd_sof_ipc_stream_posn() (bnc#1012628). - ASoC: intel: skl: Fix pin debug prints (bnc#1012628). - ASoC: intel: skl: Fix possible buffer overflow in debug outputs (bnc#1012628). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bnc#1012628). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bnc#1012628). - ASoC: Intel: Skylake: Fix available clock counter incrementation (bnc#1012628). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bnc#1012628). - ASoC: soc-component: tidyup snd_soc_pcm_component_sync_stop() (bnc#1012628). - spi: atmel-quadspi: fix possible MMIO window size overrun (bnc#1012628). - drm/panfrost: Don't try to map on error faults (bnc#1012628). - drm/mediatek: Handle component type MTK_DISP_OVL_2L correctly (bnc#1012628). - drm/ttm: fix leaking fences via ttm_buffer_object_transfer (bnc#1012628). - drm: kirin: Revert "Fix for hikey620 display offset problem" (bnc#1012628). - drm/sun4i: Add separate DE3 VI layer formats (bnc#1012628). - drm/sun4i: Fix DE2 VI layer format support (bnc#1012628). - drm/sun4i: de2/de3: Remove unsupported VI layer formats (bnc#1012628). - drm/i915: Program MBUS with rmw during initialization (bnc#1012628). - drm/i915/selftests: Fix return in assert_mmap_offset() (bnc#1012628). - drm/i915/perf: Reintroduce wait on OA configuration completion (bnc#1012628). - phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling (bnc#1012628). - phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval (bnc#1012628). - ARM: dts: imx6: phycore-som: fix emmc supply (bnc#1012628). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bnc#1012628). - firmware: imx: misc: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: Align imx_sc_msg_req_cpu_start to 4 (bnc#1012628). - soc: imx-scu: Align imx sc msg structs to 4 (bnc#1012628). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (bnc#1012628). - RDMA/rw: Fix error flow during RDMA context initialization (bnc#1012628). - RDMA/odp: Ensure the mm is still alive before creating an implicit child (bnc#1012628). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (bnc#1012628). - RDMA/siw: Fix failure handling during device creation (bnc#1012628). - RDMA/iwcm: Fix iwcm work deallocation (bnc#1012628). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bnc#1012628). - regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling (bnc#1012628). - regulator: qcom_spmi: Fix docs for PM8004 (bnc#1012628). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bnc#1012628). - IB/mlx5: Fix implicit ODP race (bnc#1012628). - IB/hfi1, qib: Ensure RCU is locked when accessing list (bnc#1012628). - ARM: imx: build v7_cpu_resume() unconditionally (bnc#1012628). - ARM: dts: imx7d: fix opp-supported-hw (bnc#1012628). - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (bnc#1012628). - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (bnc#1012628). - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (bnc#1012628). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bnc#1012628). - dma-buf: free dmabuf->name in dma_buf_release() (bnc#1012628). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bnc#1012628). - sched/fair: Fix statistics for find_idlest_group() (bnc#1012628). - arm64: dts: meson: fix gxm-khadas-vim2 wifi (bnc#1012628). - bus: ti-sysc: Fix 1-wire reset quirk (bnc#1012628). - dt-bindings: arm: fsl: fix APF6Dev compatible (bnc#1012628). - EDAC/synopsys: Do not print an error with back-to-back snprintf() calls (bnc#1012628). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bnc#1012628). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (bnc#1012628). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (bnc#1012628). - efi: READ_ONCE rng seed size before munmap (bnc#1012628). - net: stmmac: fix notifier registration (bnc#1012628). - block, bfq: remove ifdefs from around gets/puts of bfq groups (bnc#1012628). - csky: Implement copy_thread_tls (bnc#1012628). - commit 70a6377 - vt: selection, push sel_lock up (bnc#1162928 CVE-2020-8648). - vt: selection, push console lock down (bnc#1162928 CVE-2020-8648). - commit 1538c30 - Refresh patches.suse/vt-selection-close-sel_buffer-race.patch. Update upstream status. - commit e2b9350 ==== kexec-tools ==== - kexec-tools-reset-getopt-before-falling-back-to-legacy.patch: Reset getopt before falling back to legacy syscall (bsc#1166105). - kexec-tools-fix-kexec_file_load-error-handling.patch: Fix the error handling if kexec_file_load() fails (bsc#1166105). ==== kubernetes ==== Version update (1.17.2 -> 1.17.4) Subpackages: kubernetes-client kubernetes-kubeadm - Update to version 1.17.4: * Removing kubectl get output e2e test * Adding a temporary fix for kubectl get output e2e test * /readyz should start returning failure on shutdown initiation * test: don't use hardcoded pod count for memory limit test * Fixed in the GCE/PD in-tree volume logic to expose the max number of persistent-disks for each instance type correctly. * Honor status.podIP over status.podIPs, node.spec.podCIDR over node.spec.podCIDRs * fix: corrupted mount point in csi driver * fix: azure file mount timeout issue * fix behaviour of aws-load-balancer-security-groups annotation * fix: add remediation in azure disk attach/detach * Update to golang@1.13.8 * build: Enable kube-cross push/pull from K8s Infra GCR * build: Add justaugustus as reviewer * build: Add OWNERS on build-image/ * fix get-kube authorization headers * update golang.org/x/crypto * kube-proxy filter Load Balancer Status ingress * kube-proxy unit test FilterIncorrectIPVersion * add delays between goroutines for vm instance update * Updated test cos image to include runc-1.0.0-rc10 * Fix gce-cos-master-reboot test * Fix route conflicted operations when updating multiple routes together * fix: get azure disk lun timeout issue * Set up connection onClose prior to adding to connection map * fix: add azure disk migration support for CSINode * Add annotation annealing for migration for PVs and PVCs during syncVolume and syncClaim. This allows external-provisioners to pick up and delete volumes when they have been rolled up from previous kubernetes versions. * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.3 * Limit number of instances in single update to GCE target pool * Enable selinux tags in make targets - Introduce new packaging structure for smoother rolling upgrades [boo#1161289] - kubelet.sh replaces /usr/bin/kubelet for selecting correct version of kubelet - sysconfig.kubelet-kubernetes adds new KUBELET_VER sysconfig variable for defining new version of kubelet - Update to version 1.17.3: * Add code to fix kubelet/metrics memory issue. * Remove Error log for nil StartTime * CHANGELOG: Move changelogs into a subdir to delegate releng approvals * Fix pending_pods, schedule_attempts_total was not recorded * Fixing Potential Race Condition in EndpointSlice Controller. * Restore statefulset conversion that populates apiVersion/kind in volume templates * Use standard default storage media type in local-up-cluster * changelog: clarify 1.17 upgrade requirements * Fix back off when scheduling cycle is delayed * blank out value for unbounded client label * update gopkg.in/yaml.v2 to v2.2.8 * set nil cache entry based on old cache * Revert "It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc." * Fix issue with GCE scripts assuming Python2. * Add/Update CHANGELOG-1.17.md for v1.17.2. * Update to golang@1.13.6 * Fix the bug PIP's DNS is deleted if no DNS label service annotation is set. * kubenet: replace gateway with cni result * Fixes unnecessary creation of default SG and trying to delete non-provisioned SG by k8s system when annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present * Ensure a provider ID is set on a node if expected * Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ==== libapparmor ==== Version update (2.13.3 -> 2.13.4) - update to AppArmor 2.13.4 - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog ==== libsemanage ==== Version update (2.9 -> 3.0) - Update to version 3.0 * Add support for DCCP and SCTP protocols * include internal header to use the hidden function prototypes * mark all exported function "extern" * optionally optimize policy on rebuild Refreshed suse_path.patch ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - fix patch name typo - bug-1158628-04-pvmove-correcting-read_ahead-setting.patch + bug-1158628_04-pvmove-correcting-read_ahead-setting.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - fix patch name typo - bug-1158628-04-pvmove-correcting-read_ahead-setting.patch + bug-1158628_04-pvmove-correcting-read_ahead-setting.patch ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - statd-user.conf: create user via sysusers.d template - Use ordering for systemd instead of hard requires ==== patterns-microos ==== Subpackages: patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-sssd_ldap - Drop NetworkManager-applet Requires: We do not need this at all inside gnome-shell, we have had built-in tools for a long time. ==== podman ==== Version update (1.8.0 -> 1.8.1) Subpackages: podman-cni-config - Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including - -add-host, --dns, --dns-opt, --dns-search, --ip, - -mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an - -rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the - -device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a - -no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via - -security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys="" would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - Updated vendored Buildah to v1.14.2 - Updated vendored containers/storage to v1.16.2 - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock ==== supportutils ==== Version update (3.1.8 -> 3.1.9) - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center ==== transactional-update ==== Subpackages: transactional-update-zypp-config - Add dependencies to btrfsprogs, zypper and snapper - most of the functionality is not usable if those applications are not installed. [boo#1166502]