Packages changed: container-selinux (2.158.0 -> 2.160.1) dnf (4.6.1 -> 4.7.0) grub2 kernel-source (5.11.15 -> 5.11.16) kexec-tools (2.0.20 -> 2.0.21) libgcrypt (1.9.2 -> 1.9.3) lvm2 lvm2-device-mapper patterns-microos pipewire (0.3.25 -> 0.3.26) python-MarkupSafe python-jsonpatch (1.28 -> 1.31) suse-module-tools (15.4.0 -> 15.4.1) xinit === Details === ==== container-selinux ==== Version update (2.158.0 -> 2.160.1) - Fix container runtime binary labels (bsc#1185030). You need to relable at least /usr/sbin if you're affected ==== dnf ==== Version update (4.6.1 -> 4.7.0) - Update to version 4.7.0 + Improve repo config path ordering to fix a comps merging issue (rh#1928181) + Keep reason when package is removed (rh#1921063) + Improve mechanism for application of security filters (rh#1918475) + [doc] Add description for new API + [API] Add new method for reset of security filters + [doc] Improve documentation for Hotfix repositories + [doc] fix: "makecache" command downloads only enabled repositories + Use libdnf.utils.checksum_{check,value} + [doc] Add info that maximum parallel downloads is 20 + Increase loglevel in case of invalid config options + [doc] installonly_limit documentation follows behavior + Prevent traceback (catch ValueError) if pkg is from cmdline + Add documentation for config option sslverifystatus (rh#1814383) + Check for specific key string when verifing signatures (rh#1915990) + Use rpmkeys binary to verify package signature (rh#1915990) + Bugs fixed (rh#1916783) + Preserve file mode during log rotation (rh#1910084) ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix obsolete syslog in systemd unit file and updating to use journal as StandardOutput (bsc#1185149) * grub2-once.service ==== kernel-source ==== Version update (5.11.15 -> 5.11.16) - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - commit d771304 - rpm/check-for-config-changes: add AS_HAS_* to ignores arch/arm64/Kconfig defines a lot of these. So far our current compilers seem to support them all. But it can quickly change with SLE later. - commit a4d8194 - Linux 5.11.16 (bsc#1012628). - bpf: Move sanitize_val_alu out of op switch (bsc#1012628). - bpf: Improve verifier error messages for users (bsc#1012628). - bpf: Rework ptr_limit into alu_limit and add common error path (bsc#1012628). - ARM: 9071/1: uprobes: Don't hook on thumb instructions (bsc#1012628). - bpf: Move off_reg into sanitize_ptr_alu (bsc#1012628). - bpf: Ensure off_reg has no mixed signed bounds for all types (bsc#1012628). - r8169: don't advertise pause in jumbo mode (bsc#1012628). - r8169: tweak max read request size for newer chips also in jumbo mtu mode (bsc#1012628). - kasan: remove redundant config option (bsc#1012628). - kasan: fix hwasan build for gcc (bsc#1012628). - KVM: VMX: Don't use vcpu->run->internal.ndata as an array index (bsc#1012628). - KVM: VMX: Convert vcpu_vmx.exit_reason to a union (bsc#1012628). - bpf: Use correct permission flag for mixed signed bounds arithmetic (bsc#1012628). - arm64: dts: allwinner: h6: beelink-gs1: Remove ext. 32 kHz osc reference (bsc#1012628). - arm64: dts: allwinner: Fix SD card CD GPIO for SOPine systems (bsc#1012628). - ARM: OMAP2+: Fix uninitialized sr_inst (bsc#1012628). - ARM: footbridge: fix PCI interrupt mapping (bsc#1012628). - ARM: 9069/1: NOMMU: Fix conversion for_each_membock() to for_each_mem_range() (bsc#1012628). - ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled (bsc#1012628). - ARM: OMAP2+: Fix warning for omap_init_time_of() (bsc#1012628). - gro: ensure frag0 meets IP header alignment (bsc#1012628). - ch_ktls: do not send snd_una update to TCB in middle (bsc#1012628). - ch_ktls: tcb close causes tls connection failure (bsc#1012628). - ch_ktls: fix device connection close (bsc#1012628). - ch_ktls: Fix kernel panic (bsc#1012628). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1012628). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1012628). - ibmvnic: avoid calling napi_disable() twice (bsc#1012628). - ia64: tools: remove inclusion of ia64-specific version of errno.h header (bsc#1012628). - ia64: remove duplicate entries in generic_defconfig (bsc#1012628). - ethtool: pause: make sure we init driver stats (bsc#1012628). - i40e: fix the panic when running bpf in xdpdrv mode (bsc#1012628). - ibmvnic: correctly use dev_consume/free_skb_irq (bsc#1012628). - net: Make tcp_allowed_congestion_control readonly in non-init netns (bsc#1012628). - mm: ptdump: fix build failure (bsc#1012628). - net: ip6_tunnel: Unregister catch-all devices (bsc#1012628). - net: sit: Unregister catch-all devices (bsc#1012628). - net: phy: marvell: fix detection of PHY on Topaz switches (bsc#1012628). - net: davicom: Fix regulator not turned off on failed probe (bsc#1012628). - net/mlx5e: Fix setting of RS FEC mode (bsc#1012628). - netfilter: nftables: clone set element expression template (bsc#1012628). - netfilter: nft_limit: avoid possible divide error in nft_limit_init (bsc#1012628). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (bsc#1012628). - net: macb: fix the restore of cmp registers (bsc#1012628). - drm/i915/display/vlv_dsi: Do not skip panel_pwr_cycle_delay when disabling the panel (bsc#1012628). - libbpf: Fix potential NULL pointer dereference (bsc#1012628). - netfilter: arp_tables: add pre_exit hook for table unregister (bsc#1012628). - netfilter: bridge: add pre_exit hooks for ebtable unregistration (bsc#1012628). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1012628). - ice: Fix potential infinite loop when using u8 loop counter (bsc#1012628). - netfilter: conntrack: do not print icmpv6 as unknown via /proc (bsc#1012628). - netfilter: flowtable: fix NAT IPv6 offload mangling (bsc#1012628). - ixgbe: fix unbalanced device enable/disable in suspend/resume (bsc#1012628). - ixgbe: Fix NULL pointer dereference in ethtool loopback test (bsc#1012628). - drm/vmwgfx: Make sure we unpin no longer needed buffers (bsc#1012628). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1012628). - riscv: Fix spelling mistake "SPARSEMEM" to "SPARSMEM" (bsc#1012628). - vfio/pci: Add missing range check in vfio_pci_mmap (bsc#1012628). - arm64: alternatives: Move length validation in alternative_{insn, endif} (bsc#1012628). - arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is set atomically (bsc#1012628). - Update config files. - arm64: fix inline asm in load_unaligned_zeropad() (bsc#1012628). - drm/i915: Don't zero out the Y plane's watermarks (bsc#1012628). - readdir: make sure to verify directory entry for legacy interfaces too (bsc#1012628). - dm verity fec: fix misaligned RS roots IO (bsc#1012628). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (bsc#1012628). - Input: i8042 - fix Pegatron C15B ID entry (bsc#1012628). - Input: s6sy761 - fix coordinate read bit shift (bsc#1012628). - net/sctp: fix race condition in sctp_destroy_sock (bsc#1012628). - lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS (bsc#1012628). - virt_wifi: Return micros for BSS TSF values (bsc#1012628). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (bsc#1012628). - drm/amd/display: Add missing mask for DCN3 (bsc#1012628). - pcnet32: Use pci_resource_len to validate PCI resource (bsc#1012628). - net: ieee802154: forbid monitor for add llsec seclevel (bsc#1012628). - net: ieee802154: stop dump llsec seclevels for monitors (bsc#1012628). - net: ieee802154: forbid monitor for del llsec devkey (bsc#1012628). - net: ieee802154: forbid monitor for add llsec devkey (bsc#1012628). - net: ieee802154: stop dump llsec devkeys for monitors (bsc#1012628). - net: ieee802154: forbid monitor for del llsec dev (bsc#1012628). - net: ieee802154: forbid monitor for add llsec dev (bsc#1012628). - net: ieee802154: stop dump llsec devs for monitors (bsc#1012628). - net: ieee802154: forbid monitor for del llsec key (bsc#1012628). - net: ieee802154: forbid monitor for add llsec key (bsc#1012628). - net: ieee802154: stop dump llsec keys for monitors (bsc#1012628). - iwlwifi: add support for Qu with AX201 device (bsc#1012628). - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state (bsc#1012628). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (bsc#1012628). - drm/msm: Fix a5xx/a6xx timestamps (bsc#1012628). - ARM: omap1: fix building with clang IAS (bsc#1012628). - ARM: keystone: fix integer overflow warning (bsc#1012628). - powerpc/signal32: Fix Oops on sigreturn with unmapped VDSO (bsc#1012628). - neighbour: Disregard DEAD dst in neigh_update (bsc#1012628). - bpf: Take module reference for trampoline in module (bsc#1012628). - gpu/xen: Fix a use after free in xen_drm_drv_init (bsc#1012628). - net: axienet: allow setups without MDIO (bsc#1012628). - ASoC: max98373: Added 30ms turn on/off time delay (bsc#1012628). - ASoC: max98373: Changed amp shutdown register as volatile (bsc#1012628). - xfrm: BEET mode doesn't support fragments for inner packets (bsc#1012628). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (bsc#1012628). - arc: kernel: Return -EFAULT if copy_to_user() fails (bsc#1012628). - lockdep: Add a missing initialization hint to the "INFO: Trying to register non-static key" message (bsc#1012628). - remoteproc: pru: Fix loading of GNU Binutils ELF (bsc#1012628). - ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 (bsc#1012628). - ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race (bsc#1012628). - ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() (bsc#1012628). - dmaengine: idxd: fix wq cleanup of WQCFG registers (bsc#1012628). - dmaengine: idxd: clear MSIX permission entry on shutdown (bsc#1012628). - dmaengine: plx_dma: add a missing put_device() on error path (bsc#1012628). - dmaengine: Fix a double free in dma_async_device_register (bsc#1012628). - dmaengine: dw: Make it dependent to HAS_IOMEM (bsc#1012628). - dmaengine: idxd: fix wq size store permission state (bsc#1012628). - dmaengine: idxd: fix opcap sysfs attribute output (bsc#1012628). - dmaengine: idxd: fix delta_rec and crc size field for completion record (bsc#1012628). - dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback (bsc#1012628). - gpio: sysfs: Obey valid_mask (bsc#1012628). - Input: nspire-keypad - enable interrupts only when opened (bsc#1012628). - mtd: rawnand: mtk: Fix WAITRDY break condition and timeout (bsc#1012628). - AMD_SFH: Add DMI quirk table for BIOS-es which don't set the activestatus bits (bsc#1012628). - AMD_SFH: Add sensor_mask module parameter (bsc#1012628). - AMD_SFH: Removed unused activecontrolstatus member from the amd_mp2_dev struct (bsc#1012628). - commit d57ad55 ==== kexec-tools ==== Version update (2.0.20 -> 2.0.21) - kexec-tools-remove-duplicate-ramdisk-definition.patch: Remove duplicate definition of ramdisk (fix ppc build). - Bump version to 2.0.21 - Drop patches from upstream git: * kexec-tools-add-variant-helper-functions.patch * kexec-tools-arm64-kexec-allocate-memory-space-avoiding-reserved-regions.patch * kexec-tools-arm64-kdump-deal-with-resource-entries-in-proc-iomem.patch * kexec-tools-build-multiboot2-for-i386.patch * kexec-tools-fix-kexec_file_load-error-handling.patch * kexec-tools-reset-getopt-before-falling-back-to-legacy.patch * kexec-tools-s390-Reset-kernel-command-line-on-syscal.patch * kexec-tools-Remove-duplicated-variable-declarations.patch - Hardening: Link as PIE (bsc#1185020). ==== libgcrypt ==== Version update (1.9.2 -> 1.9.3) - libgcrypt 1.9.3: * Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points. * Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC. * Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190) + bug-1185190_01-pvscan-support-disabled-event_activation.patch + bug-1185190_02-config-improve-description-for-event_activation.patch - LVM cannot be disabled on boot (bsc#1184687) + bug-1184687_Add-nolvm-for-kernel-cmdline.patch - Update patch for avoiding apply warning message + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch - Add metadata-based autoactivation property for VG and LV (bsc#1178680) + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190) + bug-1185190_01-pvscan-support-disabled-event_activation.patch + bug-1185190_02-config-improve-description-for-event_activation.patch - LVM cannot be disabled on boot (bsc#1184687) + bug-1184687_Add-nolvm-for-kernel-cmdline.patch - Update patch for avoiding apply warning message + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch - Add metadata-based autoactivation property for VG and LV (bsc#1178680) + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Suggest libdnf-repo-config-zypp explicitly - Fix dependency on systemd-icon-branding-openSUSE - Use only kernel-firmware-all instead of kernel-firmware to avoid duplicate firmware on the DVD - spice-vdagent is available on all archs - hyper-v and open-vm-tools are available on AArch64 as well - A fresh install does not have xdg-open & friends. Fix by adding xdg-utils - while there, fix the comment, as they're common tools, but not necessarily useful only "during initial setup" - Add packages to the desktop commons pattern: systemd-icons-branding-openSUSE (to list the MicroOS logo on the Gnome Settings About page) - Add packages to the DVD: - instead of adding firmware-all, add specific firmware packages for common hardware (or at least, for hardware for which we have bugs open, see bsc#1184767 and bsc#1184403) - Add some packages in the DVD: - Spice guest driver so graphics works properly out of the box, when installing in VMs (mostly for desktops) - firmwares so that (wireless mostly, bot also wired) networking works in the installer and on the installed system ==== pipewire ==== Version update (0.3.25 -> 0.3.26) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to 0.3.26: + Highlights: - I18n support, with translations merged from PulseAudio. - New pw-link tool. - Many Bluetooth improvements, support for hardware volumes. - Support for 64 channel devices. - Stability fixes and improvements. + PipeWire improvements: - The link factory can now also make links between nodes and ports by name so that it can be used in scripts. - Add module-protocol-simple that can stream raw audio on a socket. - Added i18n support. Merge PulseAudio translations for the ACP library so that we don't cause regressions. - Support more than 19 channels in the channel mixer. This makes all channels usable on 32 and 64 channel cards. - Detect if we're running in a VM and allow for tweaking some settings such as the max-quantum to make things work better in VMs. - Fix a potential crash when connecting a client and updating permissions. - Fix a potential crash when trying to link incompatible ports. - Lingering links in error will now be destroyed automatically. + Tools: - Added new pw-link tool to list and monitor ports and to list, monitor, create and destroy links between them. - pw-cli can now also list params by name. - pw-dump now outputs Spa:String:JSON types in metadata as properly parsed and formatted JSON so that tools can parse the metadata values using a JSON parser. + Session-manager: - Add logind support. The bluetooth monitor can only be started for one user at the time, so use logind detect active seats. - ALSA icon names were improved to match what PulseAudio does. - Improve the bluetooth icon name. Also use the device alias as the device description, like PulseAudio. + Device support: - When devices become inaccessible, they are now removed from the PipeWire graph. - Fix datatype selection for buffers in v4l2 and libcamera. + Bluetooth: - Various memory leaks and crashes are fixed. - Added support for AVRCP hardware volume. - Added support for HSP/HFP hardware volume. + PulseAudio server: - Fix module-loopback connections to monitor ports. - Implement module-native-protocol-tcp. - Handle nodes and streams with > 32 channels. The PulseAudio API only supports up to 32 channels so only make those 32 first channels available with the PA API. - Implement module-simple-protocol-tcp. - Improve events emitted by the server. - Improvements to channels and channel_map properties on modules. One can imply the other and they should match when both given. - null-sink will now have their volume work correctly by default. + JACK: JACK developement files can now optionally be installed. ==== python-MarkupSafe ==== - allow tests to be disabled (still on by default) ==== python-jsonpatch ==== Version update (1.28 -> 1.31) - update to 1.31: * Add support for preserving Unicode charaters * remove pypy build ==== suse-module-tools ==== Version update (15.4.0 -> 15.4.1) - Update to version 15.4.1: * dm-crypt requires essiv in SLE15 SP3 (boo#1183063 bsc#1184134 ltc#192244). ==== xinit ==== - modernize spec file (move license to licensedir, use https)