Packages changed: MozillaFirefox (73.0.1 -> 74.0) PackageKit alsa (1.2.1.2 -> 1.2.2) alsa-plugins (1.2.1 -> 1.2.2) apparmor (2.13.3 -> 2.13.4) boost-base curl (7.69.0 -> 7.69.1) dracut (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02) gcc10 (10.0.1+git174776 -> 10.0.1+git175037) gcc9 (9.2.1+git1022 -> 9.2.1+git1192) glibc gpg2 installation-images-MicroOS (14.461 -> 14.462) kernel-source (5.5.7 -> 5.5.9) kexec-tools kwin5 libapparmor (2.13.3 -> 2.13.4) libidn2 libva lvm2-device-mapper pam patterns-microos podman (1.8.0 -> 1.8.1) supportutils (3.1.8 -> 3.1.9) transactional-update webkit2gtk3 (2.26.4 -> 2.28.0) wpebackend-fdo (1.4.1 -> 1.4.2) xfsprogs (5.4.0 -> 5.5.0) === Details === ==== MozillaFirefox ==== Version update (73.0.1 -> 74.0) - Mozilla Firefox 74.0 * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ MFSA 2020-08 (bsc#1166238) * CVE-2020-6805 (bmo#1610880) Use-after-free when removing data about origins * CVE-2020-6806 (bmo#1612308) BodyStream::OnInputStreamReady was missing protections against state confusion * CVE-2020-6807 (bmo#1614971) Use-after-free in cubeb during stream destruction * CVE-2020-6808 (bmo#1247968) URL Spoofing via javascript: URL * CVE-2020-6809 (bmo#1420296) Web Extensions with the all-urls permission could access local files * CVE-2020-6810 (bmo#1432856) Focusing a popup while in fullscreen could have obscured the fullscreen notification * CVE-2020-6811 (bmo#1607742) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2019-20503 (bmo#1613765) Out of bounds reads in sctp_load_addresses_from_init * CVE-2020-6812 (bmo#1616661) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission * CVE-2020-6813 (bmo#1605814) @import statements in CSS could bypass the Content Security Policy nonce feature * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636, bmo#1614339) Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457, bmo#1612431) Memory and script safety bugs fixed in Firefox 74 - requires * NSPR 4.25 * NSS 3.50 * rust-cbindgen 0.13.0 - removed obsolete patches mozilla-bmo1610814.patch mozilla-cubeb-noreturn.patch - add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36 (bmo#1609538, boo#1166471) ==== PackageKit ==== Subpackages: PackageKit-backend-zypp libpackagekit-glib2-18 - Add PackageKit-zypp-ignore-already-installed-packages.patch, remove PackageKit-zypp-revert-fail-on-already-installed.patch: zypp: Ignore already installed package when installing (bsc#1155624, gh#/hughsie/PackageKit/commit/d9233011). - Fix source URL in the spec file. ==== alsa ==== Version update (1.2.1.2 -> 1.2.2) - Update to alsa-lib 1.2.2: including previous fixes - Backport recent upstream fixes: conf updates, PCM ordering fix, configure fix; 0001-conf-change-the-order-of-PCM-devices-in-alsa.conf.patch 0002-conf-namehint-add-omit_noargs-to-the-hint-section.patch 0003-Change-PCM-device-number-of-Asus-Xonar-U5.patch 0004-configure-add-embed-for-python3-config-python-3.8.patch 0005-conf-USB-Audio-Add-C-Media-USB-Headphone-Set-to-the-.patch - Drop obsoleted patches: 0001-ucm-Use-strncmp-to-avoid-access-out-of-boundary.patch 0002-ucm-return-always-at-least-NULL-if-no-list-is-availa.patch 0003-ucm-add-_identifiers-list.patch 0004-namehint-correct-the-args-check.patch 0005-namehint-improve-the-previous-patch-check-the-return.patch 0006-ucm-docs-allow-spaces-in-device-names-for-JackHWMute.patch 0007-use-case-docs-add-PlaybackMixerCopy-and-CaptureMixer.patch 0008-ucm-docs-add-JackCTL-rearrange-JackControl-and-JackD.patch 0009-ucm-Do-not-fail-to-parse-configs-on-cards-with-an-em.patch 0010-src-ucm-main.c-fix-build-without-mixer.patch 0011-alsa.m4-another-try-to-fix-the-libatopology-detectio.patch 0012-ucm-docs-add-Mic-DigitalMic-and-multiple-devices-com.patch 0013-ucm-docs-remove-DigitalMic-it-does-not-have-sense.patch 0014-ucm-docs-change-the-Mic-description-to-simple-Microp.patch 0015-ucm-docs-add-note-about-the-sequences-and-device-spl.patch 0016-ucm-docs-remove-MixerCopy-values-add-Priority-for-ve.patch 0017-ucm-setup-conf_format-after-getting-ALSA_CONFIG_UCM_.patch 0018-alsa-lib-fix-the-array-parser-unique-compound-keys.patch 0019-topology-remove-vendor_fd-name-from-snd_tplg-structu.patch 0020-topology-file-position-and-size-cleanups.patch 0021-topology-use-an-array-describing-blocks-for-the-main.patch 0022-topology-use-size_t-for-calc_block_size.patch 0023-topology-merge-write_block-to-tplg_write_data.patch 0024-topology-make-vebose-output-more-nice.patch 0025-topology-use-list_insert-macro-in-tplg_elem_insert.patch 0026-topology-dapm-coding-fixes.patch 0027-topology-dapm-merge-identical-index-blocks-like-for-.patch 0028-topology-more-coding-fixes.patch 0029-Fix-alsa-sound-.h-for-external-programs.patch 0030-type_compat-Add-missing-__s64-and-__u64-definitions-.patch 0031-uapi-Move-typedefs-from-uapi-to-sound.patch 0032-Update-the-attributes.m4-macro-file-from-xine.patch 0033-topology-avoid-to-use-the-atoi-directly-when-expecte.patch 0034-topology-use-snd_config_get_bool-instead-own-impleme.patch 0035-topology-fix-tplg_get_integer-handle-errno-ERANGE.patch 0036-topology-add-tplg_get_unsigned-function.patch 0037-topology-convert-builder-to-use-the-mallocated-memor.patch 0038-topology-add-binary-output-from-the-builder.patch 0039-topology-parser-recode-tplg_parse_config.patch 0040-topology-add-snd_tplg_load-remove-snd_tplg_build_bin.patch 0041-topology-move-the-topology-element-table-from-builde.patch 0042-topology-add-parser-to-the-tplg_table.patch 0043-topology-add-snd_tplg_save.patch 0044-topology-add-snd_tplg_create-with-flags.patch 0045-topology-add-snd_tplg_version-function.patch 0046-topology-cleanup-the-SNDERR-calls.patch 0047-topology-dapm-fix-the-SNDERR-Undefined.patch 0048-topology-fix-the-unitialized-tuples.patch 0049-topology-implement-shorter-hexa-uuid-00-00-parser.patch 0050-topology-fix-the-TPLG_DEBUG-compilation.patch 0051-topology-fix-the-ops-parser-accept-integer-hexa-valu.patch 0052-topology-fix-the-wrong-memory-access-object-realloc.patch 0053-topology-implement-snd_tplg_decode.patch 0054-topology-move-the-elem-list-delete-to-tplg_elem_free.patch 0055-topology-unify-the-log-mechanism.patch 0056-topology-tplg_dbg-cleanups.patch 0057-topology-cosmetic-changes-functions.patch 0058-mixer-Fix-memory-leak-for-more-than-16-file-descript.patch 0059-Quote-strings-containing-or-when-saving-an-alsa-conf.patch 0060-ucm-fix-the-configuration-directory-longname-for-ucm.patch 0061-ucm-split-conf_file_name-and-conf_dir_name.patch 0062-ucm-remove-MAX_FILE-definition-and-use-correct-PATH_.patch 0063-topology-remove-MAX_FILE-definition-and-use-correct-.patch 0064-ucm-parser-cosmetic-fixes-in-the-comments.patch 0065-configure.ac-remove-an-unnecessary-libtool-fix.patch 0066-ucm-parser-use-correct-filename-in-parser_master_fil.patch 0067-ucm-the-ucm2-subdirectory-is-driver-name-based.patch 0068-ucm-implement-RenameDevice-and-RemoveDevice-verb-man.patch 0069-ucm-fill-missing-device-entries-conflicting-supporte.patch 0070-control-Remove-access-to-the-deprecated-dimen-fields.patch 0071-topology-Drop-SNDRV_CTL_ELEM_ACCESS_TIMESTAMP-access.patch 0072-uapi-Sync-with-5.6-kernel-ABI.patch 0073-ucm-parser-add-error-message-to-verb_dev_list_add.patch 0074-do-not-set-close-on-exec-flag-on-descriptor-if-it-wa.patch ==== alsa-plugins ==== Version update (1.2.1 -> 1.2.2) - Update to alsa-plugins 1.2.2: * upmix plugin code refactoring, m4 file update ==== apparmor ==== Version update (2.13.3 -> 2.13.4) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-authentification.diff ==== boost-base ==== Subpackages: boost-license1_71_0 libboost_thread1_71_0 - Fix packaging errors in cases where python2 is disabled and unavailable. ==== curl ==== Version update (7.69.0 -> 7.69.1) Subpackages: libcurl4 - Update to 7.69.1 * Bugfixes: - ares: store dns parameters for duphandle - cirrus-ci: disable the FreeBSD 13 builds - curl_share_setopt.3: Note sharing cookies doesn't enable the engine - lib1564: reduce number of mid-wait wakeup calls - libssh: Fix matching user-specified MD5 hex key - MANUAL: update a dict-using command line - mime: do not perform more than one read in a row - mime: fix the binary encoder to handle large data properly - mime: latch last read callback status - multi: skip EINTR check on wakeup socket if it was closed - pause: bail out on bad input - pause: force a connection recheck after unpausing (take 2) - pause: return early for calls that don't change pause state - runtests.1: rephrase how to specify what tests to run - runtests: fix missing use of exe_ext helper function - seek: fix fall back for missing ftruncate on Windows - sftp: fix segfault regression introduced by #4747 in 7.69.0 - sha256: Added SecureTransport implementation - sha256: Added WinCrypt implementation - socks4: fix host resolve regression - socks5: host name resolv regression fix - tests/server: fix missing use of exe_ext helper function - tests: fix static ip:port instead of dynamic values being used - tests: make sleeping portable by avoiding select - unit1612: fix the inclusion and compilation of the HMAC unit test - urldata: remove the 'stream_was_rewound' connectdata struct member - version: make curl_version* thread-safe without using global context ==== dracut ==== Version update (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02) Subpackages: dracut-ima - Update to version 049.1+git135.46dceb02: * 40network: Do not require hostname binary * suse.spec: add new modules 90nvdimm and 99suse-initrd * 95fcoe: default rd.nofcoe to false (bsc#1163343) * Add module "99suse-initrd" for parsing "SUSE INITRD" lines (bsc#1161343) Dependent commits: * Add module "90nvdimm" for NVDIMM support * 90kernel-modules: remove nfit from static module list - Update to version 049.1+git129.0f19bbfd: * 35network-legacy: dhclient is optional (bsc#1166188) * suse.spec: Create -extra package (bsc#1166188) * suse.spec: Remove obsolete permission fixups * 00warpclock: Fix permissions in warpclock.sh ==== gcc10 ==== Version update (10.0.1+git174776 -> 10.0.1+git175037) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Update to master head (778a77357cad11e8dd4c810544330af0fbe843b1). * Includes fix for binutils version parsing [gcc#93965] ==== gcc9 ==== Version update (9.2.1+git1022 -> 9.2.1+git1192) - Update to releases/gcc-9 head (c5edde44f5b17b4891f17a63517f355b). * Includes GCC 9.3.0 RC1 - Update to releases/gcc-9 head (eaaee438bf836c2c1ed3424ecbf85de3ed941e87). * Includes fix for binutils version parsing [gcc#93965] ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - riscv-syscall-clobber.patch: riscv: Avoid clobbering register parameters in syscall - ldbl-96-rem-pio2l.patch: Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (CVE-2020-10029, bsc#1165784, BZ #25487) ==== gpg2 ==== - Split dirmngr into a subpackage to avoid a hard dependency of gpg2 on libgnutls ==== installation-images-MicroOS ==== Version update (14.461 -> 14.462) - merge gh#openSUSE/installation-images#364 - use u-boot-rpiarm64 if available (bsc#1164080) - 14.462 ==== kernel-source ==== Version update (5.5.7 -> 5.5.9) - Linux 5.5.9 (bnc#1012628). - ASoC: intel/skl/hda - export number of digital microphones via control components (bnc#1012628). - block, bfq: get a ref to a group when adding it to a service tree (bnc#1012628). - block, bfq: get extra ref to prevent a queue from being freed during a group move (bnc#1012628). - block, bfq: do not insert oom queue into position tree (bnc#1012628). - dm thin metadata: fix lockdep complaint (bnc#1012628). - net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec (bnc#1012628). - RDMA/core: Fix pkey and port assignment in get_new_pps (bnc#1012628). - RDMA/core: Fix use of logical OR in get_new_pps (bnc#1012628). - blktrace: fix dereference after null check (bnc#1012628). - netfilter: hashlimit: do not use indirect calls during gc (bnc#1012628). - ALSA: hda: do not override bus codec_mask in link_get() (bnc#1012628). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (bnc#1012628). - Kernel selftests: tpm2: check for tpm support (bnc#1012628). - selftests: fix too long argument (bnc#1012628). - usb: gadget: composite: Support more than 500mA MaxPower (bnc#1012628). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (bnc#1012628). - usb: gadget: serial: fix Tx stall after buffer overflow (bnc#1012628). - habanalabs: halt the engines before hard-reset (bnc#1012628). - habanalabs: do not halt CoreSight during hard reset (bnc#1012628). - habanalabs: patched cb equals user cb in device memset (bnc#1012628). - drm/msm/mdp5: rate limit pp done timeout warnings (bnc#1012628). - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI (bnc#1012628). - drm/modes: Make sure to parse valid rotation value from cmdline (bnc#1012628). - drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode parameters (bnc#1012628). - scsi: megaraid_sas: silence a warning (bnc#1012628). - drm/msm/dsi: save pll state before dsi host is powered off (bnc#1012628). - drm/msm/dsi/pll: call vco set rate explicitly (bnc#1012628). - selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: fix tos value (bnc#1012628). - net: atlantic: check rpc result and wait for rpc address (bnc#1012628). - net: atlantic: ptp gpio adjustments (bnc#1012628). - net: ks8851-ml: Remove 8-bit bus accessors (bnc#1012628). - net: ks8851-ml: Fix 16-bit data access (bnc#1012628). - net: ks8851-ml: Fix 16-bit IO operation (bnc#1012628). - net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt() (bnc#1012628). - watchdog: da9062: do not ping the hw during stop() (bnc#1012628). - s390/cio: cio_ignore_proc_seq_next should increase position index (bnc#1012628). - s390: make 'install' not depend on vmlinux (bnc#1012628). - efi: Only print errors about failing to get certs if EFI vars are found (bnc#1012628). - net/mlx5: DR, Fix matching on vport gvmi (bnc#1012628). - iommu/amd: Disable IOMMU on Stoney Ridge systems (bnc#1012628). - nvme/pci: Add sleep quirk for Samsung and Toshiba drives (bnc#1012628). - nvme-pci: Use single IRQ vector for old Apple models (bnc#1012628). - x86/boot/compressed: Don't declare __force_order in kaslr_64.c (bnc#1012628). - s390/qdio: fill SL with absolute addresses (bnc#1012628). - nvme: Fix uninitialized-variable warning (bnc#1012628). - ice: Don't tell the OS that link is going down (bnc#1012628). - x86/xen: Distribute switch variables for initialization (bnc#1012628). - net: thunderx: workaround BGX TX Underflow issue (bnc#1012628). - csky/mm: Fixup export invalid_pte_table symbol (bnc#1012628). - csky: Set regs->usp to kernel sp, when the exception is from kernel (bnc#1012628). - csky/smp: Fixup boot failed when CONFIG_SMP (bnc#1012628). - csky: Fixup ftrace modify panic (bnc#1012628). - csky: Fixup compile warning for three unimplemented syscalls (bnc#1012628). - arch/csky: fix some Kconfig typos (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: use more proper tos value (bnc#1012628). - firmware: imx: scu: Ensure sequential TX (bnc#1012628). - binder: prevent UAF for binderfs devices (bnc#1012628). - binder: prevent UAF for binderfs devices II (bnc#1012628). - ALSA: hda/realtek - Add Headset Mic supported (bnc#1012628). - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bnc#1012628). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bnc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bnc#1012628). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bnc#1012628). - driver core: Call sync_state() even if supplier has no consumers (bnc#1012628). - cifs: don't leak -EAGAIN for stat() during reconnect (bnc#1012628). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bnc#1012628). - usb: storage: Add quirk for Samsung Fit flash (bnc#1012628). - usb: usb251xb: fix regulator probe and error handling (bnc#1012628). - usb: quirks: add NO_LPM quirk for Logitech Screen Share (bnc#1012628). - usb: dwc3: gadget: Update chain bit correctly when using sg list (bnc#1012628). - usb: cdns3: gadget: link trb should point to next request (bnc#1012628). - usb: cdns3: gadget: toggle cycle bit before reset endpoint (bnc#1012628). - usb: core: hub: fix unhandled return by employing a void function (bnc#1012628). - usb: core: hub: do error out if usb_autopm_get_interface() fails (bnc#1012628). - usb: core: port: do error out if usb_autopm_get_interface() fails (bnc#1012628). - vgacon: Fix a UAF in vgacon_invert_region (bnc#1012628). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bnc#1012628). - mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() (bnc#1012628). - mm: avoid data corruption on CoW fault into PFN-mapped VMA (bnc#1012628). - mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled (bnc#1012628). - fat: fix uninit-memory access for partial initialized inode (bnc#1012628). - btrfs: fix RAID direct I/O reads with alternate csums (bnc#1012628). - arm64: dts: socfpga: agilex: Fix gmac compatible (bnc#1012628). - arm: dts: dra76x: Fix mmc3 max-frequency (bnc#1012628). - phy: allwinner: Fix GENMASK misuse (bnc#1012628). - tty:serial:mvebu-uart:fix a wrong return (bnc#1012628). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bnc#1012628). - serial: 8250_exar: add support for ACCES cards (bnc#1012628). - serdev: Fix detection of UART devices on Apple machines (bnc#1012628). - media: hantro: Fix broken media controller links (bnc#1012628). - media: mc-entity.c: use & to check pad flags, not == (bnc#1012628). - media: vicodec: process all 4 components for RGB32 formats (bnc#1012628). - media: v4l2-mem2mem.c: fix broken links (bnc#1012628). - perf intel-pt: Fix endless record after being terminated (bnc#1012628). - perf intel-bts: Fix endless record after being terminated (bnc#1012628). - perf cs-etm: Fix endless record after being terminated (bnc#1012628). - perf arm-spe: Fix endless record after being terminated (bnc#1012628). - spi: spidev: Fix CS polarity if GPIO descriptors are used (bnc#1012628). - x86/ioperm: Add new paravirt function update_io_bitmap() (bnc#1012628). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bnc#1012628). - s390/pci: Fix unexpected write combine on resource (bnc#1012628). - s390/mm: fix panic in gup_fast on large pud (bnc#1012628). - selftests: pidfd: Add pidfd_fdinfo_test in .gitignore (bnc#1012628). - powerpc/mm: Fix missing KUAP disable in flush_coherent_icache() (bnc#1012628). - drm/amdgpu: disable 3D pipe 1 on Navi1x (bnc#1012628). - drm/amd/powerplay: fix pre-check condition for setting clock range (bnc#1012628). - dmaengine: imx-sdma: fix context cache (bnc#1012628). - dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 (bnc#1012628). - dmaengine: tegra-apb: Fix use-after-free (bnc#1012628). - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list (bnc#1012628). - dm integrity: fix recalculation when moving from journal mode to bitmap mode (bnc#1012628). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (bnc#1012628). - dm integrity: fix invalid table returned due to argument count mismatch (bnc#1012628). - dm cache: fix a crash due to incorrect work item cancelling (bnc#1012628). - dm: report suspended device during destroy (bnc#1012628). - dm writecache: verify watermark during resume (bnc#1012628). - dm zoned: Fix reference counter initial value of chunk works (bnc#1012628). - dm: fix congested_fn for request-based device (bnc#1012628). - arm64: dts: meson-sm1-sei610: add missing interrupt-names (bnc#1012628). - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (bnc#1012628). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bnc#1012628). - drm/virtio: fix resource id creation race (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_manifest_load() (bnc#1012628). - ASoC: SOF: Fix snd_sof_ipc_stream_posn() (bnc#1012628). - ASoC: intel: skl: Fix pin debug prints (bnc#1012628). - ASoC: intel: skl: Fix possible buffer overflow in debug outputs (bnc#1012628). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bnc#1012628). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bnc#1012628). - ASoC: Intel: Skylake: Fix available clock counter incrementation (bnc#1012628). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bnc#1012628). - ASoC: soc-component: tidyup snd_soc_pcm_component_sync_stop() (bnc#1012628). - spi: atmel-quadspi: fix possible MMIO window size overrun (bnc#1012628). - drm/panfrost: Don't try to map on error faults (bnc#1012628). - drm/mediatek: Handle component type MTK_DISP_OVL_2L correctly (bnc#1012628). - drm/ttm: fix leaking fences via ttm_buffer_object_transfer (bnc#1012628). - drm: kirin: Revert "Fix for hikey620 display offset problem" (bnc#1012628). - drm/sun4i: Add separate DE3 VI layer formats (bnc#1012628). - drm/sun4i: Fix DE2 VI layer format support (bnc#1012628). - drm/sun4i: de2/de3: Remove unsupported VI layer formats (bnc#1012628). - drm/i915: Program MBUS with rmw during initialization (bnc#1012628). - drm/i915/selftests: Fix return in assert_mmap_offset() (bnc#1012628). - drm/i915/perf: Reintroduce wait on OA configuration completion (bnc#1012628). - phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling (bnc#1012628). - phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval (bnc#1012628). - ARM: dts: imx6: phycore-som: fix emmc supply (bnc#1012628). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bnc#1012628). - firmware: imx: misc: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: Align imx_sc_msg_req_cpu_start to 4 (bnc#1012628). - soc: imx-scu: Align imx sc msg structs to 4 (bnc#1012628). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (bnc#1012628). - RDMA/rw: Fix error flow during RDMA context initialization (bnc#1012628). - RDMA/odp: Ensure the mm is still alive before creating an implicit child (bnc#1012628). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (bnc#1012628). - RDMA/siw: Fix failure handling during device creation (bnc#1012628). - RDMA/iwcm: Fix iwcm work deallocation (bnc#1012628). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bnc#1012628). - regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling (bnc#1012628). - regulator: qcom_spmi: Fix docs for PM8004 (bnc#1012628). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bnc#1012628). - IB/mlx5: Fix implicit ODP race (bnc#1012628). - IB/hfi1, qib: Ensure RCU is locked when accessing list (bnc#1012628). - ARM: imx: build v7_cpu_resume() unconditionally (bnc#1012628). - ARM: dts: imx7d: fix opp-supported-hw (bnc#1012628). - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (bnc#1012628). - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (bnc#1012628). - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (bnc#1012628). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bnc#1012628). - dma-buf: free dmabuf->name in dma_buf_release() (bnc#1012628). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bnc#1012628). - sched/fair: Fix statistics for find_idlest_group() (bnc#1012628). - arm64: dts: meson: fix gxm-khadas-vim2 wifi (bnc#1012628). - bus: ti-sysc: Fix 1-wire reset quirk (bnc#1012628). - dt-bindings: arm: fsl: fix APF6Dev compatible (bnc#1012628). - EDAC/synopsys: Do not print an error with back-to-back snprintf() calls (bnc#1012628). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bnc#1012628). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (bnc#1012628). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (bnc#1012628). - efi: READ_ONCE rng seed size before munmap (bnc#1012628). - net: stmmac: fix notifier registration (bnc#1012628). - block, bfq: remove ifdefs from around gets/puts of bfq groups (bnc#1012628). - csky: Implement copy_thread_tls (bnc#1012628). - commit 70a6377 - vt: selection, push sel_lock up (bnc#1162928 CVE-2020-8648). - vt: selection, push console lock down (bnc#1162928 CVE-2020-8648). - commit 1538c30 - Refresh patches.suse/vt-selection-close-sel_buffer-race.patch. Update upstream status. - commit e2b9350 - drm/virtio: fix mmap page attributes (bsc#1163720). - drm/shmem: add support for per object caching flags (bsc#1163720). - commit 1e5a090 - netfilter: xt_hashlimit: unregister proc file before releasing mutex (git-fixes). - commit fb4c60d - Linux 5.5.8 (bnc#1012628). - kvm: nVMX: VMWRITE checks unsupported field before read-only field (bnc#1012628). - kvm: nVMX: VMWRITE checks VMCS-link pointer before VMCS field (bnc#1012628). - mm, thp: fix defrag setting if newline is not used (bnc#1012628). - mm/huge_memory.c: use head to check huge zero page (bnc#1012628). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (bnc#1012628). - mm/debug.c: always print flags in dump_page() (bnc#1012628). - locking/lockdep: Fix lockdep_stats indentation problem (bnc#1012628). - xfs: clear kernel only flags in XFS_IOC_ATTRMULTI_BY_HANDLE (bnc#1012628). - clk: qcom: rpmh: Sort OF match table (bnc#1012628). - bus: tegra-aconnect: Remove PM_CLK dependency (bnc#1012628). - netfilter: nf_flowtable: fix documentation (bnc#1012628). - netfilter: nft_tunnel: no need to call htons() when dumping ports (bnc#1012628). - thermal: brcmstb_thermal: Do not use DT coefficients (bnc#1012628). - thermal: db8500: Depromote debug print (bnc#1012628). - ubifs: Fix ino_t format warnings in orphan_delete() (bnc#1012628). - rcu: Allow only one expedited GP to run concurrently with wakeups (bnc#1012628). - KVM: x86: Remove spurious clearing of async #PF MSR (bnc#1012628). - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path (bnc#1012628). - KVM: X86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand (bnc#1012628). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bnc#1012628). - perf maps: Add missing unlock to maps__insert() error case (bnc#1012628). - perf ui gtk: Add missing zalloc object (bnc#1012628). - perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc (bnc#1012628). - pwm: omap-dmtimer: put_device() after of_find_device_by_node() (bnc#1012628). - lib/vdso: Update coarse timekeeper unconditionally (bnc#1012628). - lib/vdso: Make __arch_update_vdso_data() logic understandable (bnc#1012628). - kprobes: Set unoptimized flag after unoptimizing code (bnc#1012628). - ima: ima/lsm policy rule loading logic bug fixes (bnc#1012628). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (bnc#1012628). - RDMA/hns: Bugfix for posting a wqe with sge (bnc#1012628). - RDMA/hns: Simplify the calculation and usage of wqe idx for post verbs (bnc#1012628). - f2fs: fix to add swap extent correctly (bnc#1012628). - sched/fair: Optimize select_idle_cpu (bnc#1012628). - KVM: Check for a bad hva before dropping into the ghc slow path (bnc#1012628). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bnc#1012628). - perf report: Fix no libunwind compiled warning break s390 issue (bnc#1012628). - mwifiex: delete unused mwifiex_get_intf_num() (bnc#1012628). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (bnc#1012628). - namei: only return -ECHILD from follow_dotdot_rcu() (bnc#1012628). - tipc: fix successful connect() but timed out (bnc#1012628). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bnc#1012628). - net/smc: no peer ID in CLC decline for SMCD (bnc#1012628). - selftests: Install settings files to fix TIMEOUT failures (bnc#1012628). - net: atlantic: fix out of range usage of active_vlans array (bnc#1012628). - net: atlantic: possible fault in transition to hibernation (bnc#1012628). - net: atlantic: fix potential error handling (bnc#1012628). - net: atlantic: fix use after free kasan warn (bnc#1012628). - net: atlantic: better loopback mode handling (bnc#1012628). - net: atlantic: checksum compat issue (bnc#1012628). - net: netlink: cap max groups which will be considered in netlink_bind() (bnc#1012628). - s390/qeth: fix off-by-one in RX copybreak check (bnc#1012628). - s390/qeth: vnicc Fix EOPNOTSUPP precedence (bnc#1012628). - nvme-pci: Hold cq_poll_lock while completing CQEs (bnc#1012628). - usb: charger: assign specific number for enum value (bnc#1012628). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (bnc#1012628). - kbuild: fix DT binding schema rule to detect command line changes (bnc#1012628). - mac80211: Remove a redundant mutex unlock (bnc#1012628). - nl80211: fix potential leak in AP start (bnc#1012628). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bnc#1012628). - drm/i915: Avoid recursing onto active vma from the shrinker (bnc#1012628). - drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (bnc#1012628). - MIPS: cavium_octeon: Fix syncw generation (bnc#1012628). - i2c: jz4780: silence log flood on txabrt (bnc#1012628). - i2c: altera: Fix potential integer overflow (bnc#1012628). - MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()' (bnc#1012628). - RISC-V: Don't enable all interrupts in trap_init() (bnc#1012628). - HID: hiddev: Fix race in in hiddev_disconnect() (bnc#1012628). - HID: alps: Fix an error handling path in 'alps_input_configured()' (bnc#1012628). - netfilter: xt_hashlimit: reduce hashlimit_mutex scope for htable_put() (bnc#1012628). - netfilter: ipset: Fix forceadd evaluation path (bnc#1012628). - vhost: Check docket sk_family instead of call getname (bnc#1012628). - net/smc: transfer fasync_list in case of fallback (bnc#1012628). - netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports (bnc#1012628). - io_uring: fix 32-bit compatability with sendmsg/recvmsg (bnc#1012628). - cpufreq: Fix policy initialization for internal governor drivers (bnc#1012628). - amdgpu/gmc_v9: save/restore sdpif regs during S3 (bnc#1012628). - Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" (bnc#1012628). - tracing: Disable trace_printk() on post poned tests (bnc#1012628). - blktrace: Protect q->blk_trace with RCU (bnc#1012628). - macintosh: therm_windtunnel: fix regression when instantiating devices (bnc#1012628). - drm/radeon: Inline drm_get_pci_dev (bnc#1012628). - drm/amdgpu: Drop DRIVER_USE_AGP (bnc#1012628). - HID: core: increase HID report buffer size to 8KiB (bnc#1012628). - HID: core: fix off-by-one memset in hid_report_raw_event() (bnc#1012628). - HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock (bnc#1012628). - KVM: VMX: check descriptor table exits on instruction emulation (bnc#1012628). - ACPI: watchdog: Fix gas->access_width usage (bnc#1012628). - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bnc#1012628). - audit: always check the netlink payload length in audit_receive_msg() (bnc#1012628). - audit: fix error handling in audit_data_to_entry() (bnc#1012628). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bnc#1012628). - docs: Fix empty parallelism argument (bnc#1012628). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bnc#1012628). - scsi: sd_sbc: Fix sd_zbc_report_zones() (bnc#1012628). - nvme/pci: move cqe check after device shutdown (bnc#1012628). - nvme: prevent warning triggered by nvme_stop_keep_alive (bnc#1012628). - nvme/tcp: fix bug on double requeue when send fails (bnc#1012628). - net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples() (bnc#1012628). - net: hns3: fix VF bandwidth does not take effect in some case (bnc#1012628). - net: hns3: add management table after IMP reset (bnc#1012628). - mac80211: fix wrong 160/80+80 MHz setting (bnc#1012628). - cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE (bnc#1012628). - cifs: Fix mode output in debugging statements (bnc#1012628). - io-wq: don't call kXalloc_node() with non-online node (bnc#1012628). - ice: Use correct netif error function (bnc#1012628). - ice: Use ice_pf_to_dev (bnc#1012628). - ice: update Unit Load Status bitmask to check after reset (bnc#1012628). - ice: fix and consolidate logging of NVM/firmware version information (bnc#1012628). - ice: Don't allow same value for Rx tail to be written twice (bnc#1012628). - ice: Fix switch between FW and SW LLDP (bnc#1012628). - net: ena: ena-com.c: prevent NULL pointer dereference (bnc#1012628). - net: ena: ethtool: use correct value for crc32 hash (bnc#1012628). - net: ena: fix corruption of dev_idx_to_host_tbl (bnc#1012628). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bnc#1012628). - net: ena: rss: store hash function as values and not bits (bnc#1012628). - net: ena: rss: fix failure to get indirection table (bnc#1012628). - net: ena: rss: do not allocate key when not supported (bnc#1012628). - net: ena: fix incorrect default RSS key (bnc#1012628). - net: ena: add missing ethtool TX timestamping indication (bnc#1012628). - net: ena: fix uses of round_jiffies() (bnc#1012628). - net: ena: fix potential crash when rxfh key is NULL (bnc#1012628). - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (bnc#1012628). - soc/tegra: fuse: Fix build with Tegra194 configuration (bnc#1012628). - amdgpu: Prevent build errors regarding soft/hard-float FP ABI tags (bnc#1012628). - drm/amd/display: Add initialitions for PLL2 clock source (bnc#1012628). - drm/amd/display: Limit minimum DPPCLK to 100MHz (bnc#1012628). - drm/amd/display: Check engine is not NULL before acquiring (bnc#1012628). - RDMA/siw: Remove unwanted WARN_ON in siw_cm_llp_data_ready() (bnc#1012628). - drm/amd/display: Do not set optimized_require to false after plane disable (bnc#1012628). - ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi (bnc#1012628). - ceph: do not execute direct write in parallel if O_APPEND is specified (bnc#1012628). - perf/x86/msr: Add Tremont support (bnc#1012628). - perf/x86/cstate: Add Tremont support (bnc#1012628). - perf/x86/intel: Add Elkhart Lake support (bnc#1012628). - perf/smmuv3: Use platform_get_irq_optional() for wired interrupt (bnc#1012628). - NFSv4: Fix races between open and dentry revalidation (bnc#1012628). - qmi_wwan: unconditionally reject 2 ep interfaces (bnc#1012628). - qmi_wwan: re-add DW5821e pre-production variant (bnc#1012628). - s390/zcrypt: fix card and queue total counter wrap (bnc#1012628). - io_uring: flush overflowed CQ events in the io_uring_poll() (bnc#1012628). - cfg80211: check wiphy driver existence for drvinfo report (bnc#1012628). - mac80211: consider more elements in parsing CRC (bnc#1012628). - dax: pass NOWAIT flag to iomap_apply (bnc#1012628). - sched/fair: Prevent unlimited runtime on throttled group (bnc#1012628). - timers/nohz: Update NOHZ load in remote tick (bnc#1012628). - sched/core: Don't skip remote tick for idle CPUs (bnc#1012628). - drm/msm: Set dma maximum segment size for mdss (bnc#1012628). - ipmi:ssif: Handle a possible NULL pointer reference (bnc#1012628). - net: rtnetlink: fix bugs in rtnl_alt_ifname() (bnc#1012628). - net: macb: Properly handle phylink on at91rm9200 (bnc#1012628). - net: add strict checks in netdev_name_node_alt_destroy() (bnc#1012628). - ionic: fix fw_status read (bnc#1012628). - ipv6: Fix nlmsg_flags when splitting a multipath route (bnc#1012628). - ipv6: Fix route replacement with dev-only route (bnc#1012628). - bonding: fix lockdep warning in bond_get_stats() (bnc#1012628). - net: export netdev_next_lower_dev_rcu() (bnc#1012628). - bonding: add missing netdev_update_lockdep_key() (bnc#1012628). - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs (bnc#1012628). - bnxt_en: Improve device shutdown method (bnc#1012628). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (bnc#1012628). - udp: rehash on disconnect (bnc#1012628). - Revert "net: dev: introduce support for sch BYPASS for lockless qdisc" (bnc#1012628). - qede: Fix race between rdma destroy workqueue and link change event (bnc#1012628). - nfc: pn544: Fix occasional HW initialization failure (bnc#1012628). - net/tls: Fix to avoid gettig invalid tls record (bnc#1012628). - net: sched: correct flower port blocking (bnc#1012628). - net: phy: restore mdio regs in the iproc mdio driver (bnc#1012628). - net: mscc: fix in frame extraction (bnc#1012628). - net: macb: ensure interface is not suspended on at91rm9200 (bnc#1012628). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (bnc#1012628). - net: dsa: b53: Ensure the default VID is untagged (bnc#1012628). - EDAC: skx_common: downgrade message importance on missing PCI device (bnc#1012628). - commit 3727848 - config: re-enable NLS_ISO8859_1 for kvmsmall The EFI partition wants NLS_ISO8859_1 and will fail to mount without it. - commit 666974e ==== kexec-tools ==== - kexec-tools-reset-getopt-before-falling-back-to-legacy.patch: Reset getopt before falling back to legacy syscall (bsc#1166105). - kexec-tools-fix-kexec_file_load-error-handling.patch: Fix the error handling if kexec_file_load() fails (bsc#1166105). ==== kwin5 ==== - Replace the Requires: xorg-x11-server-wayland dependency with a Recommends so we can install kwin5 in X11 only systems. ==== libapparmor ==== Version update (2.13.3 -> 2.13.4) - update to AppArmor 2.13.4 - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog ==== libidn2 ==== - No longer recommend -lang: supplements are in use. ==== libva ==== Subpackages: libva-drm2 libva2 - cleanup in specfile: get rid of is_opensuse macro, which is no longer needed at all since sle15/Leap15, where we always enable wayland support (jira#PM-1623) ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - fix patch name typo - bug-1158628-04-pvmove-correcting-read_ahead-setting.patch + bug-1158628_04-pvmove-correcting-read_ahead-setting.patch ==== pam ==== - Removed pam_userdb from this package and moved to pam-modules. This removed the requirement for libdb. Also made "xz" required for all releases. Remove limits for nproc from /etc/security/limits.conf [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Drop NetworkManager-applet Requires: We do not need this at all inside gnome-shell, we have had built-in tools for a long time. ==== podman ==== Version update (1.8.0 -> 1.8.1) Subpackages: podman-cni-config - Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including - -add-host, --dns, --dns-opt, --dns-search, --ip, - -mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an - -rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the - -device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a - -no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via - -security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys="" would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - Updated vendored Buildah to v1.14.2 - Updated vendored containers/storage to v1.16.2 - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock ==== supportutils ==== Version update (3.1.8 -> 3.1.9) - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center ==== transactional-update ==== Subpackages: transactional-update-zypp-config - Add dependencies to btrfsprogs, zypper and snapper - most of the functionality is not usable if those applications are not installed. [boo#1166502] ==== webkit2gtk3 ==== Version update (2.26.4 -> 2.28.0) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.28.0: + Add API to enable Process Swap on (Cross-site) Navigation. + Add user messages API for the communication with the web extension. + Add support for same-site cookies. + Service workers are enabled by default. + Add support for Pointer Lock API. + Add flatpak sandbox support. + Make ondemand hardware acceleration policy never leave accelerated compositing mode. + Always use a light theme for rendering form controls. + Add about:gpu to show information about the graphics stack. - Drop webkit2gtk3-ppc-build-fix.patch: Fixed upstream. - Disable webkit-process.patch: Needs rebase, and furthermore it should not be applied for Leap 15.2 as it is today. - Update to version 2.27.91: + Update user agent quirks to fix the unsupported browser message in several google services. + Fix several compile warnings with GCC 10. + Fix the build with GCC 10. + Fix several crashes and rendering issues. + Updated translations. ==== wpebackend-fdo ==== Version update (1.4.1 -> 1.4.2) - Update to version 1.4.2: + Fix build failures with EGL implementations which do not provide an EGL/eglmesaext.h header. ==== xfsprogs ==== Version update (5.4.0 -> 5.5.0) - update to v5.5.0: * xfsprogs: actually check that writes succeeded * mkfs.xfs: check root inode location * mkfs.xfs: efficient block zeroing * xfs_repair: fix broken unit conv. in dir invalidation * xfs_repair: fix bad next_unlinked field * xfs_repair: don't corrupt attr fork clearing forw/back * xfs_repair: check root dir pointer before trashing it * xfs_repair: try to fix sb_unit value from secondaries * libxfs changes merged from kernel 5.5