Packages changed: ceph (16.0.0.5613+gb1a0951432 -> 16.1.0.46+g571704f730) containers-systemd (0.0+git20210118.1366ecb -> 0.0+git20210205.a4b07b6) dosfstools (4.1+git.1610658652.9443732 -> 4.2) gcc11 (11.0.0+git182924 -> 11.0.0+git183291) glib2 (2.66.4 -> 2.66.6) glibc (2.32 -> 2.33) haproxy (2.3.4+git0.10189c965 -> 2.3.5+git0.5902ad99b) kernel-source (5.10.12 -> 5.10.14) libevent libselinux logrotate (3.17.0 -> 3.18.0) nfs-client-provisioner (2.3.0+git20200220.a14bfd72 -> 4.0.0+git20210204.23ecb30) nghttp2 (1.42.0 -> 1.43.0) openssh pigz (2.4 -> 2.6) pinentry python-requests supportutils (3.1.13 -> 3.1.14) weave (2.7.0 -> 2.8.1) wpa_supplicant === Details === ==== ceph ==== Version update (16.0.0.5613+gb1a0951432 -> 16.1.0.46+g571704f730) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 16.1.0-46-g571704f730 + rebase on top of upstream v16.1.0 (Pacific release candidate) + drop obsolete downstream patches that were causing conflicts: * cephadm: use registry.suse.com by default * cephadm: add global flag --container-init * mgr/cephadm: append --container-init to basecommand * cephadm: remove container-init subparser from "deploy" - Update to 16.0.0-7500-g78f6791981: + cephadm: add global flag --container-init + mgr/cephadm: append --container-init to basecommand + cephadm: remove container-init subparser from "deploy" - Update to 16.0.0-7497-g63a0682c7e: + rebase on tip of upstream "master" branch, SHA1 8c6b533ee85e7fe2cd19e5dbb6f0363898f5a2ee - Update to 16.0.0-6239-g0c2e605e78: + rebase on tip of upstream "master" branch, SHA1 6d1f1f63b711797e21ff8ff12662d07d86546e66 * cephadm: Fix error setting 'mgr/cephadm/container_init' config (PR #37500) - Update to 16.0.0-6229-g71574673b0: + rebase on tip of upstream "master" branch, SHA1 f68197eca4b4dceef9fbf497d640b4600663d3ed * ceph-volume: don't exit before empty report can be printed (PR #37591) - Update to 16.0.0-6177-g01e4ab745b: + rebase on tip of upstream "master" branch, SHA1 f8ea1f38aee3d8715186a756331a23d4b51121f2 * ceph-volume: pass filter_for_batch as keyword argument (PR #37545) - Update to 16.0.0-6162-g892bfa3fef: + drop the following commits: + lvmcache: refactor argument parsing and add -h flag + ceph-volume: install lvmcache plugin + ceph-volume: add lvmcache plugin and its tests + rebase on tip of upstream "master" branch, SHA1 0a92d5094fc0baae3af223aa16b271d2e5e6f349 + mgr/devicehealth: device_health_metrics pool gets created even without any OSDs in the cluster (bsc#1173079) ==== containers-systemd ==== Version update (0.0+git20210118.1366ecb -> 0.0+git20210205.a4b07b6) - Update to version 0.0+git20210205.a4b07b6: * Add container-nfs-service files ==== dosfstools ==== Version update (4.1+git.1610658652.9443732 -> 4.2) - update to 4.2: * mkfs.fat: Allow to specify disk geometry via new -g option * fsck.fat: Add code for fixing first FAT cluster * fatlabel: Do not call parts of fsck repair procedure * Update warning message about lowercase labels * mkfs.fat: Read geom_start from sysfs * Add missing files into distribution tarball ==== gcc11 ==== Version update (11.0.0+git182924 -> 11.0.0+git183291) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Bump to efcd941e86b507d77e90a1b13f621e036eacdb45. - Bump to 7a18bc4ae62081021f4fd90d591a588cac931f77. - New package, inherits from gcc10 * gcc-add-defaultsspec.diff, add the ability to provide a specs file that is read by default * tls-no-direct.diff, avoid direct %fs references on x86 to not slow down Xen * gcc43-no-unwind-tables.diff, do not produce unwind tables for CRT files * gcc41-ppc32-retaddr.patch, fix expansion of __builtin_return_addr for ppc, just a testcase * gcc44-textdomain.patch, make translation files version specific and adjust textdomain to find them * gcc44-rename-info-files.patch, fix cross-references in info files when renaming them to be version specific * gcc48-libstdc++-api-reference.patch, fix link in the installed libstdc++ html documentation * gcc48-remove-mpfr-2.4.0-requirement.patch, make GCC work with earlier mpfr versions on old products * gcc5-no-return-gcc43-workaround.patch, make build work with host gcc 4.3 * gcc7-remove-Wexpansion-to-defined-from-Wextra.patch, removes new warning from -Wextra * gcc7-avoid-fixinc-error.diff * gcc9-reproducible-builds-buildid-for-checksum.patch * gcc9-reproducible-builds.patch * gcc10-amdgcn-llvm-as.patch * gcc10-foffload-default.patch - libgccjit subpackage is added. - HWASAN is built for aarch64 target. ==== glib2 ==== Version update (2.66.4 -> 2.66.6) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.66.6: + Fix various instances within GLib where `g_memdup()` was vulnerable to a silent integer truncation and heap overflow problem (glgo#GNOME/GLib#2319). - Update to version 2.66.5: + Fix some issues with handling over-long (invalid) input when parsing for `GDate`. + Don?t load GIO modules or parse other GIO environment variables when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap process). GIO has always been documented as not being safe to use in privileged processes, but people persist in using it unsafely, so these changes should harden things against potential attacks at least a little. Unfortunately they break a couple of projects which were relying on reading `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for setgid/setcap (but not setuid) processes. This loophole will be closed in GLib 2.70 (see issue #2316), which should give modules 6 months to change their behaviour. + Fix `g_spawn()` searching `PATH` when it wasn?t meant to. + Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820, glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831, glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864, glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913, glgo#GNOME/GLib!1922. - Rebase/refresh patches: + glib2-dbus-socket-path.patch + glib2-fate300461-gettext-gkeyfile-suse.patch + glib2-gdbus-codegen-version.patch + glib2-suppress-schema-deprecated-path-warning.patch + glib2-bgo569829-gettext-gkeyfile.patch ==== glibc ==== Version update (2.32 -> 2.33) Subpackages: glibc-locale glibc-locale-base - Update to glibc 2.33 * The dynamic linker accepts the --list-tunables argument which prints all the supported tunables. * The dynamic linker accepts the --argv0 argument and provides opportunity to change argv[0] string. * The dynamic linker loads optimized implementations of shared objects from subdirectories under the glibc-hwcaps directory on the library search path if the system's capabilities meet the requirements for that subdirectory. * The new --help option of the dynamic linker provides usage and information and library search path diagnostics. * The mallinfo2 function is added to report statistics as per mallinfo, but with larger field widths to accurately report values that are larger than fit in an integer. * Add to provide query macros for x86 CPU features. * A new fortification level _FORTIFY_SOURCE=3 is available. * The mallinfo function is marked deprecated. * When dlopen is used in statically linked programs, alternative library implementations from HWCAP subdirectories are no longer loaded. * The deprecated header and the function vtimes have been removed. * On s390(x), the type float_t is now derived from the macro __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being hardcoded to double. * A future version of glibc will stop loading shared objects from the "tls" subdirectories on the library search path, the subdirectory that corresponds to the AT_PLATFORM system name, and also stop employing the legacy AT_HWCAP search mechanism. * CVE-2021-3326: An assertion failure during conversion from the ISO-20220-JP-3 character set using the iconv function has been fixed. - Remove obsolete, unused /etc/default/nss - aarch64-static-pie.patch, euc-kr-overrun.patch, get-nprocs-cpu-online-parsing.patch, iconv-redundant-shift.patch, iconv-ucs4-loop-bounds.patch, ifunc-fma4.patch, intl-codeset-suffixes.patch, nscd-gc-cycle.patch, printf-long-double-non-normal.patch, strerrorname-np.patch, syslog-locking.patch, sysvipc.patch: Removed - Remove support for %optimize_power - Move to power4 baseline on ppc ==== haproxy ==== Version update (2.3.4+git0.10189c965 -> 2.3.5+git0.5902ad99b) - Update to version 2.3.5+git0.5902ad99b: * [RELEASE] Released version 2.3.5 * MINOR: config: Deprecate and ignore tune.chksize global option * BUG/MINOR: sock: Unclosed fd in case of connection allocation failure * BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED * BUG/MEDIUM: mux-h2: handle remaining read0 cases * BUILD: Makefile: move REGTESTST_TYPE default setting * MINOR: cli/show_fd: report local and report ports when known * BUILD: ssl: fix build breakage with last commit * BUG/MINOR: ssl: do not try to use early data if not configured * BUG/MINOR: xxhash: make sure armv6 uses memcpy() * BUG/MINOR: mux_h2: fix incorrect stat titles * BUG/MEDIUM: ssl: check a connection's status before computing a handshake * BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store * BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list * DOC: management: fix "show resolvers" alphabetical ordering * MINOR: h1: Raise the chunk size limit up to (2^52 - 1) * MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls * MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls * MINOR: ssl/show_fd: report some FDs as suspicious when possible * MINOR: cli/show_fd: report some easily detectable suspicious states * MINOR: cli: give the show_fd helpers the ability to report a suspicious entry * MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known * MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known * MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known * MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them * MINOR: ssl: provide a "show fd" helper to report important SSL information * MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps. * MINOR: cli: make "show fd" also report the xprt and xprt_ctx * CLEANUP: cli: make "show fd" use a const connection to access other fields * CLEANUP: tools: make resolve_sym_name() take a const pointer * MINOR: contrib: Make the wireshark peers dissector compile for more distribs. * BUG/MINOR: backend: check available list allocation for reuse * BUG/MEDIUM: backend: never reuse a connection for tcp mode * REORG: backend: simplify conn_backend_get * BUG/MEDIUM: session: only retrieve ready idle conn from session * BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() * BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name * BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown * DOC: Improve documentation of the various hdr() fetches * BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX * BUG/MEDIUM: mux-h2: fix read0 handling on partial frames * BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context * BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() * BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper * BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. * MINOR: build: discard echoing in help target * BUG/MINOR: peers: Possible appctx pointer dereference. * BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition * BUILD: peers: fix build warning about unused variable * BUG/MINOR: dns: SRV records ignores duplicated AR records (v2) * MINOR: peers: Add traces for peer control messages. * BUG/MINOR: threads: Fixes the number of possible cpus report for Mac. * MINOR: server: Forbid server definitions in frontend sections * MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities * BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable ==== kernel-source ==== Version update (5.10.12 -> 5.10.14) - Linux 5.10.14 (bsc#1012628). - workqueue: Restrict affinity change to rescuer (bsc#1012628). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1012628). - x86/cpu: Add another Alder Lake CPU to the Intel family (bsc#1012628). - objtool: Don't fail the kernel build on fatal errors (bsc#1012628). - habanalabs: disable FW events on device removal (bsc#1012628). - habanalabs: fix backward compatibility of idle check (bsc#1012628). - habanalabs: zero pci counters packet before submit to FW (bsc#1012628). - drm/amd/display: Fixed corruptions on HPDRX link loss restore (bsc#1012628). - drm/amd/display: Use hardware sequencer functions for PG control (bsc#1012628). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (bsc#1012628). - drm/amd/display: Allow PSTATE chnage when no displays are enabled (bsc#1012628). - drm/amd/display: Update dram_clock_change_latency for DCN2.1 (bsc#1012628). - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1012628). - platform/x86: thinkpad_acpi: Add P53/73 firmware to fan_quirk_table for dual fan control (bsc#1012628). - nvmet: set right status on error in id-ns handler (bsc#1012628). - nvme-pci: allow use of cmb on v1.4 controllers (bsc#1012628). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1012628). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1012628). - nvme: check the PRINFO bit before deciding the host buffer length (bsc#1012628). - udf: fix the problem that the disc content is not displayed (bsc#1012628). - i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO (bsc#1012628). - ALSA: hda: Add Cometlake-R PCI ID (bsc#1012628). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1012628). - mac80211: fix encryption key selection for 802.3 xmit (bsc#1012628). - mac80211: fix fast-rx encryption check (bsc#1012628). - mac80211: fix incorrect strlen of .write in debugfs (bsc#1012628). - objtool: Don't add empty symbols to the rbtree (bsc#1012628). - ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid (bsc#1012628). - ASoC: SOF: Intel: hda: Resume codec to do jack detection (bsc#1012628). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (bsc#1012628). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1012628). - scsi: scsi_transport_srp: Don't block target in failfast state (bsc#1012628). - x86: __always_inline __{rd,wr}msr() (bsc#1012628). - locking/lockdep: Avoid noinstr warning for DEBUG_LOCKDEP (bsc#1012628). - habanalabs: fix dma_addr passed to dma_mmap_coherent (bsc#1012628). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (bsc#1012628). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (bsc#1012628). - tools/power/x86/intel-speed-select: Set higher of cpuinfo_max_freq or base_frequency (bsc#1012628). - tools/power/x86/intel-speed-select: Set scaling_max_freq to base_frequency (bsc#1012628). - phy: cpcap-usb: Fix warning for missing regulator_disable (bsc#1012628). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1012628). - ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD (bsc#1012628). - Revert "x86/setup: don't remove E820_TYPE_RAM for pfn 0" (bsc#1012628). - arm64: Do not pass tagged addresses to __is_lm_address() (bsc#1012628). - arm64: Fix kernel address detection of __is_lm_address() (bsc#1012628). - arm64: dts: meson: Describe G12b GPU as coherent (bsc#1012628). - drm/panfrost: Support cache-coherent integrations (bsc#1012628). - iommu/io-pgtable-arm: Support coherency for Mali LPAE (bsc#1012628). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1012628). - net: switchdev: don't set port_obj_info->handled true when - EOPNOTSUPP (bsc#1012628). - net: dsa: bcm_sf2: put device node before return (bsc#1012628). - mlxsw: spectrum_span: Do not overwrite policer configuration (bsc#1012628). - stmmac: intel: Configure EHL PSE0 GbE and PSE1 GbE to 32 bits DMA addressing (bsc#1012628). - net: octeontx2: Make sure the buffer is 128 byte aligned (bsc#1012628). - net: fec: put child node on error path (bsc#1012628). - net: stmmac: dwmac-intel-plat: remove config data on error (bsc#1012628). - net: dsa: microchip: Adjust reset release timing to match reference reset circuit (bsc#1012628). - commit 0a69f62 - Update patches.kernel.org/5.10.13-143-vsock-fix-the-race-conditions-in-multi-transp.patch (bsc#1012628 bsc#1181806). Add bsc reference. - commit 64ec974 - net/mlx5: Fix function calculation for page trees (git-fixes). - commit e976b88 - Linux 5.10.13 (bsc#1012628). - iwlwifi: provide gso_type to GSO packets (bsc#1012628). - nbd: freeze the queue while we're adding connections (bsc#1012628). - tty: avoid using vfs_iocb_iter_write() for redirected console writes (bsc#1012628). - ACPI: sysfs: Prefer "compatible" modalias (bsc#1012628). - ACPI: thermal: Do not call acpi_thermal_check() directly (bsc#1012628). - kernel: kexec: remove the lock operation of system_transition_mutex (bsc#1012628). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (bsc#1012628). - parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES (bsc#1012628). - media: cec: add stm32 driver (bsc#1012628). - media: cedrus: Fix H264 decoding (bsc#1012628). - media: hantro: Fix reset_raw_fmt initialization (bsc#1012628). - media: rc: fix timeout handling after switch to microsecond durations (bsc#1012628). - media: rc: ite-cir: fix min_timeout calculation (bsc#1012628). - media: rc: ensure that uevent can be read directly after rc device register (bsc#1012628). - ARM: dts: tbs2910: rename MMC node aliases (bsc#1012628). - ARM: dts: ux500: Reserve memory carveouts (bsc#1012628). - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (bsc#1012628). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (bsc#1012628). - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1012628). - ASoC: AMD Renoir - refine DMI entries for some Lenovo products (bsc#1012628). - Revert "drm/amdgpu/swsmu: drop set_fan_speed_percent (v2)" (bsc#1012628). - drm/nouveau/kms/gk104-gp1xx: Fix > 64x64 cursors (bsc#1012628). - drm/i915: Always flush the active worker before returning from the wait (bsc#1012628). - drm/i915/gt: Always try to reserve GGTT address 0x0 (bsc#1012628). - drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes (bsc#1012628). - bcache: only check feature sets when sb->version >= BCACHE_SB_VERSION_CDEV_WITH_FEATURES (bsc#1012628). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (bsc#1012628). - s390: uv: Fix sysfs max number of VCPUs reporting (bsc#1012628). - s390/vfio-ap: No need to disable IRQ after queue reset (bsc#1012628). - PM: hibernate: flush swap writer after marking (bsc#1012628). - x86/entry: Emit a symbol for register restoring thunk (bsc#1012628). - efi/apple-properties: Reinstate support for boolean properties (bsc#1012628). - crypto: marvel/cesa - Fix tdma descriptor on 64-bit (bsc#1012628). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (bsc#1012628). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (bsc#1012628). - btrfs: fix lockdep warning due to seqcount_mutex on 32bit arch (bsc#1012628). - btrfs: fix possible free space tree corruption with online conversion (bsc#1012628). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (bsc#1012628). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (bsc#1012628). - KVM: arm64: Filter out v8.1+ events on v8.0 HW (bsc#1012628). - KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit (bsc#1012628). - KVM: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX (bsc#1012628). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1012628). - KVM: x86: get smi pending status correctly (bsc#1012628). - KVM: Forbid the use of tagged userspace addresses for memslots (bsc#1012628). - io_uring: fix wqe->lock/completion_lock deadlock (bsc#1012628). - xen: Fix XenStore initialisation for XS_LOCAL (bsc#1012628). - leds: trigger: fix potential deadlock with libata (bsc#1012628). - arm64: dts: broadcom: Fix USB DMA address translation for Stingray (bsc#1012628). - mt7601u: fix kernel crash unplugging the device (bsc#1012628). - mt76: mt7663s: fix rx buffer refcounting (bsc#1012628). - mt7601u: fix rx buffer refcounting (bsc#1012628). - iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit (bsc#1012628). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (bsc#1012628). - drm/i915/pmu: Don't grab wakeref when enabling events (bsc#1012628). - net/mlx5e: Fix IPSEC stats (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight (bsc#1012628). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (bsc#1012628). - drm/vc4: Correct lbm size and calculation (bsc#1012628). - drm/vc4: Correct POS1_SCL for hvs5 (bsc#1012628). - drm/i915: Check for all subplatform bits (bsc#1012628). - drm/i915/selftest: Fix potential memory leak (bsc#1012628). - uapi: fix big endian definition of ipv6_rpl_sr_hdr (bsc#1012628). - KVM: Documentation: Fix spec for KVM_CAP_ENABLE_CAP_VM (bsc#1012628). - tee: optee: replace might_sleep with cond_resched (bsc#1012628). - xen-blkfront: allow discard-* nodes to be optional (bsc#1012628). - blk-mq: test QUEUE_FLAG_HCTX_ACTIVE for sbitmap_shared in hctx_may_queue (bsc#1012628). - clk: imx: fix Kconfig warning for i.MX SCU clk (bsc#1012628). - clk: mmp2: fix build without CONFIG_PM (bsc#1012628). - clk: qcom: gcc-sm250: Use floor ops for sdcc clks (bsc#1012628). - ARM: imx: build suspend-imx6.S with arm instruction set (bsc#1012628). - ARM: zImage: atags_to_fdt: Fix node names on added root nodes (bsc#1012628). - netfilter: nft_dynset: add timeout extension to template (bsc#1012628). - Revert "RDMA/mlx5: Fix devlink deadlock on net namespace deletion" (bsc#1012628). - Revert "block: simplify set_init_blocksize" to regain lost performance (bsc#1012628). - xfrm: Fix oops in xfrm_replay_advance_bmp (bsc#1012628). - xfrm: fix disable_xfrm sysctl when used on xfrm interfaces (bsc#1012628). - selftests: xfrm: fix test return value override issue in xfrm_policy.sh (bsc#1012628). - xfrm: Fix wraparound in xfrm_policy_addr_delta() (bsc#1012628). - arm64: dts: ls1028a: fix the offset of the reset register (bsc#1012628). - ARM: imx: fix imx8m dependencies (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (bsc#1012628). - ARM: dts: imx6qdl-sr-som: fix some cubox-i platforms (bsc#1012628). - arm64: dts: imx8mp: Correct the gpio ranges of gpio3 (bsc#1012628). - firmware: imx: select SOC_BUS to fix firmware build (bsc#1012628). - RDMA/cxgb4: Fix the reported max_recv_sge value (bsc#1012628). - ASoC: dt-bindings: lpass: Fix and common up lpass dai ids (bsc#1012628). - ASoC: qcom: Fix incorrect volatile registers (bsc#1012628). - ASoC: qcom: Fix broken support to MI2S TERTIARY and QUATERNARY (bsc#1012628). - ASoC: qcom: lpass-ipq806x: fix bitwidth regmap field (bsc#1012628). - spi: altera: Fix memory leak on error path (bsc#1012628). - ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete (bsc#1012628). - powerpc/64s: prevent recursive replay_soft_interrupts causing superfluous interrupt (bsc#1012628). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (bsc#1012628). - pNFS/NFSv4: Update the layout barrier when we schedule a layoutreturn (bsc#1012628). - ASoC: SOF: Intel: soundwire: fix select/depend unmet dependencies (bsc#1012628). - ASoC: qcom: lpass: Fix out-of-bounds DAI ID lookup (bsc#1012628). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1012628). - iwlwifi: pnvm: don't skip everything when not reloading (bsc#1012628). - iwlwifi: pnvm: don't try to load after failures (bsc#1012628). - iwlwifi: pcie: set LTR on more devices (bsc#1012628). - iwlwifi: pcie: use jiffies for memory read spin time limit (bsc#1012628). - iwlwifi: pcie: reschedule in long-running memory reads (bsc#1012628). - mac80211: pause TX while changing interface type (bsc#1012628). - ice: fix FDir IPv6 flexbyte (bsc#1012628). - ice: Implement flow for IPv6 next header (extension header) (bsc#1012628). - ice: update dev_addr in ice_set_mac_address even if HW filter exists (bsc#1012628). - ice: Don't allow more channels than LAN MSI-X available (bsc#1012628). - ice: Fix MSI-X vector fallback logic (bsc#1012628). - i40e: acquire VSI pointer only after VF is initialized (bsc#1012628). - igc: fix link speed advertising (bsc#1012628). - net/mlx5: Fix memory leak on flow table creation error flow (bsc#1012628). - net/mlx5e: E-switch, Fix rate calculation for overflow (bsc#1012628). - net/mlx5e: free page before return (bsc#1012628). - net/mlx5e: Reduce tc unsupported key print level (bsc#1012628). - net/mlx5: Maintain separate page trees for ECPF and PF functions (bsc#1012628). - net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled (bsc#1012628). - net/mlx5e: Fix CT rule + encap slow path offload and deletion (bsc#1012628). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (bsc#1012628). - net/mlx5e: Revert parameters on errors when changing trust state without reset (bsc#1012628). - net/mlx5e: Revert parameters on errors when changing MTU and LRO state without reset (bsc#1012628). - net/mlx5: CT: Fix incorrect removal of tuple_nat_node from nat rhashtable (bsc#1012628). - can: dev: prevent potential information leak in can_fill_info() (bsc#1012628). - ACPI/IORT: Do not blindly trust DMA masks from firmware (bsc#1012628). - of/device: Update dma_range_map only when dev has valid dma-ranges (bsc#1012628). - iommu/amd: Use IVHD EFR for early initialization of IOMMU features (bsc#1012628). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1012628). - nvme-multipath: Early exit if no path is available (bsc#1012628). - selftests: forwarding: Specify interface when invoking mausezahn (bsc#1012628). - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1012628). - NFC: fix resource leak when target index is invalid (bsc#1012628). - NFC: fix possible resource leak (bsc#1012628). - ASoC: mediatek: mt8183-da7219: ignore TDM DAI link by default (bsc#1012628). - ASoC: mediatek: mt8183-mt6358: ignore TDM DAI link by default (bsc#1012628). - ASoC: topology: Properly unregister DAI on removal (bsc#1012628). - ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values() (bsc#1012628). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1012628). - team: protect features update by RCU to avoid deadlock (bsc#1012628). - tcp: make TCP_USER_TIMEOUT accurate for zero window probes (bsc#1012628). - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN (bsc#1012628). - vsock: fix the race conditions in multi-transport support (bsc#1012628). - Update patches.suse/acpi_thermal_passive_blacklist.patch (bsc#333043). - commit 3527948 ==== libevent ==== - Drop insserv_prereq and fillup_prereq macros: there are no pre-scripts that would justify these dependencies. ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Add Recommends: selinux-autorelabel, which is very important for healthy use of the SELinux on the system (/.autorelabel mechanism) (bsc#1181837). ==== logrotate ==== Version update (3.17.0 -> 3.18.0) - Update to 3.18.0: * Allow UIDs and GIDs to be specified numerically * Add support for Zstandard compressed files * Make delaycompress not to fail with rotate 0 ==== nfs-client-provisioner ==== Version update (2.3.0+git20200220.a14bfd72 -> 4.0.0+git20210204.23ecb30) - Switch to kubernetes-sigs/nfs-subdir-external-provisioner - Update to version 4.0.0+git20210204.23ecb30: * Fix typo in CHANGELOG and change provisioner name to use the sigs namespace * Change the helm chart kubeVersion semver to include pre-releases * Update the README and deploy objects with better class names as examples ==== nghttp2 ==== Version update (1.42.0 -> 1.43.0) - update to 1.43.0: * doc: Make doc generation work with sphinx v3.3 * python: Require python3 for python bindings * python: Require python3 for python scripts * nghttpx: Make sure that Pool gets cleared when all buffers are returned * nghttpx: Choose ECDSA cert if compatible signature algorithm available * nghttpx: Add workaround to include ':' in backend pattern ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Add openssh-whitelist-syscalls.patch (bsc#1182232), fixing failure to accept connections on 32-bit platforms with glibc 2.33+. ==== pigz ==== Version update (2.4 -> 2.6) - update to 2.6: * Add --huffman/-H and --rle/U strategy options * Fix issue when compiling for no threads * Fail silently on a broken pipe * Add --alias/-A option to set .zip name for stdin input * Add --comment/-C option to add comment in .gz or .zip * Several bug and behavior fixes - drop fortify.patch: obsolete ==== pinentry ==== - add _multibuild to separate out gui client builds ==== python-requests ==== - Don't pin idna<3 in the egg-info so that depending packages can install the new idna dropping python2 ==== supportutils ==== Version update (3.1.13 -> 3.1.14) - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV ) #88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR - No longer truncates boot log (bsc#1181610) ==== weave ==== Version update (2.7.0 -> 2.8.1) - Add init.sh for init container - Update to version 2.8.1 - Kubernetes: move kernel and CNI setup to init container - For K8s, stop running in host PID namespace - NetworkPolicy: avoid logging dropped packets that were not actually dropped - Use go 1.15 ==== wpa_supplicant ==== - Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777)