Packages changed: bash busybox-links cilium (1.7.5 -> 1.7.6) coreutils cri-o filesystem gcc10 (10.1.1+git290 -> 10.2.1+git465) grub2 haproxy (2.2.1+git0.0ef71a557 -> 2.2.2+git0.b8a2763d5) installation-images-MicroOS (16.2 -> 16.3) kernel-source (5.7.9 -> 5.7.11) kube-prometheus (0.4.0+git20200520.28332b4 -> 0.5.0+git20200729.f0955e0) libcontainers-common libeconf (0.3.7+git20200605.c67ef9a -> 0.3.8+git20200710.5126fff) microos-tools (2.1 -> 2.2) ncurses (6.2.20200613 -> 6.2.20200711) open-iscsi patterns-base patterns-microos podman (1.9.3 -> 2.0.4) python-cryptography (2.9.2 -> 3.0) python-jsonpatch (1.25 -> 1.26) python-pyzmq (19.0.1 -> 19.0.2) python-requests (2.23.0 -> 2.24.0) python-urllib3 (1.25.9 -> 1.25.10) read-only-root-fs (1.0+git20200121.5ed8d15 -> 1.0+git20200730.1243fd0) readline setools sssd (2.3.0 -> 2.3.1) systemd toolbox (1.0+git20200324.dd047bc -> 1.0+git20200803.7ff20b6) transactional-update (2.22 -> 2.23) xxhash (0.7.2 -> 0.8.0) === Details === ==== bash ==== - Add official patch bash50-018 * In certain cases, bash does not perform quoted null removal on patterns that are used as part of word expansions such as ${parameter##pattern}, so empty patterns are treated as non-empty. ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-xz - busybox-syslogd: add conflict with syslogd - busybox-iproute2: add conflict with wicked-service for ifup - busybox-sh: remove bogus %ghost entry - Create busybox-{dos2unix,telnet,tftp,time,tunctl,vlan,sysvinit-tools} - Create busybox-ed, busybox-bc and busybox-netcat - Fix filelist of busybox-iproute2 - Create busybox-less, busybox-unzip, busybox-whois, busybox-wget, busybox-syslogd and busybox-vi - Merge all shells into busybox-sh (to fix update-alternative for sh) - Add provides smtp_daemon to busybox-sendmail ==== cilium ==== Version update (1.7.5 -> 1.7.6) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - update to 1.7.6: Fixes https://github.com/cilium/cilium/security/advisories/GHSA-9hx8-3wfx-q2vw (CVE-2020-8663, CVE-2020-12605, CVE-2020-12604, CVE-2020-12603, bsc#1173559) see https://github.com/cilium/cilium/releases/tag/v1.7.6 * avoid having endpoints in 'restoring' state in case the connectivity with the KVStore is not reliable (Backport PR #12333, Upstream PR #12307, @aanm) * bpf: Use nproc --all for __NR_CPUS__ (Backport PR #12363, Upstream PR #12121, @gandro) * cilium: fix encryption flow labels in ip6 case (Backport PR #12056, Upstream PR #12015, @jrfastab) * Fix bug where etcd session renew would block indefinitely, causing endpoint provision to fail (Backport PR #12333, Upstream PR #12292, @joestringer) * Fix bug where identity allocation wouldn't cancel from api timeouts (Backport PR #12350, Upstream PR #12328, @joestringer) * Fix setting monitorAggregationLevel to max reflects via CLI (Backport PR #12333, Upstream PR #12014, @soumynathan) * Fix silent cilium monitor on systems with offline CPUs (Backport PR #12363, Upstream PR #12310, @pchaigno) * Fix syslog hook missing in DefaultLogger (Backport PR #12333, Upstream PR #12170, @ArthurChiao) * helm/operator: fix IPv6 liveness probe address for operator (Backport PR #12333, Upstream PR #12223, @Rolinh) * iptables: Remove '--nowildcard' from socket match (Backport PR #12333, Upstream PR #12248, @jrajahalme) * Istio integration is updated to Istio release 1.5.6. (Backport PR #12333, Upstream PR #12214, @jrajahalme) * Istio integration is updated to Istio release 1.5.7. (Backport PR #12357, Upstream PR #12353, @jrajahalme) * make: fix LOCKDEBUG env variable reference for docker-plugin-image (Backport PR #12333, Upstream PR #12318, @Rolinh) * option: Require native-routing-cidr only if IPv4 is enabled (Backport PR #12354, Upstream PR #12198, @brb) * policy/api: Add reserved:health entity (Backport PR #12333, Upstream PR #12199, @pchaigno) * stop Cilium from hanging on CNP or CCNP events from Kubernetes if running with 'k8s-event-handover=true' and 'kvstore=""' (Backport PR #12333, Upstream PR #12146, @aanm) * The host proxy is updated to Envoy release 1.13.3 (Backport PR #12350, Upstream PR #12343, @jrajahalme) * Valid CNP and CCNP 'matchLabel' values must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. (Backport PR #12354, Upstream PR #12117, @aanm) - 0001-option-mark-keep-bpf-templates-as-deprecated.patch, 0002-make-remove-the-need-for-go-bindata.patch, 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch, 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch, 0005-bpf-re-add-a-proper-types.h-mapper.patch, 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch, 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch, 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch, 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch, 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch: rebase against 1.7.6 ==== coreutils ==== - Drop suse-module-tools BuildRequires: this was used for the macro regenerate_initrd_post/posttrans, which have been moved to rpm-config-SUSE in Jan 2019. ==== cri-o ==== Subpackages: cri-o-kubeadm-criconfig - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ==== filesystem ==== - Remove /selinux (obsoleted by /sys/fs/selinux) ==== gcc10 ==== Version update (10.1.1+git290 -> 10.2.1+git465) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Update to gcc-10 branch head (c0438ced53bcf57e4ebb1c38c), git465. * Includes GCC 10.2 release. [bsc#1173972] [jsc#ECO-2373] * Picks up fixes for C++20 coroutines support. [jsc#SLE-12297] * Picks up fix for a recent chromium build fail. - Build x86 CET enabled runtime for Factory. - Disable GCN offloading for SLE12 and SLE15 GA. - Update to gcc-10 branch head (12e1a54b06777db74ce375496), git355. * Includes fix for non-reproducible builds with LTO [bsc#1172846]. - Enable nvptx support for aarch64 ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix for CVE-2020-10713 (bsc#1168994) * 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) * 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch * 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch * 0004-calloc-Use-calloc-at-most-places.patch * 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch * 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch * 0007-font-Do-not-load-more-than-one-NAME-section.patch - Fix CVE-2020-15706 (bsc#1174463) * 0008-script-Remove-unused-fields-from-grub_script_functio.patch * 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch - Fix CVE-2020-15707 (bsc#1174570) * 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur * 0001-add-support-for-UEFI-network-protocols.patch * 0003-bootp-New-net_bootp6-command.patch * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * grub2-btrfs-09-get-default-subvolume.patch * grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch * grub2-grubenv-in-btrfs-header.patch ==== haproxy ==== Version update (2.2.1+git0.0ef71a557 -> 2.2.2+git0.b8a2763d5) - Update to version 2.2.2+git0.b8a2763d5: * [RELEASE] Released version 2.2.2 * BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux * BUG/MEDIUM: backend: always attach the transport before installing the mux * SCRIPTS: announce-release: add the link to the wiki in the announce messages * MINOR: stream-int: Be sure to have a mux to do sends and receives * MINOR: connection: Preinstall the mux for non-ssl connect * BUG/MEDIUM: connection: Be sure to always install a mux for sync connect * BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields * BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort * BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation * BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation * MEDIUM: lua: Add support for the Lua 5.4 * BUG/MAJOR: dns: don't treat Authority records as an error * BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status * BUG/MINOR: debug: Don't dump the lua stack if it is not initialized * BUILD: tools: fix build with static only toolchains * BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore ==== installation-images-MicroOS ==== Version update (16.2 -> 16.3) - merge gh#openSUSE/installation-images#398 - Update the environment variable reference (doc/configoptions.md) - Removed obsolete bin/mk_boot - Remove unused liveeval option - 16.3 ==== kernel-source ==== Version update (5.7.9 -> 5.7.11) - Refresh patches.suse/vgacon-fix-out-of-bounds-write-to-the-scrollback-buf.patch. Update according to the latest findings. - commit 5015994 - Linux 5.7.11 (bnc#1012628). - gpio: arizona: handle pm_runtime_get_sync failure case (bnc#1012628). - gpio: arizona: put pm_runtime in case of failure (bnc#1012628). - pinctrl: amd: fix npins for uart0 in kerncz_groups (bnc#1012628). - bpf: Set the number of exception entries properly for subprograms (bnc#1012628). - mac80211: allow rx of mesh eapol frames with default rx key (bnc#1012628). - scsi: scsi_transport_spi: Fix function pointer check (bnc#1012628). - xtensa: fix __sync_fetch_and_{and,or}_4 declarations (bnc#1012628). - xtensa: update *pos in cpuinfo_op.next (bnc#1012628). - scsi: mpt3sas: Fix unlock imbalance (bnc#1012628). - drivers/net/wan/lapbether: Fixed the value of hard_header_len (bnc#1012628). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (bnc#1012628). - net: sky2: initialize return of gm_phy_read (bnc#1012628). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (bnc#1012628). - scsi: mpt3sas: Fix error returns in BRM_status_show (bnc#1012628). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bnc#1012628). - dm: use bio_uninit instead of bio_disassociate_blkg (bnc#1012628). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (bnc#1012628). - fuse: fix weird page warning (bnc#1012628). - irqdomain/treewide: Keep firmware node unconditionally allocated (bnc#1012628). - drm/nouveau/nouveau: fix page fault on device private memory (bnc#1012628). - drm/amd/display: Check DMCU Exists Before Loading (bnc#1012628). - drm/amd/display: add dmcub check on RENOIR (bnc#1012628). - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") (bnc#1012628). - exfat: fix overflow issue in exfat_cluster_to_sector() (bnc#1012628). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (bnc#1012628). - exfat: fix wrong size update of stream entry by typo (bnc#1012628). - exfat: fix name_hash computation on big endian systems (bnc#1012628). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bnc#1012628). - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression (bnc#1012628). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bnc#1012628). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (bnc#1012628). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (bnc#1012628). - ASoC: Intel: cht_bsw_rt5672: Change bus format to I2S 2 channel (bnc#1012628). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bnc#1012628). - btrfs: fix double free on ulist after backref resolution failure (bnc#1012628). - btrfs: fix mount failure caused by race with umount (bnc#1012628). - btrfs: fix page leaks after failure to lock page for delalloc (bnc#1012628). - mt76: mt76x02: fix handling MCU timeouts during hw restart (bnc#1012628). - efi/efivars: Expose RT service availability via efivars abstraction (bnc#1012628). - bnxt_en: Fix race when modifying pause settings (bnc#1012628). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (bnc#1012628). - bnxt_en: Fix completion ring sizing with TPA enabled (bnc#1012628). - fpga: dfl: pci: reduce the scope of variable 'ret' (bnc#1012628). - fpga: dfl: fix bug in port reset handshake (bnc#1012628). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (bnc#1012628). - netfilter: nf_tables: fix nat hook table deletion (bnc#1012628). - dpaa2-eth: check fsl_mc_get_endpoint for IS_ERR_OR_NULL() (bnc#1012628). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (bnc#1012628). - ax88172a: fix ax88172a_unbind() failures (bnc#1012628). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (bnc#1012628). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (bnc#1012628). - RDMA/cm: Protect access to remote_sidr_table (bnc#1012628). - net: fec: fix hardware time stamping by external devices (bnc#1012628). - ASoC: Intel: bytcht_es8316: Add missed put_device() (bnc#1012628). - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration (bnc#1012628). - ieee802154: fix one possible memleak in adf7242_probe (bnc#1012628). - drm: sun4i: hdmi: Fix inverted HPD result (bnc#1012628). - net: smc91x: Fix possible memory leak in smc_drv_probe() (bnc#1012628). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bnc#1012628). - net: dsa: mv88e6xxx: fix in-band AN link establishment (bnc#1012628). - arm64: dts: clearfog-gt-8k: fix switch link configuration (bnc#1012628). - bonding: check error value of register_netdevice() immediately (bnc#1012628). - iwlwifi: Make some Killer Wireless-AC 1550 cards work again (bnc#1012628). - net: bcmgenet: fix error returns in bcmgenet_probe() (bnc#1012628). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bnc#1012628). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bnc#1012628). - ionic: use offset for ethtool regs data (bnc#1012628). - ionic: fix up filter locks and debug msgs (bnc#1012628). - ionic: update filter id after replay (bnc#1012628). - ionic: keep rss hash after fw update (bnc#1012628). - ionic: use mutex to protect queue operations (bnc#1012628). - crypto/chtls: fix tls alert messages corrupted by tls data (bnc#1012628). - net: ag71xx: add missed clk_disable_unprepare in error path of probe (bnc#1012628). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (bnc#1012628). - net: hns3: fix for not calculating TX BD send size correctly (bnc#1012628). - net: hns3: fix error handling for desc filling (bnc#1012628). - net: hns3: fix return value error when query MAC link status fail (bnc#1012628). - net: dsa: microchip: call phy_remove_link_mode during probe (bnc#1012628). - netdevsim: fix unbalaced locking in nsim_create() (bnc#1012628). - qed: suppress "don't support RoCE & iWARP" flooding on HW init (bnc#1012628). - qed: suppress false-positives interrupt error messages on HW init (bnc#1012628). - ipvs: fix the connection sync failed in some cases (bnc#1012628). - net: ethernet: ave: Fix error returns in ave_init (bnc#1012628). - iommu/qcom: Use domain rather than dev as tlb cookie (bnc#1012628). - Revert "PCI/PM: Assume ports without DLL Link Active train links in 100 ms" (bnc#1012628). - nfsd4: fix NULL dereference in nfsd/clients display code (bnc#1012628). - enetc: Remove the mdio bus on PF probe bailout (bnc#1012628). - i2c: rcar: always clear ICSAR to avoid side effects (bnc#1012628). - i2c: i2c-qcom-geni: Fix DMA transfer race (bnc#1012628). - bonding: check return value of register_netdevice() in bond_newlink() (bnc#1012628). - geneve: fix an uninitialized value in geneve_changelink() (bnc#1012628). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (bnc#1012628). - scripts/decode_stacktrace: strip basepath from all paths (bnc#1012628). - scripts/gdb: fix lx-symbols 'gdb.error' while loading modules (bnc#1012628). - RISC-V: Do not rely on initrd_start/end computed during early dt parsing (bnc#1012628). - kbuild: fix single target builds for external modules (bnc#1012628). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (bnc#1012628). - HID: alps: support devices with report id 2 (bnc#1012628). - dmaengine: ti: k3-udma: Fix cleanup code for alloc_chan_resources (bnc#1012628). - dmaengine: ti: k3-udma: Fix the running channel handling in alloc_chan_resources (bnc#1012628). - HID: steam: fixes race in handling device list (bnc#1012628). - dmaengine: ti: k3-udma: add missing put_device() call in of_xudma_dev_get() (bnc#1012628). - dmaengine: idxd: fix hw descriptor fields for delta record (bnc#1012628). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (bnc#1012628). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (bnc#1012628). - soc: amlogic: meson-gx-socinfo: Fix S905X3 and S905D3 ID's (bnc#1012628). - Input: add `SW_MACHINE_COVER` (bnc#1012628). - ARM: dts: n900: remove mmc1 card detect gpio (bnc#1012628). - spi: mediatek: use correct SPI_CFG2_REG MACRO (bnc#1012628). - regmap: dev_get_regmap_match(): fix string comparison (bnc#1012628). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (bnc#1012628). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (bnc#1012628). - dmaengine: ioat setting ioat timeout as module parameter (bnc#1012628). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (bnc#1012628). - Input: elan_i2c - only increment wakeup count on touch (bnc#1012628). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (bnc#1012628). - usb: dwc3: pci: add support for the Intel Jasper Lake (bnc#1012628). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (bnc#1012628). - usb: cdns3: ep0: fix some endian issues (bnc#1012628). - usb: cdns3: trace: fix some endian issues (bnc#1012628). - hwmon: (adm1275) Make sure we are reading enough data for different chips (bnc#1012628). - drm/amdgpu/gfx10: fix race condition for kiq (bnc#1012628). - drm/amdgpu: fix preemption unit test (bnc#1012628). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (bnc#1012628). - platform/x86: ISST: Add new PCI device ids (bnc#1012628). - platform/x86: asus-wmi: allow BAT1 battery name (bnc#1012628). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (bnc#1012628). - ALSA: hda/realtek - fixup for yet another Intel reference board (bnc#1012628). - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bnc#1012628). - arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (bnc#1012628). - x86: math-emu: Fix up 'cmp' insn for clang ias (bnc#1012628). - asm-generic/mmiowb: Allow mmiowb_set_pending() when preemptible() (bnc#1012628). - drivers/perf: Prevent forced unbinding of PMU drivers (bnc#1012628). - RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw (bnc#1012628). - x86/boot: Don't add the EFI stub to targets (bnc#1012628). - binder: Don't use mmput() from shrinker function (bnc#1012628). - usb: xhci-mtk: fix the failure of bandwidth allocation (bnc#1012628). - usb: tegra: Fix allocation for the FPCI context (bnc#1012628). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (bnc#1012628). - Revert "cifs: Fix the target file was deleted when rename failed." (bnc#1012628). - iwlwifi: mvm: don't call iwl_mvm_free_inactive_queue() under RCU (bnc#1012628). - tty: xilinx_uartps: Really fix id assignment (bnc#1012628). - staging: wlan-ng: properly check endpoint types (bnc#1012628). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (bnc#1012628). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (bnc#1012628). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (bnc#1012628). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (bnc#1012628). - serial: tegra: fix CREAD handling for PIO (bnc#1012628). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (bnc#1012628). - serial: 8250_mtk: Fix high-speed baud rates clamping (bnc#1012628). - interconnect: msm8916: Fix buswidth of pcnoc_s nodes (bnc#1012628). - /dev/mem: Add missing memory barriers for devmem_inode (bnc#1012628). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins (bnc#1012628). - vt: Reject zero-sized screen buffer size (bnc#1012628). - Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation (bnc#1012628). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bnc#1012628). - vfs/xattr: mm/shmem: kernfs: release simple xattr entry in a right way (bnc#1012628). - mm/memcg: fix refcount error while moving and swapping (bnc#1012628). - mm: memcg/slab: fix memory leak at non-root kmem_cache destroy (bnc#1012628). - mm/hugetlb: avoid hardcoding while checking if cma is enabled (bnc#1012628). - khugepaged: fix null-pointer dereference due to race (bnc#1012628). - io-mapping: indicate mapping failure (bnc#1012628). - mmc: sdhci-of-aspeed: Fix clock divider calculation (bnc#1012628). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bnc#1012628). - drm/amd/powerplay: fix a crash when overclocking Vega M (bnc#1012628). - arm64: vdso32: Fix '--prefix=' value for newer versions of clang (bnc#1012628). - parisc: Add atomic64_set_release() define to avoid CPU soft lockups (bnc#1012628). - x86, vmlinux.lds: Page-align end of ..page_aligned sections (bnc#1012628). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (bnc#1012628). - ASoC: qcom: Drop HAS_DMA dependency to fix link failure (bnc#1012628). - ASoC: topology: fix kernel oops on route addition error (bnc#1012628). - ASoC: topology: fix tlvs in error handling for widget_dmixer (bnc#1012628). - ASoC: Intel: bdw-rt5677: fix non BE conversion (bnc#1012628). - dm integrity: fix integrity recalculation that is improperly skipped (bnc#1012628). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bnc#1012628). - ath9k: Fix regression with Atheros 9271 (bnc#1012628). - Refresh patches.suse/btrfs-btrfs-use-the-new-VFS-super_block_dev.patch. - commit 6157a8d - Bluetooth: Disconnect if E0 is used for Level 4 (bsc#1171988 CVE-2020-10135). - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm (bsc#1171988 CVE-2020-10135). - commit d1148b9 - vgacon: fix out of bounds write to the scrollback buffer (bsc#1174205 CVE-2020-14331). - commit 62bfb93 - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - commit 6a1b5cf - Linux 5.7.10 (bnc#1012628). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (bnc#1012628). - genetlink: remove genl_bind (bnc#1012628). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (bnc#1012628). - ipv6: fib6_select_path can not use out path for nexthop objects (bnc#1012628). - ipv6: Fix use of anycast address with loopback (bnc#1012628). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (bnc#1012628). - llc: make sure applications use ARPHRD_ETHER (bnc#1012628). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (bnc#1012628). - net: dsa: microchip: set the correct number of ports (bnc#1012628). - net: qrtr: free flow in __qrtr_node_release (bnc#1012628). - net_sched: fix a memory leak in atm_tc_init() (bnc#1012628). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (bnc#1012628). - sched: consistently handle layer3 header accesses in the presence of VLANs (bnc#1012628). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (bnc#1012628). - tcp: make sure listeners don't initialize congestion-control state (bnc#1012628). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (bnc#1012628). - tcp: md5: do not send silly options in SYNCOOKIES (bnc#1012628). - vlan: consolidate VLAN parsing code and limit max parsing depth (bnc#1012628). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (bnc#1012628). - tcp: md5: allow changing MD5 keys in all socket states (bnc#1012628). - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (bnc#1012628). - cgroup: Fix sock_cgroup_data on big-endian (bnc#1012628). - net: ipa: always check for stopped channel (bnc#1012628). - net: ipa: introduce ipa_cmd_tag_process() (bnc#1012628). - ip: Fix SO_MARK in RST, ACK and ICMP packets (bnc#1012628). - genetlink: get rid of family->attrbuf (bnc#1012628). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bnc#1012628). - ethtool: fix genlmsg_put() failure handling in ethnl_default_dumpit() (bnc#1012628). - mptcp: fix DSS map generation on fin retransmission (bnc#1012628). - net: rmnet: do not allow to add multiple bridge interfaces (bnc#1012628). - hsr: fix interface leak in error path of hsr_dev_finalize() (bnc#1012628). - drm/msm: fix potential memleak in error branch (bnc#1012628). - drm/msm/dpu: allow initialization of encoder locks during encoder init (bnc#1012628). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (bnc#1012628). - drm/exynos: fix ref count leak in mic_pre_enable (bnc#1012628). - x86/fpu: Reset MXCSR to default in kernel_fpu_begin() (bnc#1012628). - thermal/drivers: imx: Fix missing of_node_put() at probe time (bnc#1012628). - ACPI: DPTF: Add battery participant for TigerLake (bnc#1012628). - blk-mq-debugfs: update blk_queue_flag_name[] accordingly for new flags (bnc#1012628). - m68k: nommu: register start of the memory with memblock (bnc#1012628). - m68k: mm: fix node memblock init (bnc#1012628). - dt-bindings: bus: uniphier-system-bus: fix warning in example (bnc#1012628). - dt-bindings: mailbox: zynqmp_ipi: fix unit address (bnc#1012628). - dt-bindings: fix error in 'make clean' after 'make dt_binding_check' (bnc#1012628). - cifs: prevent truncation from long to int in wait_for_free_credits (bnc#1012628). - arm64/alternatives: use subsections for replacement sequences (bnc#1012628). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bnc#1012628). - xen/xenbus: avoid large structs and arrays on the stack (bnc#1012628). - xen/xenbus: let xenbus_map_ring_valloc() return errno values only (bnc#1012628). - gfs2: eliminate GIF_ORDERED in favor of list_empty (bnc#1012628). - gfs2: freeze should work on read-only mounts (bnc#1012628). - gfs2: read-only mounts should grab the sd_freeze_gl glock (bnc#1012628). - gfs2: When freezing gfs2, use GL_EXACT and not GL_NOCACHE (bnc#1012628). - gfs2: The freeze glock should never be frozen (bnc#1012628). - arm64: Add MIDR value for KRYO4XX gold CPU cores (bnc#1012628). - arm64: Add KRYO4XX gold CPU cores to erratum list 1463225 and 1418040 (bnc#1012628). - arm64: Add KRYO4XX silver CPU cores to erratum list 1530923 and 1024718 (bnc#1012628). - i2c: eg20t: Load module automatically if ID matches (bnc#1012628). - arm64/alternatives: don't patch up internal branches (bnc#1012628). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bnc#1012628). - iio:humidity:hdc100x Fix alignment and data leak issues (bnc#1012628). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (bnc#1012628). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (bnc#1012628). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bnc#1012628). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bnc#1012628). - iio:humidity:hts221 Fix alignment and data leak issues (bnc#1012628). - iio:pressure:ms5611 Fix buffer element alignment (bnc#1012628). - iio:health:afe4403 Fix timestamp alignment and prevent data leak (bnc#1012628). - arm64: Add missing sentinel to erratum_1463225 (bnc#1012628). - xen/xenbus: Fix a double free in xenbus_map_ring_pv() (bnc#1012628). - io_uring: fix recvmsg memory leak with buffer selection (bnc#1012628). - Input: mms114 - add extra compatible for mms345l (bnc#1012628). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bnc#1012628). - counter: 104-quad-8: Add lock guards - differential encoder (bnc#1012628). - counter: 104-quad-8: Add lock guards - filter clock prescaler (bnc#1012628). - dmaengine: ti: k3-udma: Use correct node to read "ti,udma-atype" (bnc#1012628). - soundwire: intel: fix memory leak with devm_kasprintf (bnc#1012628). - dmaengine: idxd: fix cdev locking for open and release (bnc#1012628). - dmaengine: ti: k3-udma: Fix delayed_work usage for tx drain workaround (bnc#1012628). - dmaengine: sh: usb-dmac: set tx_result parameters (bnc#1012628). - phy: rockchip: Fix return value of inno_dsidphy_probe() (bnc#1012628). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (bnc#1012628). - arm64: dts: meson: add missing gxl rng clock (bnc#1012628). - arm64: dts: meson-gxl-s805x: reduce initial Mali450 core frequency (bnc#1012628). - dmaengine: idxd: cleanup workqueue config after disabling (bnc#1012628). - dmaengine: idxd: fix misc interrupt handler thread unmasking (bnc#1012628). - bus: ti-sysc: Fix wakeirq sleeping function called from invalid context (bnc#1012628). - bus: ti-sysc: Fix sleeping function called from invalid context for RTC quirk (bnc#1012628). - bus: ti-sysc: Do not disable on suspend for no-idle (bnc#1012628). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (bnc#1012628). - dmaengine: dw: Initialize channel before each transfer (bnc#1012628). - dmaengine: dmatest: stop completed threads when running without set channel (bnc#1012628). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bnc#1012628). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bnc#1012628). - staging: comedi: verify array index is correct before using it (bnc#1012628). - serial: core: Initialise spin lock before use in uart_configure_port() (bnc#1012628). - clk: mvebu: ARMADA_AP_CPU_CLK needs to select ARMADA_AP_CP_HELPER (bnc#1012628). - clk: AST2600: Add mux for EMMC clock (bnc#1012628). - xprtrdma: Fix double-free in rpcrdma_ep_create() (bnc#1012628). - xprtrdma: Fix recursion into rpcrdma_xprt_disconnect() (bnc#1012628). - xprtrdma: Fix return code from rpcrdma_xprt_connect() (bnc#1012628). - xprtrdma: Fix handling of connect errors (bnc#1012628). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bnc#1012628). - fuse: don't ignore errors from fuse_writepages_fill() (bnc#1012628). - ARM: dts: Fix dcan driver probe failed on am437x platform (bnc#1012628). - Revert "thermal: mediatek: fix register index error" (bnc#1012628). - xprtrdma: fix incorrect header size calculations (bnc#1012628). - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (bnc#1012628). - arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema (bnc#1012628). - keys: asymmetric: fix error return code in software_key_query() (bnc#1012628). - nvme: explicitly update mpath disk capacity on revalidation (bnc#1012628). - regmap: debugfs: Don't sleep while atomic for fast_io regmaps (bnc#1012628). - copy_xstate_to_kernel: Fix typo which caused GDB regression (bnc#1012628). - arm: dts: mt7623: add phy-mode property for gmac2 (bnc#1012628). - soc: qcom: socinfo: add missing soc_id sysfs entry (bnc#1012628). - dmaengine: ti: k3-udma: Disable memcopy via MCU NAVSS on am654 (bnc#1012628). - apparmor: ensure that dfa state tables have entries (bnc#1012628). - habanalabs: Align protection bits configuration of all TPCs (bnc#1012628). - RDMA/rxe: Set default vendor ID (bnc#1012628). - PCI/PM: Call .bridge_d3() hook only if non-NULL (bnc#1012628). - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode (bnc#1012628). - soc: qcom: rpmh: Update dirty flag only when data changes (bnc#1012628). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (bnc#1012628). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (bnc#1012628). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (bnc#1012628). - RDMA/mlx5: Verify that QP is created with RQ or SQ (bnc#1012628). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (bnc#1012628). - mtd: spi-nor: winbond: Fix 4-byte opcode support for w25q256 (bnc#1012628). - mtd: spi-nor: spansion: fix writes on S25FS512S (bnc#1012628). - mtd: rawnand: marvell: Fix the condition on a return code (bnc#1012628). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (bnc#1012628). - mtd: rawnand: marvell: Fix probe error path (bnc#1012628). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (bnc#1012628). - mtd: rawnand: brcmnand: correctly verify erased pages (bnc#1012628). - mtd: rawnand: brcmnand: fix CS0 layout (bnc#1012628). - mtd: rawnand: oxnas: Keep track of registered devices (bnc#1012628). - mtd: rawnand: oxnas: Unregister all devices on error (bnc#1012628). - mtd: rawnand: oxnas: Release all devices in the _remove() path (bnc#1012628). - clk: qcom: gcc: Add GPU and NPU clocks for SM8150 (bnc#1012628). - clk: qcom: gcc: Add missing UFS clocks for SM8150 (bnc#1012628). - clk: qcom: gcc: Add support for a new frequency for SC7180 (bnc#1012628). - slimbus: core: Fix mismatch in of_node_get/put (bnc#1012628). - HID: logitech-hidpp: avoid repeated "multiplier = " log messages (bnc#1012628). - HID: magicmouse: do not set up autorepeat (bnc#1012628). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (bnc#1012628). - HID: quirks: Ignore Simply Automated UPB PIM (bnc#1012628). - ALSA: line6: Perform sanity check for each URB creation (bnc#1012628). - ALSA: line6: Sync the pending work cancel at disconnection (bnc#1012628). - ALSA: usb-audio: Fix race against the error recovery URB submission (bnc#1012628). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bnc#1012628). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bnc#1012628). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bnc#1012628). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bnc#1012628). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bnc#1012628). - thunderbolt: Fix path indices used in USB3 tunnel discovery (bnc#1012628). - USB: c67x00: fix use after free in c67x00_giveback_urb (bnc#1012628). - usb: dwc2: Fix shutdown callback in platform (bnc#1012628). - usb: chipidea: core: add wakeup support for extcon (bnc#1012628). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (bnc#1012628). - USB: serial: iuu_phoenix: fix memory corruption (bnc#1012628). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bnc#1012628). - USB: serial: ch341: add new Product ID for CH340 (bnc#1012628). - USB: serial: option: add GosunCn GM500 series (bnc#1012628). - USB: serial: option: add Quectel EG95 LTE modem (bnc#1012628). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (bnc#1012628). - virt: vbox: Fix guest capabilities mask check (bnc#1012628). - Revert "tty: xilinx_uartps: Fix missing id assignment to the console" (bnc#1012628). - tty: serial: cpm_uart: Fix behaviour for non existing GPIOs (bnc#1012628). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (bnc#1012628). - serial: sh-sci: Initialize spinlock for uart console (bnc#1012628). - serial: mxs-auart: add missed iounmap() in probe failure and remove (bnc#1012628). - Revert "serial: core: Refactor uart_unlock_and_check_sysrq()" (bnc#1012628). - serial: core: fix sysrq overhead regression (bnc#1012628). - ovl: fix regression with re-formatted lower squashfs (bnc#1012628). - ovl: inode reference leak in ovl_is_inuse true case (bnc#1012628). - ovl: relax WARN_ON() when decoding lower directory file handle (bnc#1012628). - ovl: fix unneeded call to ovl_change_flags() (bnc#1012628). - fuse: ignore 'data' argument of mount(..., MS_REMOUNT) (bnc#1012628). - fuse: use ->reconfigure() instead of ->remount_fs() (bnc#1012628). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bnc#1012628). - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (bnc#1012628). - mei: bus: don't clean driver pointer (bnc#1012628). - Revert "Input: elants_i2c - report resolution information for touch major" (bnc#1012628). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bnc#1012628). - Input: elan_i2c - add more hardware ID for Lenovo laptops (bnc#1012628). - coresight: etmv4: Fix CPU power management setup in probe() function (bnc#1012628). - uio_pdrv_genirq: Remove warning when irq is not specified (bnc#1012628). - uio_pdrv_genirq: fix use without device tree and no interrupt (bnc#1012628). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bnc#1012628). - timer: Prevent base->clk from moving backward (bnc#1012628). - timer: Fix wheel index calculation on last level (bnc#1012628). - riscv: use 16KB kernel stack on 64-bit (bnc#1012628). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bnc#1012628). - hwmon: (drivetemp) Avoid SCT usage on Toshiba DT01ACA family drives (bnc#1012628). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bnc#1012628). - powerpc/pseries/svm: Fix incorrect check for shared_lppaca_size (bnc#1012628). - intel_th: pci: Add Jasper Lake CPU support (bnc#1012628). - intel_th: pci: Add Tiger Lake PCH-H support (bnc#1012628). - intel_th: pci: Add Emmitsburg PCH support (bnc#1012628). - intel_th: Fix a NULL dereference when hub driver is not loaded (bnc#1012628). - opp: Increase parsed_static_opps in _of_add_opp_table_v1() (bnc#1012628). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (bnc#1012628). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (bnc#1012628). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (bnc#1012628). - misc: atmel-ssc: lock with mutex instead of spinlock (bnc#1012628). - dmabuf: use spinlock to access dmabuf->name (bnc#1012628). - thermal: int3403_thermal: Downgrade error message (bnc#1012628). - ARM: dts: imx6qdl-gw551x: fix audio SSI (bnc#1012628). - arm64: dts: agilex: add status to qspi dts node (bnc#1012628). - arm64: dts: stratix10: add status to qspi dts node (bnc#1012628). - arm64: dts: stratix10: increase QSPI reg address in nand dts file (bnc#1012628). - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (bnc#1012628). - arm64: ptrace: Consistently use pseudo-singlestep exceptions (bnc#1012628). - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (bnc#1012628). - sched: Fix unreliable rseq cpu_id for new tasks (bnc#1012628). - sched/fair: handle case of task_h_load() returning 0 (bnc#1012628). - x86/ioperm: Fix io bitmap invalidation on Xen PV (bnc#1012628). - genirq/affinity: Handle affinity setting on inactive interrupts correctly (bnc#1012628). - drm/vmwgfx: fix update of display surface when resolution changes (bnc#1012628). - drm/amdgpu/powerplay: Modify SMC message name for setting power profile mode (bnc#1012628). - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (bnc#1012628). - drm/amd/display: handle failed allocation during stream construction (bnc#1012628). - drm/amd/display: OLED panel backlight adjust not work with external display connected (bnc#1012628). - drm/amdgpu/display: create fake mst encoders ahead of time (v4) (bnc#1012628). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2 (bnc#1012628). - drm/i915/gt: Ignore irq enabling on the virtual engines (bnc#1012628). - drm/i915/gt: Only swap to a random sibling once upon creation (bnc#1012628). - libceph: don't omit recovery_deletes in target_copy() (bnc#1012628). - rxrpc: Fix trace string (bnc#1012628). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (bnc#1012628). - ionic: no link check while resetting queues (bnc#1012628). - ionic: export features for vlans to use (bnc#1012628). - iommu/vt-d: Make Intel SVM code 64-bit only (bnc#1012628). - mm/memory.c: properly pte_offset_map_lock/unlock in vm_insert_pages() (bnc#1012628). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (bnc#1012628). - gpio: pca953x: disable regmap locking for automatic address incrementing (bnc#1012628). - bpf: sockmap: Check value of unused args to BPF_PROG_ATTACH (bnc#1012628). - bpf: sockmap: Require attach_bpf_fd when detaching a program (bnc#1012628). - drm/i915/perf: Use GTT when saving/restoring engine GPR (bnc#1012628). - commit dcedc15 ==== kube-prometheus ==== Version update (0.4.0+git20200520.28332b4 -> 0.5.0+git20200729.f0955e0) - Update to version 0.5.0+git20200729.f0955e0: * Add scraping of endpoint for kubelet probe metrics * prometheus-adapter: Collect metrics from Prometheus Adapter * manifests: regenerate * jsonnet: update kube-rbac-proxy ciphers * make generate * port https-metrics * update secure ports for other cluster * secure scheduler/controller metrics ports, kubeadm discovery services * Regenerate dashboards and alerts * manifests: regenerate * jsonnet: update component versions * manifests: regenerate * jsonnet: remove incorrect instance:node_filesystem_usage:sum rule * manifests/prometheus-rules.yaml: Regenerate * prometheus-operator.libsonnet: Add List error alert and fix threshold to * manifests/prometheus-rules.yaml: Regenerate * prometheus-operator.libsonnet: Add PrometheusOperatorWatchErrors alert * chore(jsonnet): ?? update jsonnet to master * manifests: Regenerate files * jsonnet/kube-prometheus: Bump default versions of prometheus and alertmanager * enable etcd latency metrics in kube-apiserver * Update the Issue templates to redirect to GitHub Discussions. * Update kubernetes-mixin to remove KubeAPILatencyHigh & KubeAPIErrorsHigh * Fix typo * manifests: regenerate * Bump Grafana version to v6.7.4 * Updated prometheus adapter deployment to use a multi arch image repo * Allow nodeExporter address to be configured * Allow nodeExporter address to be configured * manifests: regenerate * Fix AlertmanagerConfigInconsistent alert * Update prometheus-adapter endpoint * docs, manifests: Regenerate files * jsonnetfile.lock.json: jb update * jsonnet/kube-prometheus/jsonnetfile.json: Bump prometheus-operator to * [docs/update-grafana-dashboard-docs] Update Grafana dashboard instructions * doc: update release-0.5 compatibility * Update kubelet config section and compatibility ==== libcontainers-common ==== - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ==== libeconf ==== Version update (0.3.7+git20200605.c67ef9a -> 0.3.8+git20200710.5126fff) - Update to version 0.3.8+git20200710.5126fff: * Add CMake build scripts, remove autotools support * Move C++ ABI compatibility section ==== microos-tools ==== Version update (2.1 -> 2.2) - Update to version 2.2 - tmpfs support got moved to systemd ==== ncurses ==== Version update (6.2.20200613 -> 6.2.20200711) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20200711 + fix pound-sign mapping in acsc of linux2.6 entry (report by Ingo Bruckl). + additional changes for building with Visual Studio C++ and msys2 (reports/patches by "Maarten Anonymous") + build-improvements for Windows 10 and MinGW (patch by Juergen Pfeifer). + fix a typo in curs_printw.3x (patch by William Pursell). + fix two errors in infotocap which allowed indexing outside the buffer (report/testcases by Zhang Gan). + update length of strings in infocmp's usage function to restore a trailing null on the longest string (report/testcase by Zhang Gen). - Add ncurses patch 20200704 + modify version-check with Ada generics to use the same pattern as in the check for supported gnat versions (report by Pascal Pignard). > additional changes for building with Visual Studio C++ and msys2 (patches by "Maarten Anonymous"): + adjust headers/declarations to provide for "dllimport" vs "dllexport" declarations when constructing DLLs, to worko with Visual Studio C++. - Add ncurses patch 20200627 + build-fixes for gnat 10.1.1, whose gnatmake drops integration with gprbuild. + correct buffer-length in test/color_name.h ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Upgrade to upstream vresion 2.1.2 as 2.1.2-suse (for jre#SES-1081), including: * use openssl for random data generation * Misspelled socket name might cause confusion to inexperienced user. * iscsi/libopeniscsiusr:add libopeniscsiuser_node.h to HEADERS * Let initiator name be created by iscsi-init.service. * iscsi: fix fd leak * iscsi: Add break to while loop * Fix compiler complaint about string copy in iscsiuio * Fix a compiler complaint about writing one byte * Fix issue with zero-length arrays at end of struct * Add iscsi-init.service * Proper disconnect of TCP connection * Fix dependency on new systemd RPM macro * Fix SIGPIPE loop in signal handler * Update iscsi-iname.c * log:modify iSCSI shared memory permissions for logs * Sequence systemd services correctly when upgrading * Ignore iface.example in iface match checks * More changes for musl. * Fix type mismatch under musl. * Change include of to * Add Wants=remote-fs-pre.target for sequencing. * Add workaround in SPEC file for installcheck. * Fix issue where "iscsi-iname -p" core dumps. * iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix * Fix iscsi.service so it handles restarts better Replacing open-iscsi-2.1.1-suse.tar.bz2 with open-iscsi-2.1.2-suse.tar.bz2, and updating open-iscsi-SUSE-latest.diff.bz2 to empty, since initially there are no differences. ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-bootloader patterns-base-minimal_base - Don't recommend lightdm directly, also allow other DMs ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - GNOME desktop pattern: * useful tool, not available as flatpak (gnome-usage) * packages necessary for using, e.g., a bluetooth headset * packages necessary if one wants thumbnails in nautilus * make GNOME keyring fully work (gcr-ssh-askpass) - Add xfsprogs to the media else YaST2 can become very unhappy. - Remove explicit cracklib dictionary, instead add pam_pwquality to the media. ==== podman ==== Version update (1.9.3 -> 2.0.4) Subpackages: podman-cni-config - Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats - -format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented). - Remove obsolete libpod.conf from Package sources - libpod got renamed to podman on GitHub. Point _service file to the new name. - Remove obsolete old Requires on libcontainers-image and -storage all of that is inside libcontainers-common - Require a new enough libcontainers-common version to have the default containers.conf installed. - Remove deprecated libpod.conf and create an update notice pointing to containers.conf for user that made changes to libpod.conf - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat - Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return "err" from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for "IfNotPresent" pull type * docs: user namespace can't be shared in pods * Fix "Error: unrecognized protocol \"TCP\" in port mapping" * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text@v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename - The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. - Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common@v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * "pod" was being truncated to "po" in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 - Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. - Requires go 1.13 now ==== python-cryptography ==== Version update (2.9.2 -> 3.0) - update to 3.0 - refreshed disable-uneven-sizes-tests.patch and skip_openssl_memleak_test.patch * Removed support for passing an Extension instance to from_issuer_subject_key_identifier(), as per our deprecation policy. * Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed * Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer. * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL?s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). ==== python-jsonpatch ==== Version update (1.25 -> 1.26) - update to 1.26: * bugfixes (reject invalid json patches) ==== python-pyzmq ==== Version update (19.0.1 -> 19.0.2) - update to version 19.0.2: - Regenerate Cython sources with 0.29.21 in sdists for compatibility with Python 3.9 - Handle underlying socket being closed in ZMQStream with warning instead of error - Improvements to socket cleanup during process teardown - Fix debug-builds on Windows - Avoid importing ctypes during startup on Windows - Documentation improvements - Raise ``AttributeError`` instead of ``ZMQError(EINVAL)`` on attempts to read write-only attributes, for compatibility with mocking ==== python-requests ==== Version update (2.23.0 -> 2.24.0) - remove patch pr_5251-pytest5.patch, not needed anymore. - update to version 2.24.0: - pyOpenSSL TLS implementation is now only used if Python either doesn't have an `ssl` module or doesn't support SNI. Previously pyOpenSSL was unconditionally used if available. This applies even if pyOpenSSL is installed via the `requests[security]` extra (#5443) - Redirect resolution should now only occur when `allow_redirects` is True. (#5492) - No longer perform unnecessary Content-Length calculation for requests that won't use it. (#5496) ==== python-urllib3 ==== Version update (1.25.9 -> 1.25.10) - update to 1.25.10: * Added support for ``SSLKEYLOGFILE`` environment variable for logging TLS session keys with use with programs like Wireshark for decrypting captured web traffic (Pull #1867) * Fixed loading of SecureTransport libraries on macOS Big Sur due to the new dynamic linker cache (Pull #1905) * Collapse chunked request bodies data and framing into one call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) * Don't insert ``None`` into ``ConnectionPool`` if the pool was empty when requesting a connection (Pull #1866) * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) ==== read-only-root-fs ==== Version update (1.0+git20200121.5ed8d15 -> 1.0+git20200730.1243fd0) - Update to version 1.0+git20200730.1243fd0: * Add comment about the mounting of /root in the initrd * Better check for already existing /etc overlay [boo#1174733] ==== readline ==== - add upstream keyring and verify source signature - change custom handling of official upstream patches to standard, and verify signatures on official patches ==== setools ==== - python3-setools needs python3-networkx ==== sssd ==== Version update (2.3.0 -> 2.3.1) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.3.1 * Domains can be now explicitly enabled or disabled using enable option in domain section. This can be especially used in configuration snippets. * New configuration options memcache_size_passwd, memcache_size_group, memcache_size_initgroups that can be used to control memory cache size. * Fixed several regressions in GPO processing introduced in sssd-2.3.0 * Fixed regression in PAM responder: failures in cache only lookups are no longer considered fatal. * Fixed regression in proxy provider: pwfield=x is now default value only for sssd-shadowutils target. - sssd-wbclient is obsolete and no longer shipped ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Restore default upstream tmp.mount (/tmp as tmpfs) behaviour (boo#1173461) ==== toolbox ==== Version update (1.0+git20200324.dd047bc -> 1.0+git20200803.7ff20b6) - Update to version 1.0+git20200803.7ff20b6: * Connect to the host's SSH agent in user toolboxes. * Stay in current directory, even when entering a toolbox * Use the toolbox name as the actual toolbox's hostname ==== transactional-update ==== Version update (2.22 -> 2.23) Subpackages: transactional-update-zypp-config - Version 2.23 - Add "run" command to be able to execute a single command in a new snapshot - Add "--drop-if-no-change" option to discard snapshots if no changes were perfomed (BETA, required for Salt integration) - Removed previous CaaSP Salt support (gh#openSUSE/transactional-update#33) - Avoid "file not found" message on systems without /var subvol ==== xxhash ==== Version update (0.7.2 -> 0.8.0) - Update to version 0.8.0 * api : stabilize XXH3 * cli : xxhsum can produce BSD-style lines, with command --tag * cli : xxhsum can parse and check BSD-style lines, using command --check * cli : xxhsum - accepts console input * cli : xxhsum accepts -- separator * cli : fix : print correct default algo for symlinked helpers - Add BR on c++_compiler, needed for test programs